diff --git a/go.mod b/go.mod index 408bb07a4..c64ebd9dc 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( cloud.google.com/go/pubsub v1.33.0 github.com/AlecAivazis/survey/v2 v2.2.1 github.com/StackExchange/wmi v0.0.0-20150520194626-f3e2bae1e0cb // indirect - github.com/aws/aws-sdk-go v1.36.10 + github.com/aws/aws-sdk-go v1.55.3 github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d // indirect github.com/fsnotify/fsnotify v1.4.9 github.com/getsentry/raven-go v0.0.0-20161115135411-3f7439d3e74d diff --git a/go.sum b/go.sum index 86bec2ab0..15bad011a 100644 --- a/go.sum +++ b/go.sum @@ -31,8 +31,8 @@ github.com/Netflix/go-expect v0.0.0-20180615182759-c93bf25de8e8 h1:xzYJEypr/85nB github.com/Netflix/go-expect v0.0.0-20180615182759-c93bf25de8e8/go.mod h1:oX5x61PbNXchhh0oikYAH+4Pcfw5LKv21+Jnpr6r6Pc= github.com/StackExchange/wmi v0.0.0-20150520194626-f3e2bae1e0cb h1:DkaUUcxmj7OTQhJdv5RvFkzI8jiaQT6LMSDLwAYp96E= github.com/StackExchange/wmi v0.0.0-20150520194626-f3e2bae1e0cb/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= -github.com/aws/aws-sdk-go v1.36.10 h1:JCBOoVIEJkNcio01MNbmelgOc6+uxANTC3TYYPlcsEE= -github.com/aws/aws-sdk-go v1.36.10/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.55.3 h1:0B5hOX+mIx7I5XPOrjrHlKSDQV/+ypFZpIHOx5LOk3E= +github.com/aws/aws-sdk-go v1.55.3/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/auth/bearer/token.go b/vendor/github.com/aws/aws-sdk-go/aws/auth/bearer/token.go new file mode 100644 index 000000000..dd950a286 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/auth/bearer/token.go @@ -0,0 +1,50 @@ +package bearer + +import ( + "github.com/aws/aws-sdk-go/aws" + "time" +) + +// Token provides a type wrapping a bearer token and expiration metadata. +type Token struct { + Value string + + CanExpire bool + Expires time.Time +} + +// Expired returns if the token's Expires time is before or equal to the time +// provided. If CanExpire is false, Expired will always return false. +func (t Token) Expired(now time.Time) bool { + if !t.CanExpire { + return false + } + now = now.Round(0) + return now.Equal(t.Expires) || now.After(t.Expires) +} + +// TokenProvider provides interface for retrieving bearer tokens. +type TokenProvider interface { + RetrieveBearerToken(aws.Context) (Token, error) +} + +// TokenProviderFunc provides a helper utility to wrap a function as a type +// that implements the TokenProvider interface. +type TokenProviderFunc func(aws.Context) (Token, error) + +// RetrieveBearerToken calls the wrapped function, returning the Token or +// error. +func (fn TokenProviderFunc) RetrieveBearerToken(ctx aws.Context) (Token, error) { + return fn(ctx) +} + +// StaticTokenProvider provides a utility for wrapping a static bearer token +// value within an implementation of a token provider. +type StaticTokenProvider struct { + Token Token +} + +// RetrieveBearerToken returns the static token specified. +func (s StaticTokenProvider) RetrieveBearerToken(aws.Context) (Token, error) { + return s.Token, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go index 710eb432f..11d4240d6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go @@ -50,9 +50,19 @@ func prettify(v reflect.Value, indent int, buf *bytes.Buffer) { for i, n := range names { val := v.FieldByName(n) + ft, ok := v.Type().FieldByName(n) + if !ok { + panic(fmt.Sprintf("expected to find field %v on type %v, but was not found", n, v.Type())) + } + buf.WriteString(strings.Repeat(" ", indent+2)) buf.WriteString(n + ": ") - prettify(val, indent+2, buf) + + if tag := ft.Tag.Get("sensitive"); tag == "true" { + buf.WriteString("") + } else { + prettify(val, indent+2, buf) + } if i < len(names)-1 { buf.WriteString(",\n") diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go index 645df2450..3f7cffd95 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go @@ -8,6 +8,8 @@ import ( ) // StringValue returns the string representation of a value. +// +// Deprecated: Use Prettify instead. func StringValue(i interface{}) string { var buf bytes.Buffer stringValue(reflect.ValueOf(i), 0, &buf) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go index 03334d692..b147f103c 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/client/client.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/client/client.go @@ -10,12 +10,13 @@ import ( // A Config provides configuration to a service client instance. type Config struct { - Config *aws.Config - Handlers request.Handlers - PartitionID string - Endpoint string - SigningRegion string - SigningName string + Config *aws.Config + Handlers request.Handlers + PartitionID string + Endpoint string + SigningRegion string + SigningName string + ResolvedRegion string // States that the signing name did not come from a modeled source but // was derived based on other data. Used by service client constructors @@ -88,10 +89,6 @@ func (c *Client) NewRequest(operation *request.Operation, params interface{}, da // AddDebugHandlers injects debug logging handlers into the service to log request // debug information. func (c *Client) AddDebugHandlers() { - if !c.Config.LogLevel.AtLeast(aws.LogDebug) { - return - } - c.Handlers.Send.PushFrontNamed(LogHTTPRequestHandler) c.Handlers.Send.PushBackNamed(LogHTTPResponseHandler) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go index 8958c32d4..5ac5c24a1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go @@ -53,6 +53,10 @@ var LogHTTPRequestHandler = request.NamedHandler{ } func logRequest(r *request.Request) { + if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil { + return + } + logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody) bodySeekable := aws.IsReaderSeekable(r.Body) @@ -90,6 +94,10 @@ var LogHTTPRequestHeaderHandler = request.NamedHandler{ } func logRequestHeader(r *request.Request) { + if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil { + return + } + b, err := httputil.DumpRequestOut(r.HTTPRequest, false) if err != nil { r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg, @@ -120,6 +128,10 @@ var LogHTTPResponseHandler = request.NamedHandler{ } func logResponse(r *request.Request) { + if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil { + return + } + lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)} if r.HTTPResponse == nil { @@ -178,7 +190,7 @@ var LogHTTPResponseHeaderHandler = request.NamedHandler{ } func logResponseHeader(r *request.Request) { - if r.Config.Logger == nil { + if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil { return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go index 0c48f72e0..a7530ebb3 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go @@ -2,13 +2,14 @@ package metadata // ClientInfo wraps immutable data from the client.Client structure. type ClientInfo struct { - ServiceName string - ServiceID string - APIVersion string - PartitionID string - Endpoint string - SigningName string - SigningRegion string - JSONVersion string - TargetPrefix string + ServiceName string + ServiceID string + APIVersion string + PartitionID string + Endpoint string + SigningName string + SigningRegion string + JSONVersion string + TargetPrefix string + ResolvedRegion string } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go index 3b809e847..c483e0cb8 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go @@ -20,16 +20,16 @@ type RequestRetryer interface{} // A Config provides service configuration for service clients. By default, // all clients will use the defaults.DefaultConfig structure. // -// // Create Session with MaxRetries configuration to be shared by multiple -// // service clients. -// sess := session.Must(session.NewSession(&aws.Config{ -// MaxRetries: aws.Int(3), -// })) +// // Create Session with MaxRetries configuration to be shared by multiple +// // service clients. +// sess := session.Must(session.NewSession(&aws.Config{ +// MaxRetries: aws.Int(3), +// })) // -// // Create S3 service client with a specific Region. -// svc := s3.New(sess, &aws.Config{ -// Region: aws.String("us-west-2"), -// }) +// // Create S3 service client with a specific Region. +// svc := s3.New(sess, &aws.Config{ +// Region: aws.String("us-west-2"), +// }) type Config struct { // Enables verbose error printing of all credential chain errors. // Should be used when wanting to see all errors while attempting to @@ -170,6 +170,9 @@ type Config struct { // // For example S3's X-Amz-Meta prefixed header will be unmarshaled to lower case // Metadata member's map keys. The value of the header in the map is unaffected. + // + // The AWS SDK for Go v2, uses lower case header maps by default. The v1 + // SDK provides this opt-in for this option, for backwards compatibility. LowerCaseHeaderMaps *bool // Set this to `true` to disable the EC2Metadata client from overriding the @@ -189,6 +192,23 @@ type Config struct { // EC2MetadataDisableTimeoutOverride *bool + // Set this to `false` to disable EC2Metadata client from falling back to IMDSv1. + // By default, EC2 role credentials will fall back to IMDSv1 as needed for backwards compatibility. + // You can disable this behavior by explicitly setting this flag to `false`. When false, the EC2Metadata + // client will return any errors encountered from attempting to fetch a token instead of silently + // using the insecure data flow of IMDSv1. + // + // Example: + // sess := session.Must(session.NewSession(aws.NewConfig() + // .WithEC2MetadataEnableFallback(false))) + // + // svc := s3.New(sess) + // + // See [configuring IMDS] for more information. + // + // [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html + EC2MetadataEnableFallback *bool + // Instructs the endpoint to be generated for a service client to // be the dual stack endpoint. The dual stack endpoint will support // both IPv4 and IPv6 addressing. @@ -208,8 +228,19 @@ type Config struct { // svc := s3.New(sess, &aws.Config{ // UseDualStack: aws.Bool(true), // }) + // + // Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility. + // UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients + // moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher + // precedence then this option. UseDualStack *bool + // Sets the resolver to resolve a dual-stack endpoint for the service. + UseDualStackEndpoint endpoints.DualStackEndpointState + + // UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint. + UseFIPSEndpoint endpoints.FIPSEndpointState + // SleepDelay is an override for the func the SDK will call when sleeping // during the lifecycle of a request. Specifically this will be used for // request delays. This value should only be used for testing. To adjust @@ -269,16 +300,16 @@ type Config struct { // NewConfig returns a new Config pointer that can be chained with builder // methods to set multiple configuration values inline without using pointers. // -// // Create Session with MaxRetries configuration to be shared by multiple -// // service clients. -// sess := session.Must(session.NewSession(aws.NewConfig(). -// WithMaxRetries(3), -// )) +// // Create Session with MaxRetries configuration to be shared by multiple +// // service clients. +// sess := session.Must(session.NewSession(aws.NewConfig(). +// WithMaxRetries(3), +// )) // -// // Create S3 service client with a specific Region. -// svc := s3.New(sess, aws.NewConfig(). -// WithRegion("us-west-2"), -// ) +// // Create S3 service client with a specific Region. +// svc := s3.New(sess, aws.NewConfig(). +// WithRegion("us-west-2"), +// ) func NewConfig() *Config { return &Config{} } @@ -411,6 +442,17 @@ func (c *Config) WithUseDualStack(enable bool) *Config { return c } +// WithUseFIPSEndpoint sets a config UseFIPSEndpoint value returning a Config +// pointer for chaining. +func (c *Config) WithUseFIPSEndpoint(enable bool) *Config { + if enable { + c.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled + } else { + c.UseFIPSEndpoint = endpoints.FIPSEndpointStateDisabled + } + return c +} + // WithEC2MetadataDisableTimeoutOverride sets a config EC2MetadataDisableTimeoutOverride value // returning a Config pointer for chaining. func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config { @@ -418,6 +460,13 @@ func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config { return c } +// WithEC2MetadataEnableFallback sets a config EC2MetadataEnableFallback value +// returning a Config pointer for chaining. +func (c *Config) WithEC2MetadataEnableFallback(v bool) *Config { + c.EC2MetadataEnableFallback = &v + return c +} + // WithSleepDelay overrides the function used to sleep while waiting for the // next retry. Defaults to time.Sleep. func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config { @@ -438,13 +487,6 @@ func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config { return c } -// MergeIn merges the passed in configs into the existing config object. -func (c *Config) MergeIn(cfgs ...*Config) { - for _, other := range cfgs { - mergeInConfig(c, other) - } -} - // WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag // when resolving the endpoint for a service func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config { @@ -459,6 +501,27 @@ func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEn return c } +// WithLowerCaseHeaderMaps sets a config LowerCaseHeaderMaps value +// returning a Config pointer for chaining. +func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config { + c.LowerCaseHeaderMaps = &t + return c +} + +// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value +// returning a Config pointer for chaining. +func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config { + c.DisableRestProtocolURICleaning = &t + return c +} + +// MergeIn merges the passed in configs into the existing config object. +func (c *Config) MergeIn(cfgs ...*Config) { + for _, other := range cfgs { + mergeInConfig(c, other) + } +} + func mergeInConfig(dst *Config, other *Config) { if other == nil { return @@ -540,10 +603,18 @@ func mergeInConfig(dst *Config, other *Config) { dst.UseDualStack = other.UseDualStack } + if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset { + dst.UseDualStackEndpoint = other.UseDualStackEndpoint + } + if other.EC2MetadataDisableTimeoutOverride != nil { dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride } + if other.EC2MetadataEnableFallback != nil { + dst.EC2MetadataEnableFallback = other.EC2MetadataEnableFallback + } + if other.SleepDelay != nil { dst.SleepDelay = other.SleepDelay } @@ -571,6 +642,18 @@ func mergeInConfig(dst *Config, other *Config) { if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint { dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint } + + if other.LowerCaseHeaderMaps != nil { + dst.LowerCaseHeaderMaps = other.LowerCaseHeaderMaps + } + + if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset { + dst.UseDualStackEndpoint = other.UseDualStackEndpoint + } + + if other.UseFIPSEndpoint != endpoints.FIPSEndpointStateUnset { + dst.UseFIPSEndpoint = other.UseFIPSEndpoint + } } // Copy will return a shallow copy of the Config object. If any additional diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go index 2866f9a7f..89aad2c67 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go @@ -1,3 +1,4 @@ +//go:build !go1.9 // +build !go1.9 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go index 3718b26e1..6ee9ddd18 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go @@ -1,3 +1,4 @@ +//go:build go1.9 // +build go1.9 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go index 2f9446333..313218190 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go index 9c29f29af..9975d561b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go new file mode 100644 index 000000000..140242dd1 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go @@ -0,0 +1,4 @@ +// DO NOT EDIT +package corehandlers + +const isAwsInternal = "" \ No newline at end of file diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go index d95a5eb54..36a915efe 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go @@ -178,7 +178,7 @@ func handleSendError(r *request.Request, err error) { var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseHandler", Fn: func(r *request.Request) { if r.HTTPResponse.StatusCode == 0 || r.HTTPResponse.StatusCode >= 300 { // this may be replaced by an UnmarshalError handler - r.Error = awserr.New("UnknownError", "unknown error", nil) + r.Error = awserr.New("UnknownError", "unknown error", r.Error) } }} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go index ab69c7a6f..ac842c55d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go @@ -35,3 +35,13 @@ var AddHostExecEnvUserAgentHander = request.NamedHandler{ request.AddToUserAgent(r, execEnvUAKey+"/"+v) }, } + +var AddAwsInternal = request.NamedHandler{ + Name: "core.AddAwsInternal", + Fn: func(r *request.Request) { + if len(isAwsInternal) == 0 { + return + } + request.AddToUserAgent(r, isAwsInternal) + }, +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go index 5852b2648..6e3406b1f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go index 388b21541..a68df0ee7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go index 8152a864a..0345fab2d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.9 // +build !go1.9 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go index 4356edb3d..79018aba7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go @@ -1,3 +1,4 @@ +//go:build go1.9 // +build go1.9 package credentials diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index 785f30d8e..329f788a3 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go @@ -31,6 +31,8 @@ package endpointcreds import ( "encoding/json" + "fmt" + "strings" "time" "github.com/aws/aws-sdk-go/aws" @@ -69,7 +71,37 @@ type Provider struct { // Optional authorization token value if set will be used as the value of // the Authorization header of the endpoint credential request. + // + // When constructed from environment, the provider will use the value of + // AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token + // + // Will be overridden if AuthorizationTokenProvider is configured AuthorizationToken string + + // Optional auth provider func to dynamically load the auth token from a file + // everytime a credential is retrieved + // + // When constructed from environment, the provider will read and use the content + // of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable + // as the auth token everytime credentials are retrieved + // + // Will override AuthorizationToken if configured + AuthorizationTokenProvider AuthTokenProvider +} + +// AuthTokenProvider defines an interface to dynamically load a value to be passed +// for the Authorization header of a credentials request. +type AuthTokenProvider interface { + GetToken() (string, error) +} + +// TokenProviderFunc is a func type implementing AuthTokenProvider interface +// and enables customizing token provider behavior +type TokenProviderFunc func() (string, error) + +// GetToken func retrieves auth token according to TokenProviderFunc implementation +func (p TokenProviderFunc) GetToken() (string, error) { + return p() } // NewProviderClient returns a credentials Provider for retrieving AWS credentials @@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error req := p.Client.NewRequest(op, nil, out) req.SetContext(ctx) req.HTTPRequest.Header.Set("Accept", "application/json") - if authToken := p.AuthorizationToken; len(authToken) != 0 { + + authToken := p.AuthorizationToken + var err error + if p.AuthorizationTokenProvider != nil { + authToken, err = p.AuthorizationTokenProvider.GetToken() + if err != nil { + return nil, fmt.Errorf("get authorization token: %v", err) + } + } + + if strings.ContainsAny(authToken, "\r\n") { + return nil, fmt.Errorf("authorization token contains invalid newline sequence") + } + if len(authToken) != 0 { req.HTTPRequest.Header.Set("Authorization", authToken) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go index e62483600..18694f07f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go @@ -226,12 +226,24 @@ func NewCredentialsCommand(command *exec.Cmd, options ...func(*ProcessProvider)) return credentials.NewCredentials(p) } -type credentialProcessResponse struct { - Version int - AccessKeyID string `json:"AccessKeyId"` +// A CredentialProcessResponse is the AWS credentials format that must be +// returned when executing an external credential_process. +type CredentialProcessResponse struct { + // As of this writing, the Version key must be set to 1. This might + // increment over time as the structure evolves. + Version int + + // The access key ID that identifies the temporary security credentials. + AccessKeyID string `json:"AccessKeyId"` + + // The secret access key that can be used to sign requests. SecretAccessKey string - SessionToken string - Expiration *time.Time + + // The token that users must pass to the service API to use the temporary credentials. + SessionToken string + + // The date on which the current credentials expire. + Expiration *time.Time } // Retrieve executes the 'credential_process' and returns the credentials. @@ -242,7 +254,7 @@ func (p *ProcessProvider) Retrieve() (credentials.Value, error) { } // Serialize and validate response - resp := &credentialProcessResponse{} + resp := &CredentialProcessResponse{} if err = json.Unmarshal(out, resp); err != nil { return credentials.Value{ProviderName: ProviderName}, awserr.New( ErrCodeProcessProviderParse, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go new file mode 100644 index 000000000..18c940ab3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go @@ -0,0 +1,60 @@ +// Package ssocreds provides a credential provider for retrieving temporary AWS credentials using an SSO access token. +// +// IMPORTANT: The provider in this package does not initiate or perform the AWS SSO login flow. The SDK provider +// expects that you have already performed the SSO login flow using AWS CLI using the "aws sso login" command, or by +// some other mechanism. The provider must find a valid non-expired access token for the AWS SSO user portal URL in +// ~/.aws/sso/cache. If a cached token is not found, it is expired, or the file is malformed an error will be returned. +// +// Loading AWS SSO credentials with the AWS shared configuration file +// +// You can use configure AWS SSO credentials from the AWS shared configuration file by +// providing the specifying the required keys in the profile: +// +// sso_account_id +// sso_region +// sso_role_name +// sso_start_url +// +// For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target +// account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be +// provided, or an error will be returned. +// +// [profile devsso] +// sso_start_url = https://my-sso-portal.awsapps.com/start +// sso_role_name = SSOReadOnlyRole +// sso_region = us-east-1 +// sso_account_id = 123456789012 +// +// Using the config module, you can load the AWS SDK shared configuration, and specify that this profile be used to +// retrieve credentials. For example: +// +// sess, err := session.NewSessionWithOptions(session.Options{ +// SharedConfigState: session.SharedConfigEnable, +// Profile: "devsso", +// }) +// if err != nil { +// return err +// } +// +// Programmatically loading AWS SSO credentials directly +// +// You can programmatically construct the AWS SSO Provider in your application, and provide the necessary information +// to load and retrieve temporary credentials using an access token from ~/.aws/sso/cache. +// +// svc := sso.New(sess, &aws.Config{ +// Region: aws.String("us-west-2"), // Client Region must correspond to the AWS SSO user portal region +// }) +// +// provider := ssocreds.NewCredentialsWithClient(svc, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start") +// +// credentials, err := provider.Get() +// if err != nil { +// return err +// } +// +// Additional Resources +// +// Configuring the AWS CLI to use AWS Single Sign-On: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html +// +// AWS Single Sign-On User Guide: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html +package ssocreds diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go new file mode 100644 index 000000000..d4df39a7a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go @@ -0,0 +1,10 @@ +//go:build !windows +// +build !windows + +package ssocreds + +import "os" + +func getHomeDirectory() string { + return os.Getenv("HOME") +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go new file mode 100644 index 000000000..eb48f61e5 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go @@ -0,0 +1,7 @@ +package ssocreds + +import "os" + +func getHomeDirectory() string { + return os.Getenv("USERPROFILE") +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go new file mode 100644 index 000000000..4138e725d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go @@ -0,0 +1,187 @@ +package ssocreds + +import ( + "crypto/sha1" + "encoding/hex" + "encoding/json" + "io/ioutil" + "path/filepath" + "strings" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/auth/bearer" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/service/sso" + "github.com/aws/aws-sdk-go/service/sso/ssoiface" +) + +// ErrCodeSSOProviderInvalidToken is the code type that is returned if loaded token has expired or is otherwise invalid. +// To refresh the SSO session run aws sso login with the corresponding profile. +const ErrCodeSSOProviderInvalidToken = "SSOProviderInvalidToken" + +const invalidTokenMessage = "the SSO session has expired or is invalid" + +func init() { + nowTime = time.Now + defaultCacheLocation = defaultCacheLocationImpl +} + +var nowTime func() time.Time + +// ProviderName is the name of the provider used to specify the source of credentials. +const ProviderName = "SSOProvider" + +var defaultCacheLocation func() string + +func defaultCacheLocationImpl() string { + return filepath.Join(getHomeDirectory(), ".aws", "sso", "cache") +} + +// Provider is an AWS credential provider that retrieves temporary AWS credentials by exchanging an SSO login token. +type Provider struct { + credentials.Expiry + + // The Client which is configured for the AWS Region where the AWS SSO user portal is located. + Client ssoiface.SSOAPI + + // The AWS account that is assigned to the user. + AccountID string + + // The role name that is assigned to the user. + RoleName string + + // The URL that points to the organization's AWS Single Sign-On (AWS SSO) user portal. + StartURL string + + // The filepath the cached token will be retrieved from. If unset Provider will + // use the startURL to determine the filepath at. + // + // ~/.aws/sso/cache/.json + // + // If custom cached token filepath is used, the Provider's startUrl + // parameter will be ignored. + CachedTokenFilepath string + + // Used by the SSOCredentialProvider if a token configuration + // profile is used in the shared config + TokenProvider bearer.TokenProvider +} + +// NewCredentials returns a new AWS Single Sign-On (AWS SSO) credential provider. The ConfigProvider is expected to be configured +// for the AWS Region where the AWS SSO user portal is located. +func NewCredentials(configProvider client.ConfigProvider, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials { + return NewCredentialsWithClient(sso.New(configProvider), accountID, roleName, startURL, optFns...) +} + +// NewCredentialsWithClient returns a new AWS Single Sign-On (AWS SSO) credential provider. The provided client is expected to be configured +// for the AWS Region where the AWS SSO user portal is located. +func NewCredentialsWithClient(client ssoiface.SSOAPI, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials { + p := &Provider{ + Client: client, + AccountID: accountID, + RoleName: roleName, + StartURL: startURL, + } + + for _, fn := range optFns { + fn(p) + } + + return credentials.NewCredentials(p) +} + +// Retrieve retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal +// by exchanging the accessToken present in ~/.aws/sso/cache. +func (p *Provider) Retrieve() (credentials.Value, error) { + return p.RetrieveWithContext(aws.BackgroundContext()) +} + +// RetrieveWithContext retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal +// by exchanging the accessToken present in ~/.aws/sso/cache. +func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) { + var accessToken *string + if p.TokenProvider != nil { + token, err := p.TokenProvider.RetrieveBearerToken(ctx) + if err != nil { + return credentials.Value{}, err + } + accessToken = &token.Value + } else { + if p.CachedTokenFilepath == "" { + cachedTokenFilePath, err := getCachedFilePath(p.StartURL) + if err != nil { + return credentials.Value{}, err + } + p.CachedTokenFilepath = cachedTokenFilePath + } + + tokenFile, err := loadTokenFile(p.CachedTokenFilepath) + if err != nil { + return credentials.Value{}, err + } + accessToken = &tokenFile.AccessToken + } + + output, err := p.Client.GetRoleCredentialsWithContext(ctx, &sso.GetRoleCredentialsInput{ + AccessToken: accessToken, + AccountId: &p.AccountID, + RoleName: &p.RoleName, + }) + if err != nil { + return credentials.Value{}, err + } + + expireTime := time.Unix(0, aws.Int64Value(output.RoleCredentials.Expiration)*int64(time.Millisecond)).UTC() + p.SetExpiration(expireTime, 0) + + return credentials.Value{ + AccessKeyID: aws.StringValue(output.RoleCredentials.AccessKeyId), + SecretAccessKey: aws.StringValue(output.RoleCredentials.SecretAccessKey), + SessionToken: aws.StringValue(output.RoleCredentials.SessionToken), + ProviderName: ProviderName, + }, nil +} + +func getCachedFilePath(startUrl string) (string, error) { + hash := sha1.New() + _, err := hash.Write([]byte(startUrl)) + if err != nil { + return "", err + } + return filepath.Join(defaultCacheLocation(), strings.ToLower(hex.EncodeToString(hash.Sum(nil)))+".json"), nil +} + +type token struct { + AccessToken string `json:"accessToken"` + ExpiresAt rfc3339 `json:"expiresAt"` + Region string `json:"region,omitempty"` + StartURL string `json:"startUrl,omitempty"` +} + +func (t token) Expired() bool { + return nowTime().Round(0).After(time.Time(t.ExpiresAt)) +} + +func loadTokenFile(cachedTokenPath string) (t token, err error) { + fileBytes, err := ioutil.ReadFile(cachedTokenPath) + if err != nil { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err) + } + + if err := json.Unmarshal(fileBytes, &t); err != nil { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err) + } + + if len(t.AccessToken) == 0 { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil) + } + + if t.Expired() { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil) + } + + return t, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/sso_cached_token.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/sso_cached_token.go new file mode 100644 index 000000000..f6fa88451 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/sso_cached_token.go @@ -0,0 +1,237 @@ +package ssocreds + +import ( + "crypto/sha1" + "encoding/hex" + "encoding/json" + "fmt" + "github.com/aws/aws-sdk-go/internal/shareddefaults" + "io/ioutil" + "os" + "path/filepath" + "strconv" + "strings" + "time" +) + +var resolvedOsUserHomeDir = shareddefaults.UserHomeDir + +// StandardCachedTokenFilepath returns the filepath for the cached SSO token file, or +// error if unable get derive the path. Key that will be used to compute a SHA1 +// value that is hex encoded. +// +// Derives the filepath using the Key as: +// +// ~/.aws/sso/cache/.json +func StandardCachedTokenFilepath(key string) (string, error) { + homeDir := resolvedOsUserHomeDir() + if len(homeDir) == 0 { + return "", fmt.Errorf("unable to get USER's home directory for cached token") + } + hash := sha1.New() + if _, err := hash.Write([]byte(key)); err != nil { + return "", fmt.Errorf("unable to compute cached token filepath key SHA1 hash, %v", err) + } + + cacheFilename := strings.ToLower(hex.EncodeToString(hash.Sum(nil))) + ".json" + + return filepath.Join(homeDir, ".aws", "sso", "cache", cacheFilename), nil +} + +type tokenKnownFields struct { + AccessToken string `json:"accessToken,omitempty"` + ExpiresAt *rfc3339 `json:"expiresAt,omitempty"` + + RefreshToken string `json:"refreshToken,omitempty"` + ClientID string `json:"clientId,omitempty"` + ClientSecret string `json:"clientSecret,omitempty"` +} + +type cachedToken struct { + tokenKnownFields + UnknownFields map[string]interface{} `json:"-"` +} + +// MarshalJSON provides custom marshalling because the standard library Go marshaller ignores unknown/unspecified fields +// when marshalling from a struct: https://pkg.go.dev/encoding/json#Marshal +// This function adds some extra validation to the known fields and captures unknown fields. +func (t cachedToken) MarshalJSON() ([]byte, error) { + fields := map[string]interface{}{} + + setTokenFieldString(fields, "accessToken", t.AccessToken) + setTokenFieldRFC3339(fields, "expiresAt", t.ExpiresAt) + + setTokenFieldString(fields, "refreshToken", t.RefreshToken) + setTokenFieldString(fields, "clientId", t.ClientID) + setTokenFieldString(fields, "clientSecret", t.ClientSecret) + + for k, v := range t.UnknownFields { + if _, ok := fields[k]; ok { + return nil, fmt.Errorf("unknown token field %v, duplicates known field", k) + } + fields[k] = v + } + + return json.Marshal(fields) +} + +func setTokenFieldString(fields map[string]interface{}, key, value string) { + if value == "" { + return + } + fields[key] = value +} +func setTokenFieldRFC3339(fields map[string]interface{}, key string, value *rfc3339) { + if value == nil { + return + } + fields[key] = value +} + +// UnmarshalJSON provides custom unmarshalling because the standard library Go unmarshaller ignores unknown/unspecified +// fields when unmarshalling from a struct: https://pkg.go.dev/encoding/json#Unmarshal +// This function adds some extra validation to the known fields and captures unknown fields. +func (t *cachedToken) UnmarshalJSON(b []byte) error { + var fields map[string]interface{} + if err := json.Unmarshal(b, &fields); err != nil { + return nil + } + + t.UnknownFields = map[string]interface{}{} + + for k, v := range fields { + var err error + switch k { + case "accessToken": + err = getTokenFieldString(v, &t.AccessToken) + case "expiresAt": + err = getTokenFieldRFC3339(v, &t.ExpiresAt) + case "refreshToken": + err = getTokenFieldString(v, &t.RefreshToken) + case "clientId": + err = getTokenFieldString(v, &t.ClientID) + case "clientSecret": + err = getTokenFieldString(v, &t.ClientSecret) + default: + t.UnknownFields[k] = v + } + + if err != nil { + return fmt.Errorf("field %q, %v", k, err) + } + } + + return nil +} + +func getTokenFieldString(v interface{}, value *string) error { + var ok bool + *value, ok = v.(string) + if !ok { + return fmt.Errorf("expect value to be string, got %T", v) + } + return nil +} + +func getTokenFieldRFC3339(v interface{}, value **rfc3339) error { + var stringValue string + if err := getTokenFieldString(v, &stringValue); err != nil { + return err + } + + timeValue, err := parseRFC3339(stringValue) + if err != nil { + return err + } + + *value = &timeValue + return nil +} + +func loadCachedToken(filename string) (cachedToken, error) { + fileBytes, err := ioutil.ReadFile(filename) + if err != nil { + return cachedToken{}, fmt.Errorf("failed to read cached SSO token file, %v", err) + } + + var t cachedToken + if err := json.Unmarshal(fileBytes, &t); err != nil { + return cachedToken{}, fmt.Errorf("failed to parse cached SSO token file, %v", err) + } + + if len(t.AccessToken) == 0 || t.ExpiresAt == nil || time.Time(*t.ExpiresAt).IsZero() { + return cachedToken{}, fmt.Errorf( + "cached SSO token must contain accessToken and expiresAt fields") + } + + return t, nil +} + +func storeCachedToken(filename string, t cachedToken, fileMode os.FileMode) (err error) { + tmpFilename := filename + ".tmp-" + strconv.FormatInt(nowTime().UnixNano(), 10) + if err := writeCacheFile(tmpFilename, fileMode, t); err != nil { + return err + } + + if err := os.Rename(tmpFilename, filename); err != nil { + return fmt.Errorf("failed to replace old cached SSO token file, %v", err) + } + + return nil +} + +func writeCacheFile(filename string, fileMode os.FileMode, t cachedToken) (err error) { + var f *os.File + f, err = os.OpenFile(filename, os.O_CREATE|os.O_TRUNC|os.O_RDWR, fileMode) + if err != nil { + return fmt.Errorf("failed to create cached SSO token file %v", err) + } + + defer func() { + closeErr := f.Close() + if err == nil && closeErr != nil { + err = fmt.Errorf("failed to close cached SSO token file, %v", closeErr) + } + }() + + encoder := json.NewEncoder(f) + + if err = encoder.Encode(t); err != nil { + return fmt.Errorf("failed to serialize cached SSO token, %v", err) + } + + return nil +} + +type rfc3339 time.Time + +// UnmarshalJSON decode rfc3339 from JSON format +func (r *rfc3339) UnmarshalJSON(bytes []byte) error { + var value string + var err error + + if err = json.Unmarshal(bytes, &value); err != nil { + return err + } + + *r, err = parseRFC3339(value) + return err +} + +func parseRFC3339(v string) (rfc3339, error) { + parsed, err := time.Parse(time.RFC3339, v) + if err != nil { + return rfc3339{}, fmt.Errorf("expected RFC3339 timestamp: %v", err) + } + + return rfc3339(parsed), nil +} + +// MarshalJSON encode rfc3339 to JSON format time +func (r *rfc3339) MarshalJSON() ([]byte, error) { + value := time.Time(*r).Format(time.RFC3339) + + // Use JSON unmarshal to unescape the quoted value making use of JSON's + // quoting rules. + return json.Marshal(value) +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go new file mode 100644 index 000000000..3388b78b4 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go @@ -0,0 +1,148 @@ +package ssocreds + +import ( + "fmt" + "os" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/auth/bearer" + "github.com/aws/aws-sdk-go/service/ssooidc" +) + +// CreateTokenAPIClient provides the interface for the SSOTokenProvider's API +// client for calling CreateToken operation to refresh the SSO token. +type CreateTokenAPIClient interface { + CreateToken(input *ssooidc.CreateTokenInput) (*ssooidc.CreateTokenOutput, error) +} + +// SSOTokenProviderOptions provides the options for configuring the +// SSOTokenProvider. +type SSOTokenProviderOptions struct { + // Client that can be overridden + Client CreateTokenAPIClient + + // The path the file containing the cached SSO token will be read from. + // Initialized the NewSSOTokenProvider's cachedTokenFilepath parameter. + CachedTokenFilepath string +} + +// SSOTokenProvider provides a utility for refreshing SSO AccessTokens for +// Bearer Authentication. The SSOTokenProvider can only be used to refresh +// already cached SSO Tokens. This utility cannot perform the initial SSO +// create token. +// +// The initial SSO create token should be preformed with the AWS CLI before the +// Go application using the SSOTokenProvider will need to retrieve the SSO +// token. If the AWS CLI has not created the token cache file, this provider +// will return an error when attempting to retrieve the cached token. +// +// This provider will attempt to refresh the cached SSO token periodically if +// needed when RetrieveBearerToken is called. +// +// A utility such as the AWS CLI must be used to initially create the SSO +// session and cached token file. +// https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html +type SSOTokenProvider struct { + options SSOTokenProviderOptions +} + +// NewSSOTokenProvider returns an initialized SSOTokenProvider that will +// periodically refresh the SSO token cached stored in the cachedTokenFilepath. +// The cachedTokenFilepath file's content will be rewritten by the token +// provider when the token is refreshed. +// +// The client must be configured for the AWS region the SSO token was created for. +func NewSSOTokenProvider(client CreateTokenAPIClient, cachedTokenFilepath string, optFns ...func(o *SSOTokenProviderOptions)) *SSOTokenProvider { + options := SSOTokenProviderOptions{ + Client: client, + CachedTokenFilepath: cachedTokenFilepath, + } + for _, fn := range optFns { + fn(&options) + } + + provider := &SSOTokenProvider{ + options: options, + } + + return provider +} + +// RetrieveBearerToken returns the SSO token stored in the cachedTokenFilepath +// the SSOTokenProvider was created with. If the token has expired +// RetrieveBearerToken will attempt to refresh it. If the token cannot be +// refreshed or is not present an error will be returned. +// +// A utility such as the AWS CLI must be used to initially create the SSO +// session and cached token file. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html +func (p *SSOTokenProvider) RetrieveBearerToken(ctx aws.Context) (bearer.Token, error) { + cachedToken, err := loadCachedToken(p.options.CachedTokenFilepath) + if err != nil { + return bearer.Token{}, err + } + + if cachedToken.ExpiresAt != nil && nowTime().After(time.Time(*cachedToken.ExpiresAt)) { + cachedToken, err = p.refreshToken(cachedToken) + if err != nil { + return bearer.Token{}, fmt.Errorf("refresh cached SSO token failed, %v", err) + } + } + + expiresAt := toTime((*time.Time)(cachedToken.ExpiresAt)) + return bearer.Token{ + Value: cachedToken.AccessToken, + CanExpire: !expiresAt.IsZero(), + Expires: expiresAt, + }, nil +} + +func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error) { + if token.ClientSecret == "" || token.ClientID == "" || token.RefreshToken == "" { + return cachedToken{}, fmt.Errorf("cached SSO token is expired, or not present, and cannot be refreshed") + } + + createResult, err := p.options.Client.CreateToken(&ssooidc.CreateTokenInput{ + ClientId: &token.ClientID, + ClientSecret: &token.ClientSecret, + RefreshToken: &token.RefreshToken, + GrantType: aws.String("refresh_token"), + }) + if err != nil { + return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err) + } + if createResult.ExpiresIn == nil { + return cachedToken{}, fmt.Errorf("missing required field ExpiresIn") + } + if createResult.AccessToken == nil { + return cachedToken{}, fmt.Errorf("missing required field AccessToken") + } + if createResult.RefreshToken == nil { + return cachedToken{}, fmt.Errorf("missing required field RefreshToken") + } + + expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second) + + token.AccessToken = *createResult.AccessToken + token.ExpiresAt = (*rfc3339)(&expiresAt) + token.RefreshToken = *createResult.RefreshToken + + fileInfo, err := os.Stat(p.options.CachedTokenFilepath) + if err != nil { + return cachedToken{}, fmt.Errorf("failed to stat cached SSO token file %v", err) + } + + if err = storeCachedToken(p.options.CachedTokenFilepath, token, fileInfo.Mode()); err != nil { + return cachedToken{}, fmt.Errorf("unable to cache refreshed SSO token, %v", err) + } + + return token, nil +} + +func toTime(p *time.Time) (v time.Time) { + if p == nil { + return v + } + + return *p +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index 6846ef6f8..86db488de 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go @@ -9,7 +9,7 @@ to refresh the credentials will be synchronized. But, the SDK is unable to ensure synchronous usage of the AssumeRoleProvider if the value is shared between multiple Credentials, Sessions or service clients. -Assume Role +# Assume Role To assume an IAM role using STS with the SDK you can create a new Credentials with the SDKs's stscreds package. @@ -27,7 +27,7 @@ with the SDKs's stscreds package. // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) -Assume Role with static MFA Token +# Assume Role with static MFA Token To assume an IAM role with a MFA token you can either specify a MFA token code directly or provide a function to prompt the user each time the credentials @@ -49,7 +49,7 @@ credentials. // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) -Assume Role with MFA Token Provider +# Assume Role with MFA Token Provider To assume an IAM role with MFA for longer running tasks where the credentials may need to be refreshed setting the TokenProvider field of AssumeRoleProvider @@ -74,7 +74,6 @@ single Credentials with an AssumeRoleProvider can be shared safely. // Create service client value configured for credentials // from assumed role. svc := s3.New(sess, &aws.Config{Credentials: creds}) - */ package stscreds @@ -95,7 +94,7 @@ import ( // StdinTokenProvider will prompt on stderr and read from stdin for a string value. // An error is returned if reading from stdin fails. // -// Use this function go read MFA tokens from stdin. The function makes no attempt +// Use this function to read MFA tokens from stdin. The function makes no attempt // to make atomic prompts from stdin across multiple gorouties. // // Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will @@ -199,6 +198,10 @@ type AssumeRoleProvider struct { // or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). SerialNumber *string + // The SourceIdentity which is used to identity a persistent identity through the whole session. + // For more details see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html + SourceIdentity *string + // The value provided by the MFA device, if the trust policy of the role being // assumed requires MFA (that is, if the policy includes a condition that tests // for MFA). If the role being assumed requires MFA and if the TokenCode value @@ -244,9 +247,11 @@ type AssumeRoleProvider struct { MaxJitterFrac float64 } -// NewCredentials returns a pointer to a new Credentials object wrapping the +// NewCredentials returns a pointer to a new Credentials value wrapping the // AssumeRoleProvider. The credentials will expire every 15 minutes and the -// role will be named after a nanosecond timestamp of this operation. +// role will be named after a nanosecond timestamp of this operation. The +// Credentials value will attempt to refresh the credentials using the provider +// when Credentials.Get is called, if the cached credentials are expiring. // // Takes a Config provider to create the STS client. The ConfigProvider is // satisfied by the session.Session type. @@ -268,9 +273,11 @@ func NewCredentials(c client.ConfigProvider, roleARN string, options ...func(*As return credentials.NewCredentials(p) } -// NewCredentialsWithClient returns a pointer to a new Credentials object wrapping the +// NewCredentialsWithClient returns a pointer to a new Credentials value wrapping the // AssumeRoleProvider. The credentials will expire every 15 minutes and the -// role will be named after a nanosecond timestamp of this operation. +// role will be named after a nanosecond timestamp of this operation. The +// Credentials value will attempt to refresh the credentials using the provider +// when Credentials.Get is called, if the cached credentials are expiring. // // Takes an AssumeRoler which can be satisfied by the STS client. // @@ -316,6 +323,7 @@ func (p *AssumeRoleProvider) RetrieveWithContext(ctx credentials.Context) (crede Tags: p.Tags, PolicyArns: p.PolicyArns, TransitiveTagKeys: p.TransitiveTagKeys, + SourceIdentity: p.SourceIdentity, } if p.Policy != nil { input.Policy = p.Policy diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go index cefe2a76d..19ad619aa 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go @@ -28,7 +28,7 @@ const ( // compare test values. var now = time.Now -// TokenFetcher shuold return WebIdentity token bytes or an error +// TokenFetcher should return WebIdentity token bytes or an error type TokenFetcher interface { FetchToken(credentials.Context) ([]byte, error) } @@ -50,6 +50,8 @@ func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) { // an OIDC token. type WebIdentityRoleProvider struct { credentials.Expiry + + // The policy ARNs to use with the web identity assumed role. PolicyArns []*sts.PolicyDescriptorType // Duration the STS credentials will be valid for. Truncated to seconds. @@ -74,6 +76,9 @@ type WebIdentityRoleProvider struct { // NewWebIdentityCredentials will return a new set of credentials with a given // configuration, role arn, and token file path. +// +// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible +// functional options, and wrap with credentials.NewCredentials helper. func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials { svc := sts.New(c) p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path) @@ -82,19 +87,42 @@ func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName // NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the // provided stsiface.STSAPI +// +// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible +// functional options. func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider { - return NewWebIdentityRoleProviderWithToken(svc, roleARN, roleSessionName, FetchTokenPath(path)) + return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, FetchTokenPath(path)) } // NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the // provided stsiface.STSAPI and a TokenFetcher +// +// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible +// functional options. func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider { - return &WebIdentityRoleProvider{ + return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, tokenFetcher) +} + +// NewWebIdentityRoleProviderWithOptions will return an initialize +// WebIdentityRoleProvider with the provided stsiface.STSAPI, role ARN, and a +// TokenFetcher. Additional options can be provided as functional options. +// +// TokenFetcher is the implementation that will retrieve the JWT token from to +// assume the role with. Use the provided FetchTokenPath implementation to +// retrieve the JWT token using a file system path. +func NewWebIdentityRoleProviderWithOptions(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher, optFns ...func(*WebIdentityRoleProvider)) *WebIdentityRoleProvider { + p := WebIdentityRoleProvider{ client: svc, tokenFetcher: tokenFetcher, roleARN: roleARN, roleSessionName: roleSessionName, } + + for _, fn := range optFns { + fn(&p) + } + + return &p } // Retrieve will attempt to assume a role from a token which is located at @@ -104,9 +132,9 @@ func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) { return p.RetrieveWithContext(aws.BackgroundContext()) } -// RetrieveWithContext will attempt to assume a role from a token which is located at -// 'WebIdentityTokenFilePath' specified destination and if that is empty an -// error will be returned. +// RetrieveWithContext will attempt to assume a role from a token which is +// located at 'WebIdentityTokenFilePath' specified destination and if that is +// empty an error will be returned. func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) { b, err := p.tokenFetcher.FetchToken(ctx) if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go index 23bb639e0..1ba80b576 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go @@ -9,6 +9,7 @@ package defaults import ( "fmt" + "io/ioutil" "net" "net/http" "net/url" @@ -74,6 +75,7 @@ func Handlers() request.Handlers { handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler) handlers.Validate.AfterEachFn = request.HandlerListStopOnError handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler) + handlers.Build.PushBackNamed(corehandlers.AddAwsInternal) handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander) handlers.Build.AfterEachFn = request.HandlerListStopOnError handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler) @@ -114,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro const ( httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" + httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE" httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" ) +// direct representation of the IPv4 address for the ECS container +// "169.254.170.2" +var ecsContainerIPv4 net.IP = []byte{ + 169, 254, 170, 2, +} + +// direct representation of the IPv4 address for the EKS container +// "169.254.170.23" +var eksContainerIPv4 net.IP = []byte{ + 169, 254, 170, 23, +} + +// direct representation of the IPv6 address for the EKS container +// "fd00:ec2::23" +var eksContainerIPv6 net.IP = []byte{ + 0xFD, 0, 0xE, 0xC2, + 0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0, 0x23, +} + // RemoteCredProvider returns a credentials provider for the default remote // endpoints such as EC2 or ECS Roles. func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider { @@ -134,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P var lookupHostFn = net.LookupHost -func isLoopbackHost(host string) (bool, error) { - ip := net.ParseIP(host) - if ip != nil { - return ip.IsLoopback(), nil +// isAllowedHost allows host to be loopback or known ECS/EKS container IPs +// +// host can either be an IP address OR an unresolved hostname - resolution will +// be automatically performed in the latter case +func isAllowedHost(host string) (bool, error) { + if ip := net.ParseIP(host); ip != nil { + return isIPAllowed(ip), nil } - // Host is not an ip, perform lookup addrs, err := lookupHostFn(host) if err != nil { return false, err } + for _, addr := range addrs { - if !net.ParseIP(addr).IsLoopback() { + if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) { return false, nil } } @@ -154,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) { return true, nil } +func isIPAllowed(ip net.IP) bool { + return ip.IsLoopback() || + ip.Equal(ecsContainerIPv4) || + ip.Equal(eksContainerIPv4) || + ip.Equal(eksContainerIPv6) +} + func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider { var errMsg string @@ -164,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) host := aws.URLHostname(parsed) if len(host) == 0 { errMsg = "unable to parse host from local HTTP cred provider URL" - } else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil { - errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr) - } else if !isLoopback { - errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host) + } else if parsed.Scheme == "http" { + if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil { + errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr) + } else if !isAllowedHost { + errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host) + } } } @@ -189,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede func(p *endpointcreds.Provider) { p.ExpiryWindow = 5 * time.Minute p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar) + if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" { + p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) { + if contents, err := ioutil.ReadFile(authFilePath); err != nil { + return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err) + } else { + return string(contents), nil + } + }) + } }, ) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index 8f35b3464..f4cc8751d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -13,7 +13,6 @@ package ec2metadata import ( "bytes" - "errors" "io" "net/http" "net/url" @@ -58,13 +57,13 @@ type EC2Metadata struct { // New creates a new instance of the EC2Metadata client with a session. // This client is safe to use across multiple goroutines. // -// // Example: -// // Create a EC2Metadata client from just a session. -// svc := ec2metadata.New(mySession) // -// // Create a EC2Metadata client with additional configuration -// svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody)) +// // Create a EC2Metadata client from just a session. +// svc := ec2metadata.New(mySession) +// +// // Create a EC2Metadata client with additional configuration +// svc := ec2metadata.New(mySession, aws.NewConfig().WithLogLevel(aws.LogDebugHTTPBody)) func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata { c := p.ClientConfig(ServiceName, cfgs...) return NewClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion) @@ -234,7 +233,8 @@ func unmarshalError(r *request.Request) { // Response body format is not consistent between metadata endpoints. // Grab the error message as a string and include that as the source error - r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())), + r.Error = awserr.NewRequestFailure( + awserr.New("EC2MetadataError", "failed to make EC2Metadata request\n"+b.String(), nil), r.HTTPResponse.StatusCode, r.RequestID) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go index 4b29f190b..f1f9ba4ec 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go @@ -1,6 +1,8 @@ package ec2metadata import ( + "fmt" + "github.com/aws/aws-sdk-go/aws" "net/http" "sync/atomic" "time" @@ -33,11 +35,15 @@ func newTokenProvider(c *EC2Metadata, duration time.Duration) *tokenProvider { return &tokenProvider{client: c, configuredTTL: duration} } +// check if fallback is enabled +func (t *tokenProvider) fallbackEnabled() bool { + return t.client.Config.EC2MetadataEnableFallback == nil || *t.client.Config.EC2MetadataEnableFallback +} + // fetchTokenHandler fetches token for EC2Metadata service client by default. func (t *tokenProvider) fetchTokenHandler(r *request.Request) { - // short-circuits to insecure data flow if tokenProvider is disabled. - if v := atomic.LoadUint32(&t.disabled); v == 1 { + if v := atomic.LoadUint32(&t.disabled); v == 1 && t.fallbackEnabled() { return } @@ -49,23 +55,23 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) { output, err := t.client.getToken(r.Context(), t.configuredTTL) if err != nil { + // only attempt fallback to insecure data flow if IMDSv1 is enabled + if !t.fallbackEnabled() { + r.Error = awserr.New("EC2MetadataError", "failed to get IMDSv2 token and fallback to IMDSv1 is disabled", err) + return + } - // change the disabled flag on token provider to true, - // when error is request timeout error. + // change the disabled flag on token provider to true and fallback if requestFailureError, ok := err.(awserr.RequestFailure); ok { switch requestFailureError.StatusCode() { case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed: atomic.StoreUint32(&t.disabled, 1) + if t.client.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) { + t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError)) + } case http.StatusBadRequest: r.Error = requestFailureError } - - // Check if request timed out while waiting for response - if e, ok := requestFailureError.OrigErr().(awserr.Error); ok { - if e.Code() == request.ErrCodeRequestError { - atomic.StoreUint32(&t.disabled, 1) - } - } } return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go index 654fb1ad5..cad3b9a48 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go @@ -31,12 +31,12 @@ func (d *DecodeModelOptions) Set(optFns ...func(*DecodeModelOptions)) { // allow you to get a list of the partitions in the order the endpoints // will be resolved in. // -// resolver, err := endpoints.DecodeModel(reader) +// resolver, err := endpoints.DecodeModel(reader) // -// partitions := resolver.(endpoints.EnumPartitions).Partitions() -// for _, p := range partitions { -// // ... inspect partitions -// } +// partitions := resolver.(endpoints.EnumPartitions).Partitions() +// for _, p := range partitions { +// // ... inspect partitions +// } func DecodeModel(r io.Reader, optFns ...func(*DecodeModelOptions)) (Resolver, error) { var opts DecodeModelOptions opts.Set(optFns...) @@ -81,8 +81,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol // Customization for i := 0; i < len(ps); i++ { p := &ps[i] - custAddEC2Metadata(p) - custAddS3DualStack(p) custRegionalS3(p) custRmIotDataService(p) custFixAppAutoscalingChina(p) @@ -92,15 +90,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol return ps, nil } -func custAddS3DualStack(p *partition) { - if !(p.ID == "aws" || p.ID == "aws-cn" || p.ID == "aws-us-gov") { - return - } - - custAddDualstack(p, "s3") - custAddDualstack(p, "s3-control") -} - func custRegionalS3(p *partition) { if p.ID != "aws" { return @@ -111,48 +100,28 @@ func custRegionalS3(p *partition) { return } + const awsGlobal = "aws-global" + const usEast1 = "us-east-1" + // If global endpoint already exists no customization needed. - if _, ok := service.Endpoints["aws-global"]; ok { + if _, ok := service.Endpoints[endpointKey{Region: awsGlobal}]; ok { return } - service.PartitionEndpoint = "aws-global" - service.Endpoints["us-east-1"] = endpoint{} - service.Endpoints["aws-global"] = endpoint{ + service.PartitionEndpoint = awsGlobal + if _, ok := service.Endpoints[endpointKey{Region: usEast1}]; !ok { + service.Endpoints[endpointKey{Region: usEast1}] = endpoint{} + } + service.Endpoints[endpointKey{Region: awsGlobal}] = endpoint{ Hostname: "s3.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: usEast1, }, } p.Services["s3"] = service } -func custAddDualstack(p *partition, svcName string) { - s, ok := p.Services[svcName] - if !ok { - return - } - - s.Defaults.HasDualStack = boxedTrue - s.Defaults.DualStackHostname = "{service}.dualstack.{region}.{dnsSuffix}" - - p.Services[svcName] = s -} - -func custAddEC2Metadata(p *partition) { - p.Services["ec2metadata"] = service{ - IsRegionalized: boxedFalse, - PartitionEndpoint: "aws-global", - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - } -} - func custRmIotDataService(p *partition) { delete(p.Services, "data.iot") } @@ -169,12 +138,13 @@ func custFixAppAutoscalingChina(p *partition) { } const expectHostname = `autoscaling.{region}.amazonaws.com` - if e, a := s.Defaults.Hostname, expectHostname; e != a { + serviceDefault := s.Defaults[defaultKey{}] + if e, a := expectHostname, serviceDefault.Hostname; e != a { fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a) return } - - s.Defaults.Hostname = expectHostname + ".cn" + serviceDefault.Hostname = expectHostname + ".cn" + s.Defaults[defaultKey{}] = serviceDefault p.Services[serviceName] = s } @@ -189,18 +159,25 @@ func custFixAppAutoscalingUsGov(p *partition) { return } - if a := s.Defaults.CredentialScope.Service; a != "" { + serviceDefault := s.Defaults[defaultKey{}] + if a := serviceDefault.CredentialScope.Service; a != "" { fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty credential scope service, got %s\n", a) return } - if a := s.Defaults.Hostname; a != "" { + if a := serviceDefault.Hostname; a != "" { fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty hostname, got %s\n", a) return } - s.Defaults.CredentialScope.Service = "application-autoscaling" - s.Defaults.Hostname = "autoscaling.{region}.amazonaws.com" + serviceDefault.CredentialScope.Service = "application-autoscaling" + serviceDefault.Hostname = "autoscaling.{region}.amazonaws.com" + + if s.Defaults == nil { + s.Defaults = make(endpointDefaults) + } + + s.Defaults[defaultKey{}] = serviceDefault p.Services[serviceName] = s } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 5e81d67d0..069debf1f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -13,6 +13,8 @@ const ( AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition. AwsIsoPartitionID = "aws-iso" // AWS ISO (US) partition. AwsIsoBPartitionID = "aws-iso-b" // AWS ISOB (US) partition. + AwsIsoEPartitionID = "aws-iso-e" // AWS ISOE (Europe) partition. + AwsIsoFPartitionID = "aws-iso-f" // AWS ISOF partition. ) // AWS Standard partition's regions. @@ -21,16 +23,25 @@ const ( ApEast1RegionID = "ap-east-1" // Asia Pacific (Hong Kong). ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo). ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul). + ApNortheast3RegionID = "ap-northeast-3" // Asia Pacific (Osaka). ApSouth1RegionID = "ap-south-1" // Asia Pacific (Mumbai). + ApSouth2RegionID = "ap-south-2" // Asia Pacific (Hyderabad). ApSoutheast1RegionID = "ap-southeast-1" // Asia Pacific (Singapore). ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney). + ApSoutheast3RegionID = "ap-southeast-3" // Asia Pacific (Jakarta). + ApSoutheast4RegionID = "ap-southeast-4" // Asia Pacific (Melbourne). CaCentral1RegionID = "ca-central-1" // Canada (Central). + CaWest1RegionID = "ca-west-1" // Canada West (Calgary). EuCentral1RegionID = "eu-central-1" // Europe (Frankfurt). + EuCentral2RegionID = "eu-central-2" // Europe (Zurich). EuNorth1RegionID = "eu-north-1" // Europe (Stockholm). EuSouth1RegionID = "eu-south-1" // Europe (Milan). + EuSouth2RegionID = "eu-south-2" // Europe (Spain). EuWest1RegionID = "eu-west-1" // Europe (Ireland). EuWest2RegionID = "eu-west-2" // Europe (London). EuWest3RegionID = "eu-west-3" // Europe (Paris). + IlCentral1RegionID = "il-central-1" // Israel (Tel Aviv). + MeCentral1RegionID = "me-central-1" // Middle East (UAE). MeSouth1RegionID = "me-south-1" // Middle East (Bahrain). SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). UsEast1RegionID = "us-east-1" // US East (N. Virginia). @@ -54,6 +65,7 @@ const ( // AWS ISO (US) partition's regions. const ( UsIsoEast1RegionID = "us-iso-east-1" // US ISO East. + UsIsoWest1RegionID = "us-iso-west-1" // US ISO WEST. ) // AWS ISOB (US) partition's regions. @@ -61,8 +73,16 @@ const ( UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio). ) +// AWS ISOE (Europe) partition's regions. +const ( + EuIsoeWest1RegionID = "eu-isoe-west-1" // EU ISOE West. +) + +// AWS ISOF partition's regions. +const () + // DefaultResolver returns an Endpoint resolver that will be able -// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). +// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF. // // Use DefaultPartitions() to get the list of the default partitions. func DefaultResolver() Resolver { @@ -70,7 +90,7 @@ func DefaultResolver() Resolver { } // DefaultPartitions returns a list of the partitions the SDK is bundled -// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). +// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), AWS ISOB (US), AWS ISOE (Europe), and AWS ISOF. // // partitions := endpoints.DefaultPartitions // for _, p := range partitions { @@ -86,6 +106,8 @@ var defaultPartitions = partitions{ awsusgovPartition, awsisoPartition, awsisobPartition, + awsisoePartition, + awsisofPartition, } // AwsPartition returns the Resolver for AWS Standard. @@ -99,14 +121,40 @@ var awsPartition = partition{ DNSSuffix: "amazonaws.com", RegionRegex: regionRegex{ Regexp: func() *regexp.Regexp { - reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$") + reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$") return reg }(), }, - Defaults: endpoint{ - Hostname: "{service}.{region}.{dnsSuffix}", - Protocols: []string{"https"}, - SignatureVersions: []string{"v4"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, }, Regions: regions{ "af-south-1": region{ @@ -121,27 +169,48 @@ var awsPartition = partition{ "ap-northeast-2": region{ Description: "Asia Pacific (Seoul)", }, + "ap-northeast-3": region{ + Description: "Asia Pacific (Osaka)", + }, "ap-south-1": region{ Description: "Asia Pacific (Mumbai)", }, + "ap-south-2": region{ + Description: "Asia Pacific (Hyderabad)", + }, "ap-southeast-1": region{ Description: "Asia Pacific (Singapore)", }, "ap-southeast-2": region{ Description: "Asia Pacific (Sydney)", }, + "ap-southeast-3": region{ + Description: "Asia Pacific (Jakarta)", + }, + "ap-southeast-4": region{ + Description: "Asia Pacific (Melbourne)", + }, "ca-central-1": region{ Description: "Canada (Central)", }, + "ca-west-1": region{ + Description: "Canada West (Calgary)", + }, "eu-central-1": region{ Description: "Europe (Frankfurt)", }, + "eu-central-2": region{ + Description: "Europe (Zurich)", + }, "eu-north-1": region{ Description: "Europe (Stockholm)", }, "eu-south-1": region{ Description: "Europe (Milan)", }, + "eu-south-2": region{ + Description: "Europe (Spain)", + }, "eu-west-1": region{ Description: "Europe (Ireland)", }, @@ -151,6 +220,12 @@ var awsPartition = partition{ "eu-west-3": region{ Description: "Europe (Paris)", }, + "il-central-1": region{ + Description: "Israel (Tel Aviv)", + }, + "me-central-1": region{ + Description: "Middle East (UAE)", + }, "me-south-1": region{ Description: "Middle East (Bahrain)", }, @@ -171,9303 +246,46082 @@ var awsPartition = partition{ }, }, Services: services{ - "a4b": service{ - - Endpoints: endpoints{ - "us-east-1": endpoint{}, - }, - }, "access-analyzer": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ Hostname: "access-analyzer-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "access-analyzer-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ Hostname: "access-analyzer-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ Hostname: "access-analyzer-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ Hostname: "access-analyzer-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ Hostname: "access-analyzer-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer-fips.us-west-2.amazonaws.com", + }, + }, + }, + "account": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "account.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, "acm": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "ca-central-1-fips": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ Hostname: "acm-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "acm-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.us-east-1.amazonaws.com", }, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ Hostname: "acm-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.us-east-2.amazonaws.com", }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ Hostname: "acm-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ Hostname: "acm-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-fips.us-west-2.amazonaws.com", }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ Hostname: "acm-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, }, }, "acm-pca": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ Hostname: "acm-pca-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "acm-pca-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ Hostname: "acm-pca-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ Hostname: "acm-pca-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ Hostname: "acm-pca-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ Hostname: "acm-pca-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + }, + }, + "agreement-marketplace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, }, }, "airflow": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "amplify": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "amplifybackend": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "amplifyuibuilder": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "aoss": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, "api.detective": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "api.detective-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "api.detective-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, }, }, "api.ecr": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ Hostname: "api.ecr.af-south-1.amazonaws.com", CredentialScope: credentialScope{ Region: "af-south-1", }, }, - "ap-east-1": endpoint{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{ Hostname: "api.ecr.ap-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-east-1", }, }, - "ap-northeast-1": endpoint{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ Hostname: "api.ecr.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-northeast-1", }, }, - "ap-northeast-2": endpoint{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ Hostname: "api.ecr.ap-northeast-2.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-northeast-2", }, }, - "ap-south-1": endpoint{ + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "api.ecr.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ Hostname: "api.ecr.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-south-1", }, }, - "ap-southeast-1": endpoint{ + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "api.ecr.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ Hostname: "api.ecr.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-southeast-1", }, }, - "ap-southeast-2": endpoint{ + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ Hostname: "api.ecr.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-southeast-2", }, }, - "ca-central-1": endpoint{ + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "api.ecr.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "api.ecr.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ Hostname: "api.ecr.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, }, - "eu-central-1": endpoint{ + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "api.ecr.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "dkr-us-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-east-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-west-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ Hostname: "api.ecr.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-central-1", }, }, - "eu-north-1": endpoint{ + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "api.ecr.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ Hostname: "api.ecr.eu-north-1.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-north-1", }, }, - "eu-south-1": endpoint{ + endpointKey{ + Region: "eu-south-1", + }: endpoint{ Hostname: "api.ecr.eu-south-1.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-south-1", }, }, - "eu-west-1": endpoint{ + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "api.ecr.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ Hostname: "api.ecr.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-west-1", }, }, - "eu-west-2": endpoint{ + endpointKey{ + Region: "eu-west-2", + }: endpoint{ Hostname: "api.ecr.eu-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-west-2", }, }, - "eu-west-3": endpoint{ + endpointKey{ + Region: "eu-west-3", + }: endpoint{ Hostname: "api.ecr.eu-west-3.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-west-3", }, }, - "fips-dkr-us-east-1": endpoint{ + endpointKey{ + Region: "fips-dkr-us-east-1", + }: endpoint{ Hostname: "ecr-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-dkr-us-east-2": endpoint{ + endpointKey{ + Region: "fips-dkr-us-east-2", + }: endpoint{ Hostname: "ecr-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-dkr-us-west-1": endpoint{ + endpointKey{ + Region: "fips-dkr-us-west-1", + }: endpoint{ Hostname: "ecr-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-dkr-us-west-2": endpoint{ + endpointKey{ + Region: "fips-dkr-us-west-2", + }: endpoint{ Hostname: "ecr-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ Hostname: "ecr-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ Hostname: "ecr-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ Hostname: "ecr-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ Hostname: "ecr-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "api.ecr.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "api.ecr.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, }, - "me-south-1": endpoint{ + endpointKey{ + Region: "me-south-1", + }: endpoint{ Hostname: "api.ecr.me-south-1.amazonaws.com", CredentialScope: credentialScope{ Region: "me-south-1", }, }, - "sa-east-1": endpoint{ + endpointKey{ + Region: "sa-east-1", + }: endpoint{ Hostname: "api.ecr.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "sa-east-1", }, }, - "us-east-1": endpoint{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ Hostname: "api.ecr.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "us-east-2": endpoint{ + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ Hostname: "api.ecr.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, }, - "us-west-1": endpoint{ + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ Hostname: "api.ecr.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, }, - "us-west-2": endpoint{ + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ Hostname: "api.ecr.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "api.ecr-public": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "api.ecr-public.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "api.ecr-public.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "api.elastic-inference": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ Hostname: "api.elastic-inference.ap-northeast-1.amazonaws.com", }, - "ap-northeast-2": endpoint{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ Hostname: "api.elastic-inference.ap-northeast-2.amazonaws.com", }, - "eu-west-1": endpoint{ + endpointKey{ + Region: "eu-west-1", + }: endpoint{ Hostname: "api.elastic-inference.eu-west-1.amazonaws.com", }, - "us-east-1": endpoint{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ Hostname: "api.elastic-inference.us-east-1.amazonaws.com", }, - "us-east-2": endpoint{ + endpointKey{ + Region: "us-east-2", + }: endpoint{ Hostname: "api.elastic-inference.us-east-2.amazonaws.com", }, - "us-west-2": endpoint{ + endpointKey{ + Region: "us-west-2", + }: endpoint{ Hostname: "api.elastic-inference.us-west-2.amazonaws.com", }, }, }, - "api.mediatailor": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "api.pricing": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "pricing", + "api.fleethub.iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, }, - }, - Endpoints: endpoints{ - "ap-south-1": endpoint{}, - "us-east-1": endpoint{}, - }, - }, - "api.sagemaker": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com", + }, + }, + }, + "api.iotdeviceadvisor": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "api.iotdeviceadvisor.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", }, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com", + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "api.iotdeviceadvisor.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "api.iotdeviceadvisor.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "api.iotdeviceadvisor.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, }, }, }, - "apigateway": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "app-integrations": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "api.iotwireless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "api.iotwireless.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "api.iotwireless.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "api.iotwireless.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "api.iotwireless.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "api.iotwireless.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, - "appflow": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "api.mediatailor": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "application-autoscaling": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "appmesh": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "appstream2": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - CredentialScope: credentialScope{ - Service: "appstream", - }, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "fips": endpoint{ - Hostname: "appstream2-fips.us-west-2.amazonaws.com", + "api.pricing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ CredentialScope: credentialScope{ - Region: "us-west-2", + Service: "pricing", }, }, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "appsync": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "athena": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "autoscaling": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "autoscaling-plans": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, - }, - "backup": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, }, }, - "batch": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "fips.batch.us-east-1.amazonaws.com", + "api.sagemaker": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "api-fips.sagemaker.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "fips.batch.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "api-fips.sagemaker.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "fips.batch.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com", }, - "fips-us-west-2": endpoint{ - Hostname: "fips.batch.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "api-fips.sagemaker.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "budgets": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "budgets.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com", }, - }, - }, - "ce": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "ce.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "api-fips.sagemaker.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-west-2", }, - }, - }, - }, - "chime": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "chime.us-east-1.amazonaws.com", - Protocols: []string{"https"}, + Deprecated: boxedTrue, + }, + }, + }, + "api.tunneling.iot": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - }, - }, - "cloud9": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "clouddirectory": service{ - - Endpoints: endpoints{ - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "cloudformation": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "cloudformation-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "cloudformation-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "cloudformation-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "cloudformation-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com", }, }, }, - "cloudfront": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "cloudfront.amazonaws.com", - Protocols: []string{"http", "https"}, + "apigateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "apigateway-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - }, - }, - "cloudhsm": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "cloudhsmv2": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "cloudhsm", - }, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "cloudsearch": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "cloudtrail": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "cloudtrail-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "apigateway-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "apigateway-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "cloudtrail-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "apigateway-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "cloudtrail-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "apigateway-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "cloudtrail-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "apigateway-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apigateway-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "codeartifact": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "app-integrations": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "appconfig": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "appconfigdata": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "codebuild": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "codebuild-fips.us-east-1.amazonaws.com", + "appflow": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "codebuild-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "codebuild-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "codebuild-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", }, }, }, - "codecommit": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips": endpoint{ - Hostname: "codecommit-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, + "application-autoscaling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "applicationinsights": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "codedeploy": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "codedeploy-fips.us-east-1.amazonaws.com", + "appmesh": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appmesh-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "appmesh-fips.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "appmesh-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "appmesh-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, - }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "codedeploy-fips.us-east-2.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "appmesh-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, - }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "codedeploy-fips.us-west-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "appmesh-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, - }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "codedeploy-fips.us-west-2.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "appmesh-fips.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "appmesh-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, - }, - }, - }, - "codepipeline": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "codepipeline-fips.ca-central-1.amazonaws.com", + Deprecated: boxedTrue, + }, + }, + }, + "apprunner": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "apprunner-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ - Hostname: "codepipeline-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "apprunner-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "codepipeline-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "apprunner-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apprunner-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apprunner-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "apprunner-fips.us-west-2.amazonaws.com", }, - "fips-us-west-1": endpoint{ - Hostname: "codepipeline-fips.us-west-1.amazonaws.com", + }, + }, + "appstream2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, CredentialScope: credentialScope{ - Region: "us-west-1", + Service: "appstream", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "appstream2-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appstream2-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "appstream2-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appstream2-fips.us-west-2.amazonaws.com", }, - "fips-us-west-2": endpoint{ - Hostname: "codepipeline-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "appstream2-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "codestar": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "appsync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "aps": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, }, - }, - "codestar-connections": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "cognito-identity": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "cognito-identity-fips.us-east-1.amazonaws.com", + "athena": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.eu-west-3.api.aws", + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "athena-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "cognito-identity-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "athena-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "cognito-identity-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "athena-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "cognito-idp": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "cognito-idp-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "athena-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-west-2.api.aws", + }, + }, + }, + "auditmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "auditmanager-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "auditmanager-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "cognito-idp-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "auditmanager-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "auditmanager-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "cognito-idp-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "auditmanager-fips.us-west-1.amazonaws.com", }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "cognito-sync": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "comprehend": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "comprehend-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "auditmanager-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "comprehend-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "auditmanager-fips.us-west-2.amazonaws.com", }, - "fips-us-west-2": endpoint{ - Hostname: "comprehend-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "auditmanager-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, }, }, - "comprehendmedical": service{ - - Endpoints: endpoints{ - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + "autoscaling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, }, - "fips-us-east-2": endpoint{ - Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com", + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "config": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "config-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "config-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "config-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "config-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "connect": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "contact-lens": service{ - - Endpoints: endpoints{ - "ap-southeast-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "cur": service{ - - Endpoints: endpoints{ - "us-east-1": endpoint{}, - }, - }, - "data.mediastore": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "autoscaling-plans": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, }, - }, - "dataexchange": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "datapipeline": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "backup": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "backup-gateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "datasync": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "datasync-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - }, - "fips-us-east-1": endpoint{ - Hostname: "datasync-fips.us-east-1.amazonaws.com", + "batch": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.batch.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "fips.batch.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "datasync-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "fips.batch.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "datasync-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "fips.batch.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "datasync-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "fips.batch.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.batch.us-east-1.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "dax": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "devicefarm": service{ - - Endpoints: endpoints{ - "us-west-2": endpoint{}, - }, - }, - "directconnect": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "directconnect-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - }, - "fips-us-east-2": endpoint{ - Hostname: "directconnect-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - }, - "fips-us-west-1": endpoint{ - Hostname: "directconnect-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.batch.us-east-2.amazonaws.com", }, - "fips-us-west-2": endpoint{ - Hostname: "directconnect-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.batch.us-west-1.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "discovery": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "dms": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "dms-fips": endpoint{ - Hostname: "dms-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.batch.us-west-2.amazonaws.com", }, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "docdb": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{ - Hostname: "rds.ap-northeast-1.amazonaws.com", + "bedrock": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "bedrock-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-northeast-1", }, }, - "ap-northeast-2": endpoint{ - Hostname: "rds.ap-northeast-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-northeast-2", - }, - }, - "ap-south-1": endpoint{ - Hostname: "rds.ap-south-1.amazonaws.com", + endpointKey{ + Region: "bedrock-ap-south-1", + }: endpoint{ + Hostname: "bedrock.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-south-1", }, }, - "ap-southeast-1": endpoint{ - Hostname: "rds.ap-southeast-1.amazonaws.com", + endpointKey{ + Region: "bedrock-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-southeast-1", }, }, - "ap-southeast-2": endpoint{ - Hostname: "rds.ap-southeast-2.amazonaws.com", + endpointKey{ + Region: "bedrock-ap-southeast-2", + }: endpoint{ + Hostname: "bedrock.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ Region: "ap-southeast-2", }, }, - "ca-central-1": endpoint{ - Hostname: "rds.ca-central-1.amazonaws.com", + endpointKey{ + Region: "bedrock-ca-central-1", + }: endpoint{ + Hostname: "bedrock.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, }, - "eu-central-1": endpoint{ - Hostname: "rds.eu-central-1.amazonaws.com", + endpointKey{ + Region: "bedrock-eu-central-1", + }: endpoint{ + Hostname: "bedrock.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-central-1", }, }, - "eu-west-1": endpoint{ - Hostname: "rds.eu-west-1.amazonaws.com", + endpointKey{ + Region: "bedrock-eu-west-1", + }: endpoint{ + Hostname: "bedrock.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-west-1", }, }, - "eu-west-2": endpoint{ - Hostname: "rds.eu-west-2.amazonaws.com", + endpointKey{ + Region: "bedrock-eu-west-2", + }: endpoint{ + Hostname: "bedrock.eu-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-west-2", }, }, - "eu-west-3": endpoint{ - Hostname: "rds.eu-west-3.amazonaws.com", + endpointKey{ + Region: "bedrock-eu-west-3", + }: endpoint{ + Hostname: "bedrock.eu-west-3.amazonaws.com", CredentialScope: credentialScope{ Region: "eu-west-3", }, }, - "sa-east-1": endpoint{ - Hostname: "rds.sa-east-1.amazonaws.com", + endpointKey{ + Region: "bedrock-fips-ca-central-1", + }: endpoint{ + Hostname: "bedrock-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "sa-east-1", + Region: "ca-central-1", }, }, - "us-east-1": endpoint{ - Hostname: "rds.us-east-1.amazonaws.com", + endpointKey{ + Region: "bedrock-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "us-east-2": endpoint{ - Hostname: "rds.us-east-2.amazonaws.com", + endpointKey{ + Region: "bedrock-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-west-2", }, }, - "us-west-2": endpoint{ - Hostname: "rds.us-west-2.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ap-northeast-1", }, }, - }, - }, - "ds": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "ds-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-ap-south-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "ap-south-1", }, }, - "fips-us-east-1": endpoint{ - Hostname: "ds-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-southeast-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "ds-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-ap-southeast-2", + }: endpoint{ + Hostname: "bedrock-runtime.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ap-southeast-2", }, }, - "fips-us-west-1": endpoint{ - Hostname: "ds-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-ca-central-1", + }: endpoint{ + Hostname: "bedrock-runtime.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ca-central-1", }, }, - "fips-us-west-2": endpoint{ - Hostname: "ds-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-eu-central-1", + }: endpoint{ + Hostname: "bedrock-runtime.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "eu-central-1", }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "dynamodb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "ca-central-1-fips": endpoint{ - Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-eu-west-1", + }: endpoint{ + Hostname: "bedrock-runtime.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "eu-west-1", }, }, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "local": endpoint{ - Hostname: "localhost:8000", - Protocols: []string{"http"}, + endpointKey{ + Region: "bedrock-runtime-eu-west-2", + }: endpoint{ + Hostname: "bedrock-runtime.eu-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "eu-west-2", }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "dynamodb-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-eu-west-3", + }: endpoint{ + Hostname: "bedrock-runtime.eu-west-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "eu-west-3", }, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "dynamodb-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-fips-ca-central-1", + }: endpoint{ + Hostname: "bedrock-runtime-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ca-central-1", }, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "dynamodb-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-east-1", }, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "dynamodb-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, }, - }, - }, - "ebs": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "ebs-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-sa-east-1", + }: endpoint{ + Hostname: "bedrock-runtime.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "sa-east-1", }, }, - "fips-us-east-1": endpoint{ - Hostname: "ebs-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "ebs-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "bedrock-runtime-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-west-2", }, }, - "fips-us-west-1": endpoint{ - Hostname: "ebs-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "bedrock-sa-east-1", + }: endpoint{ + Hostname: "bedrock.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "sa-east-1", }, }, - "fips-us-west-2": endpoint{ - Hostname: "ebs-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "bedrock-us-east-1", + }: endpoint{ + Hostname: "bedrock.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-east-1", }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "ec2": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "ec2-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "bedrock-us-west-2", + }: endpoint{ + Hostname: "bedrock.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-west-2", }, }, - "fips-us-east-1": endpoint{ - Hostname: "ec2-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "billingconductor": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "billingconductor.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "ec2-fips.us-east-2.amazonaws.com", + }, + }, + "braket": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "budgets": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "budgets.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-east-1", }, }, - "fips-us-west-1": endpoint{ - Hostname: "ec2-fips.us-west-1.amazonaws.com", + }, + }, + "cases": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{}, + }, + }, + "cassandra": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "cassandra-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "ec2-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "cassandra-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, - }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra-fips.us-west-2.amazonaws.com", + }, + }, + }, + "catalog.marketplace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, }, }, - "ec2metadata": service{ + "ce": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, - "ecs": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "ecs-fips.us-east-1.amazonaws.com", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "ce.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "ecs-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, + }, + }, + "chime": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, }, - "fips-us-west-1": endpoint{ - Hostname: "ecs-fips.us-west-1.amazonaws.com", + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "chime.us-east-1.amazonaws.com", + Protocols: []string{"https"}, CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-east-1", }, }, - "fips-us-west-2": endpoint{ - Hostname: "ecs-fips.us-west-2.amazonaws.com", + }, + }, + "cleanrooms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "cloud9": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloud9-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloud9-fips.ca-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "cloud9-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "eks": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "fips.eks.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "cloud9-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "fips.eks.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "cloud9-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "fips.eks.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "cloud9-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "fips.eks.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "cloud9-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloud9-fips.us-west-2.api.aws", + }, + }, + }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.ca-west-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.eu-west-3.api.aws", + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "elasticache": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips": endpoint{ - Hostname: "elasticache-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "elasticbeanstalk": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-west-2.api.aws", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "elasticfilesystem": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-af-south-1": endpoint{ - Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "af-south-1", - }, + "clouddirectory": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "cloudformation": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudformation-fips.us-east-1.amazonaws.com", }, - "fips-ap-east-1": endpoint{ - Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com", + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "cloudformation-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-east-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-1": endpoint{ - Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudformation-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "cloudformation-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-2": endpoint{ - Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudformation-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "cloudformation-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-ap-south-1": endpoint{ - Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudformation-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "cloudformation-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-south-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-ap-southeast-1": endpoint{ - Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com", + }, + }, + "cloudfront": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "cloudfront.amazonaws.com", + Protocols: []string{"http", "https"}, CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "us-east-1", }, }, - "fips-ap-southeast-2": endpoint{ - Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com", + }, + }, + "cloudhsm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "cloudhsmv2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "cloudhsm", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "cloudsearch": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "cloudtrail": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "cloudtrail-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ca-central-1": endpoint{ - Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "cloudtrail-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-eu-central-1": endpoint{ - Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "cloudtrail-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-eu-north-1": endpoint{ - Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "cloudtrail-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-north-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudtrail-fips.us-east-1.amazonaws.com", }, - "fips-eu-south-1": endpoint{ - Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudtrail-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudtrail-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudtrail-fips.us-west-2.amazonaws.com", + }, + }, + }, + "cloudtrail-data": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "codeartifact": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "codebuild": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codebuild-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "codebuild-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-south-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-eu-west-1": endpoint{ - Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codebuild-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "codebuild-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-eu-west-2": endpoint{ - Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codebuild-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "codebuild-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-eu-west-3": endpoint{ - Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codebuild-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "codebuild-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-3", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-me-south-1": endpoint{ - Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com", + }, + }, + "codecatalyst": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "codecatalyst.global.api.aws", + }, + }, + }, + "codecommit": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codecommit-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "codecommit-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "me-south-1", + Region: "ca-central-1", }, - }, - "fips-sa-east-1": endpoint{ - Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "codecommit-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "sa-east-1", + Region: "ca-central-1", }, - }, - "fips-us-east-1": endpoint{ - Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codecommit-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "codecommit-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codecommit-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "codecommit-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codecommit-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "codecommit-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codecommit-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "codecommit-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "elasticloadbalancing": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com", + "codedeploy": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codedeploy-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "codedeploy-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codedeploy-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "codedeploy-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codedeploy-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "codedeploy-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codedeploy-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "codedeploy-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, - }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + Deprecated: boxedTrue, + }, + }, + }, + "codeguru-reviewer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "elasticmapreduce": service{ - Defaults: endpoint{ - SSLCommonName: "{region}.{service}.{dnsSuffix}", - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{ - SSLCommonName: "{service}.{region}.{dnsSuffix}", + "codepipeline": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.ca-central-1.amazonaws.com", }, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "codepipeline-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ - Hostname: "elasticmapreduce-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "codepipeline-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "codepipeline-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "codepipeline-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "codepipeline-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-east-1.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{ - SSLCommonName: "{service}.{region}.{dnsSuffix}", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-east-2.amazonaws.com", }, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "elastictranscoder": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "email": service{ - - Endpoints: endpoints{ - "ap-south-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "emr-containers": service{ - - Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "entitlement.marketplace": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "aws-marketplace", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-west-2.amazonaws.com", }, }, - Endpoints: endpoints{ - "us-east-1": endpoint{}, + }, + "codestar": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "es": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips": endpoint{ - Hostname: "es-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, - }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "codestar-connections": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "codestar-notifications": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "events": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "events-fips.us-east-1.amazonaws.com", + "cognito-identity": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "cognito-identity-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "events-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "cognito-identity-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "events-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "events-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-identity-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-identity-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-identity-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "firehose": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "firehose-fips.us-east-1.amazonaws.com", + "cognito-idp": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "cognito-idp-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "firehose-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "cognito-idp-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "firehose-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "cognito-idp-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "firehose-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "cognito-idp-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-idp-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-idp-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-idp-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-idp-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "fms": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-af-south-1": endpoint{ - Hostname: "fms-fips.af-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "af-south-1", - }, + "cognito-sync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "comprehend": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, }, - "fips-ap-east-1": endpoint{ - Hostname: "fms-fips.ap-east-1.amazonaws.com", + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "comprehend-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-east-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-1": endpoint{ - Hostname: "fms-fips.ap-northeast-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "comprehend-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-2": endpoint{ - Hostname: "fms-fips.ap-northeast-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "comprehend-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-2", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-ap-south-1": endpoint{ - Hostname: "fms-fips.ap-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-south-1", - }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehend-fips.us-east-1.amazonaws.com", }, - "fips-ap-southeast-1": endpoint{ - Hostname: "fms-fips.ap-southeast-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-southeast-1", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehend-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehend-fips.us-west-2.amazonaws.com", + }, + }, + }, + "comprehendmedical": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehendmedical-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "comprehendmedical-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "fips-ap-southeast-2": endpoint{ - Hostname: "fms-fips.ap-southeast-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ca-central-1": endpoint{ - Hostname: "fms-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-eu-central-1": endpoint{ - Hostname: "fms-fips.eu-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-eu-south-1": endpoint{ - Hostname: "fms-fips.eu-south-1.amazonaws.com", + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehendmedical-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehendmedical-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehendmedical-fips.us-west-2.amazonaws.com", + }, + }, + }, + "compute-optimizer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "compute-optimizer.af-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-south-1", + Region: "af-south-1", }, }, - "fips-eu-west-1": endpoint{ - Hostname: "fms-fips.eu-west-1.amazonaws.com", + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "compute-optimizer.ap-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "ap-east-1", }, }, - "fips-eu-west-2": endpoint{ - Hostname: "fms-fips.eu-west-2.amazonaws.com", + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "compute-optimizer.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "ap-northeast-1", }, }, - "fips-eu-west-3": endpoint{ - Hostname: "fms-fips.eu-west-3.amazonaws.com", + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "compute-optimizer.ap-northeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-3", + Region: "ap-northeast-2", }, }, - "fips-me-south-1": endpoint{ - Hostname: "fms-fips.me-south-1.amazonaws.com", + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "compute-optimizer.ap-northeast-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "me-south-1", + Region: "ap-northeast-3", }, }, - "fips-sa-east-1": endpoint{ - Hostname: "fms-fips.sa-east-1.amazonaws.com", + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "compute-optimizer.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "sa-east-1", + Region: "ap-south-1", }, }, - "fips-us-east-1": endpoint{ - Hostname: "fms-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "compute-optimizer.ap-south-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-south-2", }, }, - "fips-us-east-2": endpoint{ - Hostname: "fms-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ap-southeast-1", }, }, - "fips-us-west-1": endpoint{ - Hostname: "fms-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ap-southeast-2", }, }, - "fips-us-west-2": endpoint{ - Hostname: "fms-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ap-southeast-3", }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "forecast": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "forecastquery": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "fsx": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "gamelift": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "glacier": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "glacier-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "compute-optimizer.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, }, - "fips-us-east-1": endpoint{ - Hostname: "glacier-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "compute-optimizer.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "eu-central-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "glacier-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-central-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "eu-central-2", }, }, - "fips-us-west-1": endpoint{ - Hostname: "glacier-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "compute-optimizer.eu-north-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "eu-north-1", }, }, - "fips-us-west-2": endpoint{ - Hostname: "glacier-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "compute-optimizer.eu-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "eu-south-1", }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "glue": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "glue-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-south-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "eu-south-2", }, }, - "fips-us-east-2": endpoint{ - Hostname: "glue-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "compute-optimizer.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "eu-west-1", }, }, - "fips-us-west-1": endpoint{ - Hostname: "glue-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "eu-west-2", }, }, - "fips-us-west-2": endpoint{ - Hostname: "glue-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "compute-optimizer.eu-west-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "eu-west-3", }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "greengrass": service{ - IsRegionalized: boxedTrue, - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "groundstation": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "fips-us-east-2": endpoint{ - Hostname: "groundstation-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "compute-optimizer.il-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "il-central-1", }, }, - "fips-us-west-2": endpoint{ - Hostname: "groundstation-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "compute-optimizer.me-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "me-central-1", }, }, - "me-south-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "guardduty": service{ - IsRegionalized: boxedTrue, - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "guardduty-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "compute-optimizer.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "compute-optimizer.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "compute-optimizer.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "guardduty-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "compute-optimizer.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "guardduty-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "compute-optimizer.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "guardduty-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "compute-optimizer.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, }, }, }, - "health": service{ - - Endpoints: endpoints{ - "fips-us-east-2": endpoint{ - Hostname: "health-fips.us-east-2.amazonaws.com", + "config": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "config-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "config-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "config-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "config-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "config-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "config-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "config-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "config-fips.us-west-2.amazonaws.com", }, }, }, - "healthlake": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "us-east-1": endpoint{}, - }, - }, - "honeycode": service{ - - Endpoints: endpoints{ - "us-west-2": endpoint{}, - }, - }, - "iam": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "iam.amazonaws.com", + "connect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "connect-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "iam-fips": endpoint{ - Hostname: "iam-fips.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "connect-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-fips.us-west-2.amazonaws.com", + }, + }, + }, + "connect-campaigns": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "connect-campaigns-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - }, - }, - "identitystore": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "importexport": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "importexport.amazonaws.com", - SignatureVersions: []string{"v2", "v4"}, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "connect-campaigns-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", - Service: "IngestionService", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-campaigns-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect-campaigns-fips.us-west-2.amazonaws.com", }, }, }, - "inspector": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "inspector-fips.us-east-1.amazonaws.com", + "contact-lens": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "controltower": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "controltower-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "controltower-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "controltower-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "inspector-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "controltower-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "inspector-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "controltower-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "inspector-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "controltower-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "iot": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", - }, - }, - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "iotanalytics": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "cost-optimization-hub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "cost-optimization-hub.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, }, }, - "iotevents": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "cur": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, }, }, - "ioteventsdata": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{ - Hostname: "data.iotevents.ap-northeast-1.amazonaws.com", + "data-ats.iot": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, CredentialScope: credentialScope{ - Region: "ap-northeast-1", - }, - }, - "ap-northeast-2": endpoint{ - Hostname: "data.iotevents.ap-northeast-2.amazonaws.com", + Service: "iotdata", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iot-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "data.iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "iotdata", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "data.iot-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "iotdata", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "data.iot-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Service: "iotdata", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "data.iot-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "iotdata", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "data.iot-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Service: "iotdata", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iot-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iot-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iot-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iot-fips.us-west-2.amazonaws.com", + }, + }, + }, + "data.jobs.iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "data.jobs.iot-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "ap-southeast-1": endpoint{ - Hostname: "data.iotevents.ap-southeast-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "ap-southeast-2": endpoint{ - Hostname: "data.iotevents.ap-southeast-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "eu-central-1": endpoint{ - Hostname: "data.iotevents.eu-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "eu-west-1": endpoint{ - Hostname: "data.iotevents.eu-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-west-2.amazonaws.com", }, - "eu-west-2": endpoint{ - Hostname: "data.iotevents.eu-west-2.amazonaws.com", + }, + }, + "data.mediastore": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "databrew": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "databrew-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{ - Hostname: "data.iotevents.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "databrew-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{ - Hostname: "data.iotevents.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "databrew-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{ - Hostname: "data.iotevents.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "databrew-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "databrew-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "databrew-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "databrew-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "databrew-fips.us-west-2.amazonaws.com", }, }, }, - "iotsecuredtunneling": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "dataexchange": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "iotthingsgraph": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "iotthingsgraph", - }, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "datapipeline": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "iotwireless": service{ - - Endpoints: endpoints{ - "eu-west-1": endpoint{ - Hostname: "api.iotwireless.eu-west-1.amazonaws.com", + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "datasync-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{ - Hostname: "api.iotwireless.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "datasync-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "kafka": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "kinesis": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "kinesis-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "datasync-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "kinesis-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "datasync-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "kinesis-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "datasync-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "kinesis-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "datasync-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "kinesisanalytics": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "datazone.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "datazone.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "datazone.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "datazone.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "datazone.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "datazone.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "datazone.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "datazone.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "datazone.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "datazone.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "datazone.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "datazone.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "datazone.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "datazone.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "datazone.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "datazone.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "datazone.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "datazone.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "datazone.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "datazone.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "datazone.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "datazone.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "datazone.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "datazone.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "datazone.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "datazone.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "datazone.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "datazone.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "datazone.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-west-2.amazonaws.com", + }, }, }, - "kinesisvideo": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "dax": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "kms": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "devicefarm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "lakeformation": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "lakeformation-fips.us-east-1.amazonaws.com", + "devops-guru": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "devops-guru-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "devops-guru-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "lakeformation-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "devops-guru-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "lakeformation-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "devops-guru-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "lakeformation-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "devops-guru-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "devops-guru-fips.us-west-2.amazonaws.com", }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "lambda": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "lambda-fips.us-east-1.amazonaws.com", + "directconnect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "directconnect-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "directconnect-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "directconnect-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "lambda-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "directconnect-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "lambda-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "directconnect-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "lambda-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "directconnect-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "license-manager": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "license-manager-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - }, - "fips-us-east-2": endpoint{ - Hostname: "license-manager-fips.us-east-2.amazonaws.com", + "discovery": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "dlm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "dms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "dms", + }: endpoint{ CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "license-manager-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "dms", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "license-manager-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "dms-fips", + }: endpoint{ + Hostname: "dms-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-west-1", }, - }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "lightsail": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "logs": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "logs-fips.us-east-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "dms-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "logs-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "dms-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "logs-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "dms-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "logs-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "dms-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "lookoutvision": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "machinelearning": service{ - - Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, }, }, - "macie": service{ - - Endpoints: endpoints{ - "fips-us-east-1": endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", + "docdb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "rds.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-northeast-1", }, }, - "fips-us-west-2": endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "rds.ap-northeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ap-northeast-2", }, }, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "macie2": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "macie2-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "rds.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-south-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "macie2-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "rds.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ap-southeast-1", }, }, - "fips-us-west-1": endpoint{ - Hostname: "macie2-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "rds.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ap-southeast-2", }, }, - "fips-us-west-2": endpoint{ - Hostname: "macie2-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "rds.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ca-central-1", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "managedblockchain": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - }, - }, - "marketplacecommerceanalytics": service{ - - Endpoints: endpoints{ - "us-east-1": endpoint{}, - }, - }, - "mediaconnect": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "mediaconvert": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "rds.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "eu-central-1", }, }, - "fips-us-east-1": endpoint{ - Hostname: "mediaconvert-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "rds.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "eu-west-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "mediaconvert-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "rds.eu-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "eu-west-2", }, }, - "fips-us-west-1": endpoint{ - Hostname: "mediaconvert-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "rds.eu-west-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "eu-west-3", }, }, - "fips-us-west-2": endpoint{ - Hostname: "mediaconvert-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "rds.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "sa-east-1", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "medialive": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "medialive-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "rds.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "fips-us-east-2": endpoint{ - Hostname: "medialive-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "rds.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, }, - "fips-us-west-2": endpoint{ - Hostname: "medialive-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "rds.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "mediapackage": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "mediastore": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "metering.marketplace": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "aws-marketplace", - }, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "mgh": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "mobileanalytics": service{ - - Endpoints: endpoints{ - "us-east-1": endpoint{}, - }, - }, - "models.lex": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "lex", - }, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "monitoring": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "monitoring-fips.us-east-1.amazonaws.com", + "drs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "drs-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "monitoring-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "drs-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "monitoring-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "drs-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "monitoring-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "drs-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "mq": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "mq-fips.us-east-1.amazonaws.com", + "ds": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ds-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "mq-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ds-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "mq-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ds-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "mq-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ds-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "mturk-requester": service{ - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "sandbox": endpoint{ - Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com", - }, - "us-east-1": endpoint{}, - }, - }, - "neptune": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{ - Hostname: "rds.ap-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ds-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-east-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "ap-northeast-1": endpoint{ - Hostname: "rds.ap-northeast-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ds-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.us-east-1.amazonaws.com", }, - "ap-northeast-2": endpoint{ - Hostname: "rds.ap-northeast-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-northeast-2", - }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.us-east-2.amazonaws.com", }, - "ap-south-1": endpoint{ - Hostname: "rds.ap-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-south-1", - }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.us-west-1.amazonaws.com", }, - "ap-southeast-1": endpoint{ - Hostname: "rds.ap-southeast-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-southeast-1", - }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.us-west-2.amazonaws.com", }, - "ap-southeast-2": endpoint{ - Hostname: "rds.ap-southeast-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-southeast-2", - }, + }, + }, + "dynamodb": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, }, - "ca-central-1": endpoint{ - Hostname: "rds.ca-central-1.amazonaws.com", + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, - }, - "eu-central-1": endpoint{ - Hostname: "rds.eu-central-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "dynamodb-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "local", + }: endpoint{ + Hostname: "localhost:8000", + Protocols: []string{"http"}, CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-east-1", }, }, - "eu-north-1": endpoint{ - Hostname: "rds.eu-north-1.amazonaws.com", + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "dynamodb-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-north-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "eu-west-1": endpoint{ - Hostname: "rds.eu-west-1.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "dynamodb-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "eu-west-2": endpoint{ - Hostname: "rds.eu-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "dynamodb-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "eu-west-3": endpoint{ - Hostname: "rds.eu-west-3.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "dynamodb-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-3", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{ - Hostname: "rds.me-south-1.amazonaws.com", + }, + }, + "ebs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ebs-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "me-south-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "sa-east-1": endpoint{ - Hostname: "rds.sa-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ebs-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "sa-east-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{ - Hostname: "rds.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ebs-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{ - Hostname: "rds.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ebs-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{ - Hostname: "rds.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ebs-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{ - Hostname: "rds.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ebs-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ebs-fips.us-west-2.amazonaws.com", }, }, }, - "oidc": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{ - Hostname: "oidc.ap-northeast-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-northeast-1", - }, + "ec2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, }, - "ap-northeast-2": endpoint{ - Hostname: "oidc.ap-northeast-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-northeast-2", - }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ec2-fips.ca-central-1.amazonaws.com", }, - "ap-south-1": endpoint{ - Hostname: "oidc.ap-south-1.amazonaws.com", + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ec2-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ec2-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-south-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "ap-southeast-1": endpoint{ - Hostname: "oidc.ap-southeast-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ec2-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "ap-southeast-2": endpoint{ - Hostname: "oidc.ap-southeast-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ec2-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "ca-central-1": endpoint{ - Hostname: "oidc.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ec2-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "eu-central-1": endpoint{ - Hostname: "oidc.eu-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ec2-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "eu-north-1": endpoint{ - Hostname: "oidc.eu-north-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ec2-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-north-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ec2-fips.us-east-1.amazonaws.com", }, - "eu-west-1": endpoint{ - Hostname: "oidc.eu-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "eu-west-1", - }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ec2-fips.us-east-2.amazonaws.com", }, - "eu-west-2": endpoint{ - Hostname: "oidc.eu-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "eu-west-2", - }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ec2-fips.us-west-1.amazonaws.com", }, - "us-east-1": endpoint{ - Hostname: "oidc.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ec2-fips.us-west-2.amazonaws.com", + }, + }, + }, + "ecs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ecs-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{ - Hostname: "oidc.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ecs-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{ - Hostname: "oidc.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ecs-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ecs-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecs-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecs-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecs-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecs-fips.us-west-2.amazonaws.com", }, }, }, - "opsworks": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "opsworks-cm": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "edge.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "organizations": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "organizations.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + "eks": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, }, - "fips-aws-global": endpoint{ - Hostname: "organizations-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.eks.{region}.{dnsSuffix}", + Protocols: []string{"http", "https"}, }, }, - }, - "outposts": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "outposts-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - }, - "fips-us-east-1": endpoint{ - Hostname: "outposts-fips.us-east-1.amazonaws.com", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "fips.eks.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "outposts-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "fips.eks.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "outposts-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "fips.eks.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "outposts-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "fips.eks.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.eks.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.eks.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.eks.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.eks.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "pinpoint": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "mobiletargeting", - }, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "pinpoint-fips.us-east-1.amazonaws.com", + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "eks-auth.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "eks-auth.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "eks-auth.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "eks-auth.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "eks-auth.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "eks-auth.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "eks-auth.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "eks-auth.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "eks-auth.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "eks-auth.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "eks-auth.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "eks-auth.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "eks-auth.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "eks-auth.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "eks-auth.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "eks-auth.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "eks-auth.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "eks-auth.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "eks-auth.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "eks-auth.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "eks-auth.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "eks-auth.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "eks-auth.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "eks-auth.us-west-2.api.aws", + }, + }, + }, + "elasticache": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "elasticache-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticache-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "elasticache-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "pinpoint-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticache-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "elasticache-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{ - Hostname: "pinpoint.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticache-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "elasticache-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{ - Hostname: "pinpoint.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticache-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "elasticache-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, }, }, - "polly": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "polly-fips.us-east-1.amazonaws.com", + "elasticbeanstalk": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "polly-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "polly-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "polly-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-east-1.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "portal.sso": service{ - - Endpoints: endpoints{ - "ap-southeast-1": endpoint{ - Hostname: "portal.sso.ap-southeast-1.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk-fips.us-west-2.amazonaws.com", + }, + }, + }, + "elasticfilesystem": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-northeast-3.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-south-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com", + }, + endpointKey{ + Region: "fips-af-south-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.af-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "af-south-1", }, + Deprecated: boxedTrue, }, - "ap-southeast-2": endpoint{ - Hostname: "portal.sso.ap-southeast-2.amazonaws.com", + endpointKey{ + Region: "fips-ap-east-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "ap-east-1", }, + Deprecated: boxedTrue, }, - "ca-central-1": endpoint{ - Hostname: "portal.sso.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-northeast-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "ap-northeast-1", }, + Deprecated: boxedTrue, }, - "eu-central-1": endpoint{ - Hostname: "portal.sso.eu-central-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-northeast-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-northeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "ap-northeast-2", }, + Deprecated: boxedTrue, }, - "eu-west-1": endpoint{ - Hostname: "portal.sso.eu-west-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-northeast-3", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-northeast-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "ap-northeast-3", }, + Deprecated: boxedTrue, }, - "eu-west-2": endpoint{ - Hostname: "portal.sso.eu-west-2.amazonaws.com", + endpointKey{ + Region: "fips-ap-south-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "ap-south-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{ - Hostname: "portal.sso.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-south-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-south-2", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{ - Hostname: "portal.sso.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-ap-southeast-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ap-southeast-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{ - Hostname: "portal.sso.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-ap-southeast-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ap-southeast-2", }, + Deprecated: boxedTrue, }, - }, - }, - "profile": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "projects.iot1click": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "qldb": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "ram": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "rds": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "rds-fips.ca-central-1": endpoint{ - Hostname: "rds-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-southeast-3", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "ap-southeast-3", }, + Deprecated: boxedTrue, }, - "rds-fips.us-east-1": endpoint{ - Hostname: "rds-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ap-southeast-4.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-southeast-4", }, + Deprecated: boxedTrue, }, - "rds-fips.us-east-2": endpoint{ - Hostname: "rds-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "rds-fips.us-west-1": endpoint{ - Hostname: "rds-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "rds-fips.us-west-2": endpoint{ - Hostname: "rds-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-eu-central-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "eu-central-1", }, + Deprecated: boxedTrue, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{ - SSLCommonName: "{service}.{dnsSuffix}", + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "redshift": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "redshift-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-eu-north-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-north-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "eu-north-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ - Hostname: "redshift-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-eu-south-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "eu-south-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "redshift-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-eu-south-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-south-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "eu-south-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "redshift-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-eu-west-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "eu-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "redshift-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-eu-west-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "eu-west-2", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "rekognition": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "rekognition-fips.ca-central-1": endpoint{ - Hostname: "rekognition-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-eu-west-3", + }: endpoint{ + Hostname: "elasticfilesystem-fips.eu-west-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "eu-west-3", }, + Deprecated: boxedTrue, }, - "rekognition-fips.us-east-1": endpoint{ - Hostname: "rekognition-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.il-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "il-central-1", }, + Deprecated: boxedTrue, }, - "rekognition-fips.us-east-2": endpoint{ - Hostname: "rekognition-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-me-central-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.me-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "me-central-1", }, + Deprecated: boxedTrue, }, - "rekognition-fips.us-west-1": endpoint{ - Hostname: "rekognition-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-me-south-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "me-south-1", }, + Deprecated: boxedTrue, }, - "rekognition-fips.us-west-2": endpoint{ - Hostname: "rekognition-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-sa-east-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "sa-east-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "resource-groups": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "resource-groups-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "resource-groups-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "resource-groups-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "resource-groups-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.il-central-1.amazonaws.com", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.me-central-1.amazonaws.com", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.me-south-1.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "robomaker": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "route53": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "route53.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.sa-east-1.amazonaws.com", }, - "fips-aws-global": endpoint{ - Hostname: "route53-fips.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-west-2.amazonaws.com", }, }, }, - "route53domains": service{ - - Endpoints: endpoints{ - "us-east-1": endpoint{}, - }, - }, - "route53resolver": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "runtime.lex": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "lex", + "elasticloadbalancing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, }, }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "runtime.sagemaker": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticloadbalancing-fips.us-west-2.amazonaws.com", }, }, }, - "s3": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedTrue, - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - SignatureVersions: []string{"s3v4"}, - - HasDualStack: boxedTrue, - DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}", - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{ - Hostname: "s3.ap-northeast-1.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, - }, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{ - Hostname: "s3.ap-southeast-1.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + "elasticmapreduce": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "{region}.{service}.{dnsSuffix}", + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com", }, - "ap-southeast-2": endpoint{ - Hostname: "s3.ap-southeast-2.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + SSLCommonName: "{service}.{region}.{dnsSuffix}", }, - "aws-global": endpoint{ - Hostname: "s3.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{ - Hostname: "s3.eu-west-1.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "elasticmapreduce-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, }, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "s3-external-1": endpoint{ - Hostname: "s3-external-1.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "sa-east-1": endpoint{ - Hostname: "s3.sa-east-1.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{ - Hostname: "s3.us-east-1.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-west-1": endpoint{ - Hostname: "s3.us-west-1.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + SSLCommonName: "{service}.{region}.{dnsSuffix}", }, - "us-west-2": endpoint{ - Hostname: "s3.us-west-2.amazonaws.com", - SignatureVersions: []string{"s3", "s3v4"}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-east-1.amazonaws.com", + SSLCommonName: "{service}.{region}.{dnsSuffix}", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce-fips.us-west-2.amazonaws.com", }, }, }, - "s3-control": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - SignatureVersions: []string{"s3v4"}, - - HasDualStack: boxedTrue, - DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}", + "elastictranscoder": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{ - Hostname: "s3-control.ap-northeast-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, - CredentialScope: credentialScope{ - Region: "ap-northeast-1", - }, - }, - "ap-northeast-2": endpoint{ - Hostname: "s3-control.ap-northeast-2.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + }, + "email": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "ap-south-1": endpoint{ - Hostname: "s3-control.ap-south-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "email-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-south-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "ap-southeast-1": endpoint{ - Hostname: "s3-control.ap-southeast-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "ap-southeast-2": endpoint{ - Hostname: "s3-control.ap-southeast-2.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "ca-central-1": endpoint{ - Hostname: "s3-control.ca-central-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "email-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-west-2.amazonaws.com", }, - "ca-central-1-fips": endpoint{ - Hostname: "s3-control-fips.ca-central-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + }, + }, + "emr-containers": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-containers-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "emr-containers-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "eu-central-1": endpoint{ - Hostname: "s3-control.eu-central-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "emr-containers-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "eu-north-1": endpoint{ - Hostname: "s3-control.eu-north-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "emr-containers-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-north-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "eu-west-1": endpoint{ - Hostname: "s3-control.eu-west-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "emr-containers-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "eu-west-2": endpoint{ - Hostname: "s3-control.eu-west-2.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "emr-containers-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "us-west-2", }, - }, - "eu-west-3": endpoint{ - Hostname: "s3-control.eu-west-3.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-containers-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-containers-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-containers-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-containers-fips.us-west-2.amazonaws.com", + }, + }, + }, + "emr-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-serverless-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "emr-serverless-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-3", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "sa-east-1": endpoint{ - Hostname: "s3-control.sa-east-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "emr-serverless-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "sa-east-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{ - Hostname: "s3-control.us-east-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "emr-serverless-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-east-1-fips": endpoint{ - Hostname: "s3-control-fips.us-east-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "emr-serverless-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{ - Hostname: "s3-control.us-east-2.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "emr-serverless-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-serverless-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-serverless-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-serverless-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-serverless-fips.us-west-2.amazonaws.com", }, - "us-east-2-fips": endpoint{ - Hostname: "s3-control-fips.us-east-2.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + }, + }, + "entitlement.marketplace": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ CredentialScope: credentialScope{ - Region: "us-east-2", + Service: "aws-marketplace", }, }, - "us-west-1": endpoint{ - Hostname: "s3-control.us-west-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "es": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-3.api.aws", + }, + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "es-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, - }, - "us-west-1-fips": endpoint{ - Hostname: "s3-control-fips.us-west-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "es-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "es-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{ - Hostname: "s3-control.us-west-2.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "es-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "es-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "es-fips.us-west-1.amazonaws.com", }, - "us-west-2-fips": endpoint{ - Hostname: "s3-control-fips.us-west-2.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "es-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "savingsplans": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "savingsplans.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "es-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "es-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, }, }, - "schemas": service{ - - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "sdb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - SignatureVersions: []string{"v2"}, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-west-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{ - Hostname: "sdb.amazonaws.com", - }, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "secretsmanager": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", + "events": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "events-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "events-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "events-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "events-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events-fips.us-west-2.amazonaws.com", }, }, }, - "securityhub": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "securityhub-fips.us-east-1.amazonaws.com", + "evidently": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "evidently.ap-northeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "evidently.ap-southeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "evidently.ap-southeast-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "evidently.eu-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "evidently.eu-north-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "evidently.eu-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "evidently.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "evidently.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "evidently.us-west-2.amazonaws.com", + }, + }, + }, + "finspace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "finspace-api": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "firehose": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "firehose-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "securityhub-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "firehose-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "securityhub-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "firehose-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "securityhub-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "firehose-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "firehose-fips.us-east-1.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "serverlessrepo": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "ap-east-1": endpoint{ - Protocols: []string{"https"}, - }, - "ap-northeast-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "firehose-fips.us-east-2.amazonaws.com", }, - "ap-northeast-2": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "firehose-fips.us-west-1.amazonaws.com", }, - "ap-south-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "firehose-fips.us-west-2.amazonaws.com", }, - "ap-southeast-1": endpoint{ + }, + }, + "fms": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ Protocols: []string{"https"}, }, - "ap-southeast-2": endpoint{ - Protocols: []string{"https"}, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.af-south-1.amazonaws.com", }, - "ca-central-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ap-east-1.amazonaws.com", }, - "eu-central-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ap-northeast-1.amazonaws.com", }, - "eu-north-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ap-northeast-2.amazonaws.com", }, - "eu-west-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ap-south-1.amazonaws.com", }, - "eu-west-2": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ap-southeast-1.amazonaws.com", }, - "eu-west-3": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ap-southeast-2.amazonaws.com", }, - "me-south-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ca-central-1.amazonaws.com", }, - "sa-east-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.eu-central-1.amazonaws.com", }, - "us-east-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.eu-south-1.amazonaws.com", }, - "us-east-2": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.eu-west-1.amazonaws.com", }, - "us-west-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.eu-west-2.amazonaws.com", }, - "us-west-2": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.eu-west-3.amazonaws.com", }, - }, - }, - "servicecatalog": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "servicecatalog-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-af-south-1", + }: endpoint{ + Hostname: "fms-fips.af-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "af-south-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "servicecatalog-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-ap-east-1", + }: endpoint{ + Hostname: "fms-fips.ap-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ap-east-1", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "servicecatalog-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-northeast-1", + }: endpoint{ + Hostname: "fms-fips.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ap-northeast-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "servicecatalog-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-ap-northeast-2", + }: endpoint{ + Hostname: "fms-fips.ap-northeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ap-northeast-2", }, + Deprecated: boxedTrue, }, - }, - }, - "servicediscovery": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "servicediscovery-fips": endpoint{ - Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-south-1", + }: endpoint{ + Hostname: "fms-fips.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "ap-south-1", }, + Deprecated: boxedTrue, }, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "servicequotas": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "session.qldb": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "shield": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - Defaults: endpoint{ - SSLCommonName: "shield.us-east-1.amazonaws.com", - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "shield.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-southeast-1", + }: endpoint{ + Hostname: "fms-fips.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-southeast-1", }, + Deprecated: boxedTrue, }, - "fips-aws-global": endpoint{ - Hostname: "shield-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ap-southeast-2", + }: endpoint{ + Hostname: "fms-fips.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-southeast-2", }, + Deprecated: boxedTrue, }, - }, - }, - "sms": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "sms-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "fms-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "sms-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "fms-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "sms-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-eu-central-1", + }: endpoint{ + Hostname: "fms-fips.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "eu-central-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "sms-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-eu-south-1", + }: endpoint{ + Hostname: "fms-fips.eu-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "eu-south-1", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "snowball": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ap-northeast-1": endpoint{ - Hostname: "snowball-fips.ap-northeast-1.amazonaws.com", + endpointKey{ + Region: "fips-eu-west-1", + }: endpoint{ + Hostname: "fms-fips.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-1", + Region: "eu-west-1", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-2": endpoint{ - Hostname: "snowball-fips.ap-northeast-2.amazonaws.com", + endpointKey{ + Region: "fips-eu-west-2", + }: endpoint{ + Hostname: "fms-fips.eu-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-2", + Region: "eu-west-2", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-3": endpoint{ - Hostname: "snowball-fips.ap-northeast-3.amazonaws.com", + endpointKey{ + Region: "fips-eu-west-3", + }: endpoint{ + Hostname: "fms-fips.eu-west-3.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-3", + Region: "eu-west-3", }, + Deprecated: boxedTrue, }, - "fips-ap-south-1": endpoint{ - Hostname: "snowball-fips.ap-south-1.amazonaws.com", + endpointKey{ + Region: "fips-me-south-1", + }: endpoint{ + Hostname: "fms-fips.me-south-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-south-1", + Region: "me-south-1", }, + Deprecated: boxedTrue, }, - "fips-ap-southeast-1": endpoint{ - Hostname: "snowball-fips.ap-southeast-1.amazonaws.com", + endpointKey{ + Region: "fips-sa-east-1", + }: endpoint{ + Hostname: "fms-fips.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "sa-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-southeast-2": endpoint{ - Hostname: "snowball-fips.ap-southeast-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "fms-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ca-central-1": endpoint{ - Hostname: "snowball-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "fms-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-eu-central-1": endpoint{ - Hostname: "snowball-fips.eu-central-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "fms-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-eu-west-1": endpoint{ - Hostname: "snowball-fips.eu-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "fms-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.me-south-1.amazonaws.com", }, - "fips-eu-west-2": endpoint{ - Hostname: "snowball-fips.eu-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "eu-west-2", - }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.sa-east-1.amazonaws.com", }, - "fips-eu-west-3": endpoint{ - Hostname: "snowball-fips.eu-west-3.amazonaws.com", - CredentialScope: credentialScope{ - Region: "eu-west-3", - }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.us-east-1.amazonaws.com", }, - "fips-sa-east-1": endpoint{ - Hostname: "snowball-fips.sa-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "sa-east-1", - }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.us-east-2.amazonaws.com", }, - "fips-us-east-1": endpoint{ - Hostname: "snowball-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.us-west-2.amazonaws.com", + }, + }, + }, + "forecast": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "forecast-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "snowball-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "forecast-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "snowball-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, - }, - "fips-us-west-2": endpoint{ - Hostname: "snowball-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "forecast-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "forecast-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "forecast-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "forecast-fips.us-west-2.amazonaws.com", }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "sns": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "sns-fips.us-east-1.amazonaws.com", + "forecastquery": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "forecastquery-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "sns-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "forecastquery-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "sns-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, - }, - "fips-us-west-2": endpoint{ - Hostname: "sns-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "forecastquery-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, - }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "forecastquery-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "forecastquery-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "forecastquery-fips.us-west-2.amazonaws.com", + }, + }, + }, + "frauddetector": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "sqs": service{ - Defaults: endpoint{ - SSLCommonName: "{region}.queue.{dnsSuffix}", - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "sqs-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - }, - "fips-us-east-2": endpoint{ - Hostname: "sqs-fips.us-east-2.amazonaws.com", + "fsx": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "fsx-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "sqs-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "fsx-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "sqs-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-prod-ca-central-1", + }: endpoint{ + Hostname: "fsx-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{ - SSLCommonName: "queue.{dnsSuffix}", - }, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "ssm": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "ssm-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "fips-prod-ca-west-1", + }: endpoint{ + Hostname: "fsx-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ - Hostname: "ssm-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-prod-us-east-1", + }: endpoint{ + Hostname: "fsx-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "ssm-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-prod-us-east-2", + }: endpoint{ + Hostname: "fsx-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "ssm-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-prod-us-west-1", + }: endpoint{ + Hostname: "fsx-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "ssm-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-prod-us-west-2", + }: endpoint{ + Hostname: "fsx-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "states": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "states-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "fsx-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "states-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "fsx-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "states-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "fsx-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "states-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "fsx-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, - }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "storagegateway": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips": endpoint{ - Hostname: "storagegateway-fips.ca-central-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "prod-ca-central-1", + }: endpoint{ CredentialScope: credentialScope{ Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "streams.dynamodb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "dynamodb", - }, - }, - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "ca-central-1-fips": endpoint{ - Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", + endpointKey{ + Region: "prod-ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "local": endpoint{ - Hostname: "localhost:8000", - Protocols: []string{"http"}, + endpointKey{ + Region: "prod-ca-west-1", + }: endpoint{ CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "dynamodb-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "prod-ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.ca-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-west-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "dynamodb-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "prod-us-east-1", + }: endpoint{ CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "dynamodb-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "prod-us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "dynamodb-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "prod-us-east-2", + }: endpoint{ CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - }, - }, - "sts": service{ - PartitionEndpoint: "aws-global", - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "aws-global": endpoint{ - Hostname: "sts.amazonaws.com", + endpointKey{ + Region: "prod-us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "sts-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "prod-us-west-1", + }: endpoint{ CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "sts-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "prod-us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{}, - "us-west-1-fips": endpoint{ - Hostname: "sts-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "prod-us-west-2", + }: endpoint{ CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "sts-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "prod-us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-west-2.amazonaws.com", }, }, }, - "support": service{ - PartitionEndpoint: "aws-global", - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "support.us-east-1.amazonaws.com", + "gamelift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "geo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "glacier": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glacier-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "glacier-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - }, - }, - "swf": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "swf-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "glacier-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "swf-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "glacier-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "swf-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "glacier-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "swf-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "glacier-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glacier-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glacier-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glacier-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glacier-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "tagging": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "globalaccelerator": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "globalaccelerator-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, - "transcribe": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "fips.transcribe.us-east-1.amazonaws.com", + "glue": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "glue-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "fips.transcribe.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "glue-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "fips.transcribe.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "glue-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "fips.transcribe.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "glue-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glue-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glue-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glue-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glue-fips.us-west-2.amazonaws.com", }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "transcribestreaming": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, }, }, - "transfer": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-ca-central-1": endpoint{ - Hostname: "transfer-fips.ca-central-1.amazonaws.com", + "grafana": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "grafana.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "ap-northeast-1", }, }, - "fips-us-east-1": endpoint{ - Hostname: "transfer-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "grafana.ap-northeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ap-northeast-2", }, }, - "fips-us-east-2": endpoint{ - Hostname: "transfer-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "grafana.ap-southeast-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-2", + Region: "ap-southeast-1", }, }, - "fips-us-west-1": endpoint{ - Hostname: "transfer-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "grafana.ap-southeast-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "ap-southeast-2", }, }, - "fips-us-west-2": endpoint{ - Hostname: "transfer-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "grafana.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "eu-central-1", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "translate": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "us-east-1": endpoint{}, - "us-east-1-fips": endpoint{ - Hostname: "translate-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "grafana.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "grafana.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "grafana.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, }, - "us-east-2": endpoint{}, - "us-east-2-fips": endpoint{ - Hostname: "translate-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "grafana.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, }, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, - "us-west-2-fips": endpoint{ - Hostname: "translate-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "grafana.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, }, }, }, - "waf": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-fips": endpoint{ - Hostname: "waf-fips.amazonaws.com", + "greengrass": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "greengrass-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-east-1", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "aws-global": endpoint{ - Hostname: "waf.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "greengrass-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - }, - }, - "waf-regional": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{ - Hostname: "waf-regional.af-south-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "greengrass-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "af-south-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "ap-east-1": endpoint{ - Hostname: "waf-regional.ap-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "greengrass-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-east-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass-fips.us-west-2.amazonaws.com", }, - "ap-northeast-1": endpoint{ - Hostname: "waf-regional.ap-northeast-1.amazonaws.com", + }, + }, + "groundstation": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "groundstation-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "ap-northeast-2": endpoint{ - Hostname: "waf-regional.ap-northeast-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "groundstation-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "ap-south-1": endpoint{ - Hostname: "waf-regional.ap-south-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "groundstation-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-south-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "groundstation-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "groundstation-fips.us-east-2.amazonaws.com", }, - "ap-southeast-1": endpoint{ - Hostname: "waf-regional.ap-southeast-1.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "groundstation-fips.us-west-2.amazonaws.com", + }, + }, + }, + "guardduty": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "guardduty-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "guardduty-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "ap-southeast-2": endpoint{ - Hostname: "waf-regional.ap-southeast-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "guardduty-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "guardduty-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "ca-central-1": endpoint{ - Hostname: "waf-regional.ca-central-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "guardduty-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "guardduty-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "eu-central-1": endpoint{ - Hostname: "waf-regional.eu-central-1.amazonaws.com", + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "guardduty-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "guardduty-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "eu-north-1": endpoint{ - Hostname: "waf-regional.eu-north-1.amazonaws.com", + }, + }, + "health": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "health.us-east-1.amazonaws.com", + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "global.health.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-north-1", + Region: "us-east-1", }, }, - "eu-south-1": endpoint{ - Hostname: "waf-regional.eu-south-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "health-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-south-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "eu-west-1": endpoint{ - Hostname: "waf-regional.eu-west-1.amazonaws.com", + endpointKey{ + Region: "us-east-2", + }: endpoint{ CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "eu-west-2": endpoint{ - Hostname: "waf-regional.eu-west-2.amazonaws.com", + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "health-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "eu-west-3": endpoint{ - Hostname: "waf-regional.eu-west-3.amazonaws.com", + }, + }, + "healthlake": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "iam": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "iam.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-3", + Region: "us-east-1", }, }, - "fips-af-south-1": endpoint{ - Hostname: "waf-regional-fips.af-south-1.amazonaws.com", + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iam-fips.amazonaws.com", CredentialScope: credentialScope{ - Region: "af-south-1", + Region: "us-east-1", }, }, - "fips-ap-east-1": endpoint{ - Hostname: "waf-regional-fips.ap-east-1.amazonaws.com", + endpointKey{ + Region: "aws-global-fips", + }: endpoint{ + Hostname: "iam-fips.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-east-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-1": endpoint{ - Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com", + endpointKey{ + Region: "iam", + }: endpoint{ CredentialScope: credentialScope{ - Region: "ap-northeast-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-northeast-2": endpoint{ - Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com", + endpointKey{ + Region: "iam", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iam-fips.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-northeast-2", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-south-1": endpoint{ - Hostname: "waf-regional-fips.ap-south-1.amazonaws.com", + endpointKey{ + Region: "iam-fips", + }: endpoint{ + Hostname: "iam-fips.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-south-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-southeast-1": endpoint{ - Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com", + }, + }, + "identity-chime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "identity-chime-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "identity-chime-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ap-southeast-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-ap-southeast-2": endpoint{ - Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com", + }, + }, + "identitystore": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "importexport": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "importexport.amazonaws.com", + SignatureVersions: []string{"v2", "v4"}, CredentialScope: credentialScope{ - Region: "ap-southeast-2", + Region: "us-east-1", + Service: "IngestionService", }, }, - "fips-ca-central-1": endpoint{ - Hostname: "waf-regional-fips.ca-central-1.amazonaws.com", + }, + }, + "ingest.timestream": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "ingest-fips-us-east-1", + }: endpoint{ + Hostname: "ingest.timestream-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "ca-central-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-eu-central-1": endpoint{ - Hostname: "waf-regional-fips.eu-central-1.amazonaws.com", + endpointKey{ + Region: "ingest-fips-us-east-2", + }: endpoint{ + Hostname: "ingest.timestream-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-central-1", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-eu-north-1": endpoint{ - Hostname: "waf-regional-fips.eu-north-1.amazonaws.com", + endpointKey{ + Region: "ingest-fips-us-west-2", + }: endpoint{ + Hostname: "ingest.timestream-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-north-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-eu-south-1": endpoint{ - Hostname: "waf-regional-fips.eu-south-1.amazonaws.com", + endpointKey{ + Region: "ingest-us-east-1", + }: endpoint{ CredentialScope: credentialScope{ - Region: "eu-south-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-eu-west-1": endpoint{ - Hostname: "waf-regional-fips.eu-west-1.amazonaws.com", + endpointKey{ + Region: "ingest-us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ingest.timestream-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-1", + Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-eu-west-2": endpoint{ - Hostname: "waf-regional-fips.eu-west-2.amazonaws.com", + endpointKey{ + Region: "ingest-us-east-2", + }: endpoint{ CredentialScope: credentialScope{ - Region: "eu-west-2", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-eu-west-3": endpoint{ - Hostname: "waf-regional-fips.eu-west-3.amazonaws.com", + endpointKey{ + Region: "ingest-us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ingest.timestream-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "eu-west-3", + Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-me-south-1": endpoint{ - Hostname: "waf-regional-fips.me-south-1.amazonaws.com", + endpointKey{ + Region: "ingest-us-west-2", + }: endpoint{ CredentialScope: credentialScope{ - Region: "me-south-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-sa-east-1": endpoint{ - Hostname: "waf-regional-fips.sa-east-1.amazonaws.com", + endpointKey{ + Region: "ingest-us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ingest.timestream-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "sa-east-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "fips-us-east-1": endpoint{ - Hostname: "waf-regional-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "inspector": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "inspector-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "waf-regional-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "inspector-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "waf-regional-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "inspector-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-west-2": endpoint{ - Hostname: "waf-regional-fips.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "inspector-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, }, - "me-south-1": endpoint{ - Hostname: "waf-regional.me-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "me-south-1", - }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector-fips.us-east-1.amazonaws.com", }, - "sa-east-1": endpoint{ - Hostname: "waf-regional.sa-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "sa-east-1", - }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector-fips.us-east-2.amazonaws.com", }, - "us-east-1": endpoint{ - Hostname: "waf-regional.us-east-1.amazonaws.com", + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector-fips.us-west-2.amazonaws.com", + }, + }, + }, + "inspector2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "inspector2-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "us-east-2": endpoint{ - Hostname: "waf-regional.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "inspector2-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "us-west-1": endpoint{ - Hostname: "waf-regional.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "inspector2-fips.us-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-1", }, + Deprecated: boxedTrue, }, - "us-west-2": endpoint{ - Hostname: "waf-regional.us-west-2.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "inspector2-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-west-2.amazonaws.com", + }, + }, + }, + "internetmonitor": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "internetmonitor.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "internetmonitor.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "internetmonitor.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "internetmonitor.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "internetmonitor.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "internetmonitor.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "internetmonitor.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "internetmonitor.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "internetmonitor.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "internetmonitor.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "internetmonitor.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "internetmonitor.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "internetmonitor.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "internetmonitor.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "internetmonitor.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "internetmonitor.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "internetmonitor.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "internetmonitor.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "internetmonitor.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "internetmonitor.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "internetmonitor.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "internetmonitor.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "internetmonitor.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "internetmonitor.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "internetmonitor.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "internetmonitor.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "internetmonitor-fips.us-west-2.amazonaws.com", }, }, }, - "workdocs": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "eu-west-1": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "workdocs-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - }, - "fips-us-west-2": endpoint{ - Hostname: "workdocs-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, + "iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "iot-fips.ca-central-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "iot-fips.us-east-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "iot-fips.us-east-2.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "iot-fips.us-west-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "iot-fips.us-west-2.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-west-2.amazonaws.com", }, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - "workmail": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "iotanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, }, }, - "workspaces": service{ - - Endpoints: endpoints{ - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "workspaces-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - }, - "fips-us-west-2": endpoint{ - Hostname: "workspaces-fips.us-west-2.amazonaws.com", + "iotevents": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotevents-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "iotevents-fips.ca-central-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-2", + Region: "ca-central-1", }, + Deprecated: boxedTrue, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, - }, - }, - "xray": service{ - - Endpoints: endpoints{ - "af-south-1": endpoint{}, - "ap-east-1": endpoint{}, - "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, - "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-south-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "fips-us-east-1": endpoint{ - Hostname: "xray-fips.us-east-1.amazonaws.com", + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "iotevents-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-east-2": endpoint{ - Hostname: "xray-fips.us-east-2.amazonaws.com", + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "iotevents-fips.us-east-2.amazonaws.com", CredentialScope: credentialScope{ Region: "us-east-2", }, + Deprecated: boxedTrue, }, - "fips-us-west-1": endpoint{ - Hostname: "xray-fips.us-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "iotevents-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-west-1", + Region: "us-west-2", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotevents-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotevents-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotevents-fips.us-west-2.amazonaws.com", }, - "fips-us-west-2": endpoint{ - Hostname: "xray-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ + }, + }, + "ioteventsdata": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "data.iotevents.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "data.iotevents.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "data.iotevents.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "data.iotevents.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "data.iotevents.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "data.iotevents.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iotevents-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "data.iotevents.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "data.iotevents.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "data.iotevents.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "data.iotevents-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "data.iotevents-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "data.iotevents-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "data.iotevents-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "data.iotevents.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iotevents-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "data.iotevents.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iotevents-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "data.iotevents.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iotevents-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "iotfleetwise": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "iotsecuredtunneling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-west-2.amazonaws.com", + }, + }, + }, + "iotsitewise": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotsitewise-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "iotsitewise-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "iotsitewise-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "iotsitewise-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "iotsitewise-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotsitewise-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotsitewise-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotsitewise-fips.us-west-2.amazonaws.com", + }, + }, + }, + "iotthingsgraph": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "iotthingsgraph", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "iottwinmaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "api-ap-northeast-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "api-ap-northeast-2", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "api-ap-south-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "api-ap-southeast-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "api-ap-southeast-2", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "api-eu-central-1", + }: endpoint{ + Hostname: "api.iottwinmaker.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "api-eu-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "api-us-east-1", + }: endpoint{ + Hostname: "api.iottwinmaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "api-us-west-2", + }: endpoint{ + Hostname: "api.iottwinmaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "data-ap-northeast-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "data-ap-northeast-2", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "data-ap-south-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "data-ap-southeast-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "data-ap-southeast-2", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "data-eu-central-1", + }: endpoint{ + Hostname: "data.iottwinmaker.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "data-eu-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "data-us-east-1", + }: endpoint{ + Hostname: "data.iottwinmaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "data-us-west-2", + }: endpoint{ + Hostname: "data.iottwinmaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "fips-api-us-east-1", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-api-us-west-2", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-data-us-east-1", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-data-us-west-2", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-west-2.amazonaws.com", + }, + }, + }, + "iotwireless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "api.iotwireless.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "api.iotwireless.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "api.iotwireless.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ Region: "us-west-2", }, }, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, }, }, - }, -} - -// AwsCnPartition returns the Resolver for AWS China. -func AwsCnPartition() Partition { - return awscnPartition.Partition() -} - -var awscnPartition = partition{ - ID: "aws-cn", - Name: "AWS China", - DNSSuffix: "amazonaws.com.cn", - RegionRegex: regionRegex{ - Regexp: func() *regexp.Regexp { - reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$") - return reg - }(), - }, - Defaults: endpoint{ - Hostname: "{service}.{region}.{dnsSuffix}", - Protocols: []string{"https"}, - SignatureVersions: []string{"v4"}, - }, - Regions: regions{ - "cn-north-1": region{ - Description: "China (Beijing)", - }, - "cn-northwest-1": region{ - Description: "China (Ningxia)", - }, - }, - Services: services{ - "access-analyzer": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "ivs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "ivschat": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "ivsrealtime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "kafka": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "kafka-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "kafka-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka-fips.us-west-2.amazonaws.com", + }, + }, + }, + "kafkaconnect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "kendra": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "kendra-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "kendra-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "kendra-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "kendra-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-fips.us-west-2.amazonaws.com", + }, + }, + }, + "kendra-ranking": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "kendra-ranking.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "kendra-ranking.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "kendra-ranking.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "kendra-ranking.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "kendra-ranking.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "kendra-ranking.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "kendra-ranking.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "kendra-ranking.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "kendra-ranking.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "kendra-ranking.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "kendra-ranking.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "kendra-ranking.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "kendra-ranking.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "kendra-ranking.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "kendra-ranking.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "kendra-ranking.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "kendra-ranking.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "kendra-ranking.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "kendra-ranking.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "kendra-ranking.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "kendra-ranking.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "kendra-ranking.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "kendra-ranking.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "kendra-ranking.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "kendra-ranking.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "kendra-ranking.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "kendra-ranking.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-ranking-fips.us-west-2.api.aws", + }, + }, + }, + "kinesis": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "kinesis-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "kinesis-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "kinesis-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "kinesis-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesis-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesis-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesis-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesis-fips.us-west-2.amazonaws.com", + }, + }, + }, + "kinesisanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "kinesisvideo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "kms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ProdFips", + }: endpoint{ + Hostname: "kms-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.af-south-1.amazonaws.com", + }, + endpointKey{ + Region: "af-south-1-fips", + }: endpoint{ + Hostname: "kms-fips.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-east-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-east-1-fips", + }: endpoint{ + Hostname: "kms-fips.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-northeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-1-fips", + }: endpoint{ + Hostname: "kms-fips.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-northeast-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-2-fips", + }: endpoint{ + Hostname: "kms-fips.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-northeast-3.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-3-fips", + }: endpoint{ + Hostname: "kms-fips.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-south-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-1-fips", + }: endpoint{ + Hostname: "kms-fips.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-south-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-2-fips", + }: endpoint{ + Hostname: "kms-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-southeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-1-fips", + }: endpoint{ + Hostname: "kms-fips.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-southeast-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-2-fips", + }: endpoint{ + Hostname: "kms-fips.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-southeast-3.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-3-fips", + }: endpoint{ + Hostname: "kms-fips.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ap-southeast-4.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-4-fips", + }: endpoint{ + Hostname: "kms-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "kms-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "kms-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1-fips", + }: endpoint{ + Hostname: "kms-fips.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-central-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-2-fips", + }: endpoint{ + Hostname: "kms-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-north-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-north-1-fips", + }: endpoint{ + Hostname: "kms-fips.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-south-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-south-1-fips", + }: endpoint{ + Hostname: "kms-fips.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-south-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-south-2-fips", + }: endpoint{ + Hostname: "kms-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-1-fips", + }: endpoint{ + Hostname: "kms-fips.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-west-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-2-fips", + }: endpoint{ + Hostname: "kms-fips.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.eu-west-3.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-3-fips", + }: endpoint{ + Hostname: "kms-fips.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.il-central-1.amazonaws.com", + }, + endpointKey{ + Region: "il-central-1-fips", + }: endpoint{ + Hostname: "kms-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.me-central-1.amazonaws.com", + }, + endpointKey{ + Region: "me-central-1-fips", + }: endpoint{ + Hostname: "kms-fips.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.me-south-1.amazonaws.com", + }, + endpointKey{ + Region: "me-south-1-fips", + }: endpoint{ + Hostname: "kms-fips.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.sa-east-1.amazonaws.com", + }, + endpointKey{ + Region: "sa-east-1-fips", + }: endpoint{ + Hostname: "kms-fips.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "kms-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "kms-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "kms-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "kms-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "lakeformation": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "lakeformation-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "lakeformation-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "lakeformation-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "lakeformation-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-west-2.amazonaws.com", + }, + }, + }, + "lambda": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.eu-west-3.api.aws", + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "lambda-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "lambda-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "lambda-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "lambda-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lambda-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lambda-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lambda-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lambda-fips.us-west-2.amazonaws.com", + }, + }, + }, + "license-manager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "license-manager-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "license-manager-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "license-manager-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "license-manager-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-fips.us-west-2.amazonaws.com", + }, + }, + }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-linux-subscriptions-fips.us-west-2.amazonaws.com", + }, + }, + }, + "license-manager-user-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-user-subscriptions-fips.us-west-2.amazonaws.com", + }, + }, + }, + "lightsail": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "logs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.ca-west-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.eu-west-3.api.aws", + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "logs-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "logs-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "logs-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "logs-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "logs-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "logs-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "logs.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs-fips.us-west-2.amazonaws.com", + }, + }, + }, + "lookoutequipment": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "lookoutmetrics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "lookoutvision": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "m2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{}, + }, + }, + "machinelearning": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "macie2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "macie2-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "macie2-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "macie2-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "macie2-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "macie2-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "macie2-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "macie2-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "macie2-fips.us-west-2.amazonaws.com", + }, + }, + }, + "managedblockchain": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "managedblockchain-query": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "marketplacecommerceanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "media-pipelines-chime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "media-pipelines-chime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "media-pipelines-chime-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "mediaconnect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mediaconvert": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "mediaconvert-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "mediaconvert-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "mediaconvert-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "mediaconvert-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "mediaconvert-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mediaconvert-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mediaconvert-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mediaconvert-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mediaconvert-fips.us-west-2.amazonaws.com", + }, + }, + }, + "medialive": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "medialive-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "medialive-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "medialive-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "medialive-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "medialive-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "medialive-fips.us-west-2.amazonaws.com", + }, + }, + }, + "mediapackage": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mediapackage-vod": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mediapackagev2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mediastore": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "meetings-chime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "meetings-chime-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "meetings-chime-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "meetings-chime-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "meetings-chime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "meetings-chime-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "meetings-chime-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "memory-db": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "memory-db-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "messaging-chime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "messaging-chime-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "messaging-chime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "metering.marketplace": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "aws-marketplace", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mgh": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mgn": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "mgn-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "mgn-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "mgn-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "mgn-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-west-2.amazonaws.com", + }, + }, + }, + "migrationhub-orchestrator": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "migrationhub-strategy": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "mobileanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "models-v2-lex": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "models.lex": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "lex", + }, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "models-fips.lex.{region}.{dnsSuffix}", + CredentialScope: credentialScope{ + Service: "lex", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "models-fips.lex.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "models-fips.lex.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "models-fips.lex.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "models-fips.lex.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "monitoring": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "monitoring-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "monitoring-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "monitoring-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "monitoring-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "monitoring-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "monitoring-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "monitoring-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "monitoring-fips.us-west-2.amazonaws.com", + }, + }, + }, + "mq": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "mq-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "mq-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "mq-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "mq-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mq-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mq-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mq-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mq-fips.us-west-2.amazonaws.com", + }, + }, + }, + "mturk-requester": service{ + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "sandbox", + }: endpoint{ + Hostname: "mturk-requester-sandbox.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "neptune": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "rds.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "rds.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "rds.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "rds.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "rds.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "rds.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "rds.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "rds.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "rds.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "rds.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "rds.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "rds.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "rds.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "rds.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "rds.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "rds.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "rds.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "rds.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "network-firewall": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "network-firewall-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "network-firewall-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "network-firewall-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "network-firewall-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "network-firewall-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "network-firewall-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "network-firewall-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "network-firewall-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "network-firewall-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "network-firewall-fips.us-west-2.amazonaws.com", + }, + }, + }, + "networkmanager": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "networkmanager.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "networkmanager-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "fips-aws-global", + }: endpoint{ + Hostname: "networkmanager-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "nimble": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "oam": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "oidc": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "oidc.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "oidc.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "oidc.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "oidc.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "oidc.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "oidc.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "oidc.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "oidc.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "oidc.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "oidc.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "oidc.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "oidc.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "oidc.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "oidc.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "oidc.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "oidc.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "oidc.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "oidc.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "oidc.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "oidc.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "oidc.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "oidc.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "oidc.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "oidc.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "oidc.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "oidc.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "oidc.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "oidc.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "oidc.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "omics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "omics.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "omics.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "omics.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "omics.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "omics-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "omics-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "omics.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "omics.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "omics-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "omics.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "omics-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "opsworks": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "opsworks-cm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "organizations": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "organizations.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "organizations-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-aws-global", + }: endpoint{ + Hostname: "organizations-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "osis": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "outposts-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "outposts-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "outposts-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "outposts-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "outposts-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "outposts-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "outposts-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "outposts-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "outposts-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "outposts-fips.us-west-2.amazonaws.com", + }, + }, + }, + "participant.connect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "participant.connect-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "participant.connect-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "participant.connect-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "participant.connect-fips.us-west-2.amazonaws.com", + }, + }, + }, + "personalize": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "pi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.af-south-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-east-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-northeast-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-northeast-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-northeast-3.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-south-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-south-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-southeast-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-southeast-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-southeast-3.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ap-southeast-4.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ca-central-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.ca-central-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.ca-central-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.ca-west-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.ca-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.ca-west-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-central-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-central-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-north-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-south-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-south-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-west-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-west-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.eu-west-3.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "pi-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "pi-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "pi-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "pi-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "pi-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "pi-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.il-central-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.me-central-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.me-south-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.sa-east-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.us-east-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.us-east-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.us-east-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.us-east-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.us-east-2.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.us-east-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.us-west-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.us-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.us-west-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.us-west-2.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.us-west-2.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.us-west-2.api.aws", + Protocols: []string{"https"}, + }, + }, + }, + "pinpoint": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "mobiletargeting", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "pinpoint.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "pinpoint-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "pinpoint-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "pinpoint-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "pinpoint-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "pinpoint.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "pinpoint.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "pinpoint.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "pipes": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "polly": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "polly-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "polly-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "polly-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "polly-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "polly-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "polly-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "polly-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "polly-fips.us-west-2.amazonaws.com", + }, + }, + }, + "portal.sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "portal.sso.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "portal.sso.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "portal.sso.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "portal.sso.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "portal.sso.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "portal.sso.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "portal.sso.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "portal.sso.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "portal.sso.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "portal.sso.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "portal.sso.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "portal.sso.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "portal.sso.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "portal.sso.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "portal.sso.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "portal.sso.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "portal.sso.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "portal.sso.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "portal.sso.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "portal.sso.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "portal.sso.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "portal.sso.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "portal.sso.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "portal.sso.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "portal.sso.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "portal.sso.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "portal.sso.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "portal.sso.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "portal.sso.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "private-networks": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "profile": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "profile-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "profile-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "profile-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "profile-fips.us-west-2.amazonaws.com", + }, + }, + }, + "projects.iot1click": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "proton": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "qbusiness.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "qbusiness.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "qbusiness.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "qbusiness.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "qbusiness.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "qbusiness.ca-west-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "qbusiness.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "qbusiness.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "qbusiness.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "qbusiness.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "qbusiness.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "qbusiness.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "qbusiness.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "qbusiness.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "qbusiness.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "qbusiness.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "qbusiness.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "qbusiness.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "qbusiness.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "qbusiness.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "qbusiness.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "qbusiness.us-west-2.api.aws", + }, + }, + }, + "qldb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "qldb-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "qldb-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "qldb-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "qldb-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "qldb-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "qldb-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "qldb-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "qldb-fips.us-west-2.amazonaws.com", + }, + }, + }, + "quicksight": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "api", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "ram": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ram-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ram-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ram-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ram-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ram-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ram-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram-fips.us-west-2.amazonaws.com", + }, + }, + }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "rbin-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "rbin-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "rbin-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "rbin-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "rbin-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-west-2.amazonaws.com", + }, + }, + }, + "rds": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "rds-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "rds-fips.ca-central-1", + }: endpoint{ + Hostname: "rds-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.ca-west-1", + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-east-1", + }: endpoint{ + Hostname: "rds-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-east-2", + }: endpoint{ + Hostname: "rds-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-west-1", + }: endpoint{ + Hostname: "rds-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-west-2", + }: endpoint{ + Hostname: "rds-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.ca-central-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.ca-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-east-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-west-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + SSLCommonName: "{service}.{dnsSuffix}", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-east-1.amazonaws.com", + SSLCommonName: "{service}.{dnsSuffix}", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "rds-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "rds-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "rds-data": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "rds-data-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "rds-data-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "rds-data-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "rds-data-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-data-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-data-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-data-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-data-fips.us-west-2.amazonaws.com", + }, + }, + }, + "redshift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "redshift-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "redshift-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "redshift-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "redshift-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "redshift-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "redshift-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-west-2.amazonaws.com", + }, + }, + }, + "redshift-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-serverless-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "redshift-serverless-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "redshift-serverless-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "redshift-serverless-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "redshift-serverless-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "redshift-serverless-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-serverless-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-serverless-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-serverless-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-serverless-fips.us-west-2.amazonaws.com", + }, + }, + }, + "rekognition": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "rekognition-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "rekognition-fips.ca-central-1", + }: endpoint{ + Hostname: "rekognition-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition-fips.us-east-1", + }: endpoint{ + Hostname: "rekognition-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition-fips.us-east-2", + }: endpoint{ + Hostname: "rekognition-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition-fips.us-west-1", + }: endpoint{ + Hostname: "rekognition-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition-fips.us-west-2", + }: endpoint{ + Hostname: "rekognition-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.ca-central-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-east-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-west-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rekognition.us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "rekognition-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "rekognition-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "rekognition-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "rekognition-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "resiliencehub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "resource-explorer-2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "resource-groups": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "resource-groups-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "resource-groups-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "resource-groups-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "resource-groups-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resource-groups-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resource-groups-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resource-groups-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resource-groups-fips.us-west-2.amazonaws.com", + }, + }, + }, + "robomaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-west-2.amazonaws.com", + }, + }, + }, + "route53": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "route53.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53-fips.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-aws-global", + }: endpoint{ + Hostname: "route53-fips.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "route53-recovery-control-config": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "route53-recovery-control-config.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "route53domains": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, + "route53resolver": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "rum": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "runtime-v2-lex": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "runtime.lex": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "lex", + }, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.lex.{region}.{dnsSuffix}", + CredentialScope: credentialScope{ + Service: "lex", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.lex.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "runtime-fips.lex.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.lex.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "runtime-fips.lex.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "runtime.sagemaker": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.sagemaker.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "s3": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + defaultKey{ + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "{service}-fips.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.af-south-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-east-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "s3.ap-northeast-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-northeast-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-northeast-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-northeast-3.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-south-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-south-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "s3.ap-southeast-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-southeast-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "s3.ap-southeast-2.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-southeast-2.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-southeast-3.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ap-southeast-4.amazonaws.com", + }, + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "s3.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-central-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-north-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-south-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-south-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "s3.eu-west-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-west-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-west-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.eu-west-3.amazonaws.com", + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "s3-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "s3-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "s3-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "s3-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "s3-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "s3-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.il-central-1.amazonaws.com", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.me-central-1.amazonaws.com", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.me-south-1.amazonaws.com", + }, + endpointKey{ + Region: "s3-external-1", + }: endpoint{ + Hostname: "s3-external-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "s3.sa-east-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.sa-east-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "s3.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "s3.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "s3.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + }, + }, + "s3-control": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, + }, + defaultKey{ + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "{service}-fips.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "s3-control.af-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.af-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "s3-control.ap-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "s3-control.ap-northeast-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-northeast-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "s3-control.ap-northeast-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-northeast-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "s3-control.ap-northeast-3.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-northeast-3.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "s3-control.ap-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "s3-control.ap-south-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-south-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "s3-control.ap-southeast-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-southeast-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "s3-control.ap-southeast-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-southeast-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "s3-control.ap-southeast-3.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-southeast-3.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "s3-control.ap-southeast-4.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ap-southeast-4.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "s3-control.ca-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ca-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.ca-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.ca-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.ca-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "s3-control.ca-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.ca-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.ca-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.ca-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.ca-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "s3-control.eu-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "s3-control.eu-central-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-central-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "s3-control.eu-north-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-north-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "s3-control.eu-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "s3-control.eu-south-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-south-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "s3-control.eu-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "s3-control.eu-west-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-west-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "s3-control.eu-west-3.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.eu-west-3.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "s3-control.il-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.il-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "s3-control.me-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.me-central-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "s3-control.me-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.me-south-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "s3-control.sa-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.sa-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "s3-control.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "s3-control.us-east-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-east-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-east-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-east-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-east-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "s3-control.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "s3-control.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-west-2.amazonaws.com", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "s3-outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + }, + }, + "sagemaker-geospatial": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "savingsplans": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "savingsplans.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, + "scheduler": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "schemas": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "sdb": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"v2"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "sdb.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "secretsmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, + }, + }, + "securityhub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "securityhub-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "securityhub-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "securityhub-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "securityhub-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securityhub-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securityhub-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securityhub-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securityhub-fips.us-west-2.amazonaws.com", + }, + }, + }, + "securitylake": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "securitylake-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "securitylake-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "securitylake-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "securitylake-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake-fips.us-west-2.amazonaws.com", + }, + }, + }, + "serverlessrepo": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "serverlessrepo-fips.us-east-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "serverlessrepo-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "serverlessrepo-fips.us-east-2.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "serverlessrepo-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "serverlessrepo-fips.us-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "serverlessrepo-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "serverlessrepo-fips.us-west-2.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "serverlessrepo-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "servicecatalog": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "servicecatalog-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "servicecatalog-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "servicecatalog-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "servicecatalog-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "servicecatalog-appregistry": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-west-2.amazonaws.com", + }, + }, + }, + "servicediscovery": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.ca-west-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.ca-west-1.api.aws", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "servicequotas": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "session.qldb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "session.qldb-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "session.qldb-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "session.qldb-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "session.qldb-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "session.qldb-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "session.qldb-fips.us-west-2.amazonaws.com", + }, + }, + }, + "shield": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "shield.us-east-1.amazonaws.com", + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "shield.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "shield-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-aws-global", + }: endpoint{ + Hostname: "shield-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "signer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "signer-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "signer-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "signer-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "signer-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-verification-us-east-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-east-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "verification-af-south-1", + }: endpoint{ + Hostname: "verification.signer.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "verification-ap-east-1", + }: endpoint{ + Hostname: "verification.signer.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "verification-ap-northeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "verification-ap-northeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "verification-ap-south-1", + }: endpoint{ + Hostname: "verification.signer.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "verification-ap-southeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "verification-ap-southeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "verification-ca-central-1", + }: endpoint{ + Hostname: "verification.signer.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "verification-eu-central-1", + }: endpoint{ + Hostname: "verification.signer.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "verification-eu-north-1", + }: endpoint{ + Hostname: "verification.signer.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "verification-eu-south-1", + }: endpoint{ + Hostname: "verification.signer.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "verification-eu-west-1", + }: endpoint{ + Hostname: "verification.signer.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "verification-eu-west-2", + }: endpoint{ + Hostname: "verification.signer.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "verification-eu-west-3", + }: endpoint{ + Hostname: "verification.signer.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "verification-me-south-1", + }: endpoint{ + Hostname: "verification.signer.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "verification-sa-east-1", + }: endpoint{ + Hostname: "verification.signer.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "verification-us-east-1", + }: endpoint{ + Hostname: "verification.signer.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "verification-us-east-2", + }: endpoint{ + Hostname: "verification.signer.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "verification-us-west-1", + }: endpoint{ + Hostname: "verification.signer.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "verification-us-west-2", + }: endpoint{ + Hostname: "verification.signer.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "simspaceweaver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "sms-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-fips.us-west-2.amazonaws.com", + }, + }, + }, + "sms-voice": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "sms-voice-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "sms-voice-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "sms-voice-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "sms-voice-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "sms-voice-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-west-2.amazonaws.com", + }, + }, + }, + "snowball": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.ap-northeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.ap-northeast-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.ap-northeast-3.amazonaws.com", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.ap-south-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.ap-southeast-1.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.ap-southeast-2.amazonaws.com", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.eu-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.eu-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.eu-west-2.amazonaws.com", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.eu-west-3.amazonaws.com", + }, + endpointKey{ + Region: "fips-ap-northeast-1", + }: endpoint{ + Hostname: "snowball-fips.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-2", + }: endpoint{ + Hostname: "snowball-fips.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-3", + }: endpoint{ + Hostname: "snowball-fips.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-south-1", + }: endpoint{ + Hostname: "snowball-fips.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-1", + }: endpoint{ + Hostname: "snowball-fips.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-2", + }: endpoint{ + Hostname: "snowball-fips.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "snowball-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-central-1", + }: endpoint{ + Hostname: "snowball-fips.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-1", + }: endpoint{ + Hostname: "snowball-fips.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-2", + }: endpoint{ + Hostname: "snowball-fips.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-3", + }: endpoint{ + Hostname: "snowball-fips.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-sa-east-1", + }: endpoint{ + Hostname: "snowball-fips.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "snowball-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "snowball-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "snowball-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "snowball-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.sa-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.us-west-2.amazonaws.com", + }, + }, + }, + "sns": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "sns-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "sns-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "sns-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "sns-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "sns-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns-fips.us-west-2.amazonaws.com", + }, + }, + }, + "sqs": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "{region}.queue.{dnsSuffix}", + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "sqs-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "sqs-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "sqs-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "sqs-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + SSLCommonName: "queue.{dnsSuffix}", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sqs-fips.us-east-1.amazonaws.com", + SSLCommonName: "queue.{dnsSuffix}", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sqs-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sqs-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sqs-fips.us-west-2.amazonaws.com", + }, + }, + }, + "ssm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ssm-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "ssm-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-fips.us-west-2.amazonaws.com", + }, + }, + }, + "ssm-contacts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-contacts-fips.us-west-2.amazonaws.com", + }, + }, + }, + "ssm-incidents": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-incidents-fips.us-west-2.amazonaws.com", + }, + }, + }, + "ssm-sap": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "ssm-sap-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm-sap-fips.us-west-2.amazonaws.com", + }, + }, + }, + "sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "states": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "states-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "states-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "states-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "states-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "states-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "states-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "states-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "states-fips.us-west-2.amazonaws.com", + }, + }, + }, + "storagegateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "storagegateway-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1-fips", + }: endpoint{ + Hostname: "storagegateway-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "streams.dynamodb": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "dynamodb", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "local", + }: endpoint{ + Hostname: "localhost:8000", + Protocols: []string{"http"}, + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "sts": service{ + PartitionEndpoint: "aws-global", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "sts.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sts-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "sts-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sts-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "sts-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sts-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "sts-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sts-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "sts-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "support": service{ + PartitionEndpoint: "aws-global", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "support.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, + "supportapp": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "swf": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "swf-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "swf-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "swf-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "swf-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "swf-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "swf-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "swf-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "swf-fips.us-west-2.amazonaws.com", + }, + }, + }, + "synthetics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "synthetics-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "synthetics-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "synthetics-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "synthetics-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "synthetics-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "synthetics-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "synthetics-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "synthetics-fips.us-west-2.amazonaws.com", + }, + }, + }, + "tagging": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "tax": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "tax.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, + "textract": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "textract-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "textract-fips.ca-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.eu-west-3.api.aws", + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "textract-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "textract-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "textract-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "textract-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "textract-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "textract-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "textract-fips.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "textract-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "textract-fips.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "textract-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "textract-fips.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "textract-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "textract-fips.us-west-2.api.aws", + }, + }, + }, + "thinclient": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "tnb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "transcribe": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "fips.transcribe.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "fips.transcribe.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "fips.transcribe.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "fips.transcribe.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "fips.transcribe.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.us-west-2.amazonaws.com", + }, + }, + }, + "transcribestreaming": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "transcribestreaming-ca-central-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transcribestreaming-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-fips-ca-central-1", + }: endpoint{ + Hostname: "transcribestreaming-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-fips-us-east-1", + }: endpoint{ + Hostname: "transcribestreaming-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-fips-us-east-2", + }: endpoint{ + Hostname: "transcribestreaming-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-fips-us-west-2", + }: endpoint{ + Hostname: "transcribestreaming-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-us-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transcribestreaming-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-us-east-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transcribestreaming-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-us-west-2", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "transcribestreaming-us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transcribestreaming-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "transfer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "transfer-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "transfer-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "transfer-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "transfer-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "transfer-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "transfer-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.us-west-2.amazonaws.com", + }, + }, + }, + "translate": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "translate-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "translate-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "translate-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2-fips", + }: endpoint{ + Hostname: "translate-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "translate-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1-fips", + }: endpoint{ + Hostname: "translate-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "translate-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "translate-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "verifiedpermissions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.ca-west-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "verifiedpermissions-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "verifiedpermissions-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-west-2.amazonaws.com", + }, + }, + }, + "voice-chime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "voice-chime-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "voice-chime-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "voice-chime-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-1-fips", + }: endpoint{ + Hostname: "voice-chime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "voice-chime-fips.us-west-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2-fips", + }: endpoint{ + Hostname: "voice-chime-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + }, + }, + "voiceid": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "voiceid-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "voiceid-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "voiceid-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "voiceid-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "voiceid-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "voiceid-fips.us-west-2.amazonaws.com", + }, + }, + }, + "vpc-lattice": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "waf": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "aws", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-fips.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "aws-fips", + }: endpoint{ + Hostname: "waf-fips.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "waf.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "aws-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-fips.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "aws-global-fips", + }: endpoint{ + Hostname: "waf-fips.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "waf-regional": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "waf-regional.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "af-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "waf-regional.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "waf-regional.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "waf-regional.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "waf-regional.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "waf-regional.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "waf-regional.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "waf-regional.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "waf-regional.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "waf-regional.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "waf-regional.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "waf-regional.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "waf-regional.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "waf-regional.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "waf-regional.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "waf-regional.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "waf-regional.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "waf-regional.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "waf-regional.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "waf-regional.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "eu-west-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "fips-af-south-1", + }: endpoint{ + Hostname: "waf-regional-fips.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-east-1", + }: endpoint{ + Hostname: "waf-regional-fips.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-1", + }: endpoint{ + Hostname: "waf-regional-fips.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-2", + }: endpoint{ + Hostname: "waf-regional-fips.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-3", + }: endpoint{ + Hostname: "waf-regional-fips.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-south-1", + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "waf-regional-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-1", + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-2", + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-3", + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "waf-regional-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "waf-regional-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-central-1", + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "waf-regional-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-north-1", + }: endpoint{ + Hostname: "waf-regional-fips.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-south-1", + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-south-2", + }: endpoint{ + Hostname: "waf-regional-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-1", + }: endpoint{ + Hostname: "waf-regional-fips.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-2", + }: endpoint{ + Hostname: "waf-regional-fips.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-3", + }: endpoint{ + Hostname: "waf-regional-fips.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "waf-regional-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-me-central-1", + }: endpoint{ + Hostname: "waf-regional-fips.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-me-south-1", + }: endpoint{ + Hostname: "waf-regional-fips.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-sa-east-1", + }: endpoint{ + Hostname: "waf-regional-fips.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "waf-regional-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "waf-regional-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "waf-regional-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "waf-regional-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "waf-regional.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "waf-regional.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "waf-regional.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "me-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "waf-regional.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "waf-regional.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "waf-regional.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "waf-regional.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "waf-regional.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "wafv2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "wafv2.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "af-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "wafv2.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "wafv2.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "wafv2.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "wafv2.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-northeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "wafv2.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "wafv2.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "wafv2.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "wafv2.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "wafv2.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "wafv2.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "wafv2.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "ca-west-1", + }: endpoint{ + Hostname: "wafv2.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "ca-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "wafv2.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "wafv2.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-central-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "wafv2.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "wafv2.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "wafv2.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-south-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "wafv2.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "wafv2.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "wafv2.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "eu-west-3", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "fips-af-south-1", + }: endpoint{ + Hostname: "wafv2-fips.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-east-1", + }: endpoint{ + Hostname: "wafv2-fips.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-1", + }: endpoint{ + Hostname: "wafv2-fips.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-2", + }: endpoint{ + Hostname: "wafv2-fips.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-northeast-3", + }: endpoint{ + Hostname: "wafv2-fips.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-south-1", + }: endpoint{ + Hostname: "wafv2-fips.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-south-2", + }: endpoint{ + Hostname: "wafv2-fips.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-1", + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-2", + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-3", + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ap-southeast-4", + }: endpoint{ + Hostname: "wafv2-fips.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "wafv2-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-ca-west-1", + }: endpoint{ + Hostname: "wafv2-fips.ca-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-central-1", + }: endpoint{ + Hostname: "wafv2-fips.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-central-2", + }: endpoint{ + Hostname: "wafv2-fips.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-north-1", + }: endpoint{ + Hostname: "wafv2-fips.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-south-1", + }: endpoint{ + Hostname: "wafv2-fips.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-south-2", + }: endpoint{ + Hostname: "wafv2-fips.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-1", + }: endpoint{ + Hostname: "wafv2-fips.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-2", + }: endpoint{ + Hostname: "wafv2-fips.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-eu-west-3", + }: endpoint{ + Hostname: "wafv2-fips.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-il-central-1", + }: endpoint{ + Hostname: "wafv2-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-me-central-1", + }: endpoint{ + Hostname: "wafv2-fips.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-me-south-1", + }: endpoint{ + Hostname: "wafv2-fips.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-sa-east-1", + }: endpoint{ + Hostname: "wafv2-fips.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "wafv2-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "wafv2-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "wafv2-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "wafv2-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "wafv2.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "il-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "wafv2.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "wafv2.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "me-south-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "wafv2.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "sa-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "wafv2.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "wafv2.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "wafv2.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "wafv2.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "wellarchitected": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "wisdom": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "ui-ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ui-ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ui-ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ui-ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ui-ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ui-eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "ui-eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "ui-us-east-1", + }: endpoint{}, + endpointKey{ + Region: "ui-us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{}, + }, + }, + "workdocs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "workdocs-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "workdocs-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workdocs-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workdocs-fips.us-west-2.amazonaws.com", + }, + }, + }, + "workmail": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "workspaces": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "workspaces-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "workspaces-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workspaces-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workspaces-fips.us-west-2.amazonaws.com", + }, + }, + }, + "workspaces-web": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "xray": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "xray-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "xray-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "xray-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "xray-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "xray-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "xray-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "xray-fips.us-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "xray-fips.us-west-2.amazonaws.com", + }, + }, + }, + }, +} + +// AwsCnPartition returns the Resolver for AWS China. +func AwsCnPartition() Partition { + return awscnPartition.Partition() +} + +var awscnPartition = partition{ + ID: "aws-cn", + Name: "AWS China", + DNSSuffix: "amazonaws.com.cn", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^cn\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + Regions: regions{ + "cn-north-1": region{ + Description: "China (Beijing)", + }, + "cn-northwest-1": region{ + Description: "China (Ningxia)", + }, + }, + Services: services{ + "access-analyzer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "account": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "account.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "acm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "acm-pca": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "airflow": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "api.ecr": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "api.ecr.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "api.pricing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "pricing", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "api.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "api.tunneling.iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "apigateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "appconfig": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "appconfigdata": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "application-autoscaling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "applicationinsights": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "appmesh": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "appsync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "athena": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "autoscaling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "autoscaling-plans": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "backup": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "batch": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "budgets": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "budgets.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "cassandra": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "ce": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "ce.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "cloudformation": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "cloudfront": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "cloudfront.cn-northwest-1.amazonaws.com.cn", + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "cloudtrail": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "codebuild": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "codecommit": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "codedeploy": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "codepipeline": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "cognito-identity": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "compute-optimizer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "compute-optimizer.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "compute-optimizer.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "config": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "cur": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "data-ats.iot": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + CredentialScope: credentialScope{ + Service: "iotdata", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "data.ats.iot.cn-north-1.amazonaws.com.cn", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "data.jobs.iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "databrew": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "datazone.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "datazone.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "dax": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "directconnect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "dlm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "dms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "docdb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "rds.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "ds": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "dynamodb": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "ebs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "ec2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "ecs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "eks": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "eks-auth.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "eks-auth.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "elasticache": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "elasticbeanstalk": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "elasticfilesystem": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn", + }, + endpointKey{ + Region: "fips-cn-north-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-cn-northwest-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "elasticloadbalancing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "elasticmapreduce": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "emr-containers": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "emr-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "entitlement.marketplace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "entitlement-marketplace.cn-northwest-1.amazonaws.com.cn", + Protocols: []string{"https"}, + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "es": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "events": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "firehose": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "firehose.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "firehose.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "fms": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "fsx": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "gamelift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "glacier": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "glue": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "greengrass": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "guardduty": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "health": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "health.cn-northwest-1.amazonaws.com.cn", + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "global.health.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "iam": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "iam.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + }, + }, + "identitystore": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "inspector2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "internetmonitor": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "internetmonitor.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "internetmonitor.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "iotanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "iotevents": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "ioteventsdata": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "data.iotevents.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + }, + }, + "iotsecuredtunneling": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "iotsitewise": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "iottwinmaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "api-cn-north-1", + }: endpoint{ + Hostname: "api.iottwinmaker.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "data-cn-north-1", + }: endpoint{ + Hostname: "data.iottwinmaker.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + }, + }, + "kafka": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "kendra-ranking": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "kendra-ranking.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "kendra-ranking.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "kinesis": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "kinesisanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "kinesisvideo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "kms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "lakeformation": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "lambda": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "license-manager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "logs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "mediaconvert": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "mediaconvert.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "memory-db": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "monitoring": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "mq": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "neptune": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "rds.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "rds.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "network-firewall": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "oam": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "oidc": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "oidc.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "oidc.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "organizations": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "organizations.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "personalize": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "pi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.cn-north-1.api.amazonwebservices.com.cn", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.cn-northwest-1.api.amazonwebservices.com.cn", + Protocols: []string{"https"}, + }, + }, + }, + "pipes": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "polly": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "portal.sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "portal.sso.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "portal.sso.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "qbusiness.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "qbusiness.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "quicksight": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "ram": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "rds": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "redshift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "redshift-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "resource-groups": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "route53": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "route53.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "route53resolver": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "runtime.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "s3": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com.cn", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.cn-north-1.amazonaws.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.cn-northwest-1.amazonaws.com.cn", + }, + }, + }, + "s3-control": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "s3-control.cn-north-1.amazonaws.com.cn", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.cn-north-1.amazonaws.com.cn", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "s3-control.cn-northwest-1.amazonaws.com.cn", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.cn-northwest-1.amazonaws.com.cn", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "savingsplans": service{ + IsRegionalized: boxedTrue, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "savingsplans.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "savingsplans.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "schemas": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "secretsmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{}, + }, + }, + "securityhub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "serverlessrepo": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + }, + }, + "servicecatalog": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "servicediscovery": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "servicequotas": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "signer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "verification-cn-north-1", + }: endpoint{ + Hostname: "verification.signer.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "verification-cn-northwest-1", + }: endpoint{ + Hostname: "verification.signer.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, + "snowball": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn", + }, + endpointKey{ + Region: "fips-cn-north-1", + }: endpoint{ + Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-cn-northwest-1", + }: endpoint{ + Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "sns": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "sqs": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "{region}.queue.{dnsSuffix}", + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "ssm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "states": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, + "storagegateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "streams.dynamodb": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "dynamodb", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "sts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "support": service{ + PartitionEndpoint: "aws-cn-global", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-cn-global", + }: endpoint{ + Hostname: "support.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + }, + }, + "swf": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "synthetics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "tagging": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "transcribe": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "cn.transcribe.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "cn.transcribe.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "transcribestreaming": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "transfer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "waf-regional": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "waf-regional.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "waf-regional.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + endpointKey{ + Region: "fips-cn-north-1", + }: endpoint{ + Hostname: "waf-regional-fips.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-cn-northwest-1", + }: endpoint{ + Hostname: "waf-regional-fips.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "wafv2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "wafv2.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-north-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "wafv2.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + endpointKey{ + Region: "fips-cn-north-1", + }: endpoint{ + Hostname: "wafv2-fips.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-cn-northwest-1", + }: endpoint{ + Hostname: "wafv2-fips.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "workspaces": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + "xray": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, + }, +} + +// AwsUsGovPartition returns the Resolver for AWS GovCloud (US). +func AwsUsGovPartition() Partition { + return awsusgovPartition.Partition() +} + +var awsusgovPartition = partition{ + ID: "aws-us-gov", + Name: "AWS GovCloud (US)", + DNSSuffix: "amazonaws.com", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + Regions: regions{ + "us-gov-east-1": region{ + Description: "AWS GovCloud (US-East)", + }, + "us-gov-west-1": region{ + Description: "AWS GovCloud (US-West)", + }, + }, + Services: services{ + "access-analyzer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "acm": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "acm.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "acm.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, + "acm-pca": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "acm-pca.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "acm-pca.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "acm-pca.us-gov-west-1.amazonaws.com", + }, + }, + }, + "api.detective": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "api.ecr": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "dkr-us-gov-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-gov-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dkr-us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-dkr-us-gov-east-1", + }: endpoint{ + Hostname: "ecr-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-dkr-us-gov-west-1", + }: endpoint{ + Hostname: "ecr-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "ecr-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "ecr-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "api.ecr.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "api.ecr.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecr-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, + "api.sagemaker": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "api-fips.sagemaker.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1-fips-secondary", + }: endpoint{ + Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1-secondary", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1-secondary", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "api.tunneling.iot": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "apigateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "appconfig": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "appconfig.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "appconfig.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfig.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfig.us-gov-west-1.amazonaws.com", + }, + }, + }, + "appconfigdata": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + }, + }, + }, + "application-autoscaling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "autoscaling.{region}.amazonaws.com", + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "application-autoscaling", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "application-autoscaling.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, + }, + }, + }, + "applicationinsights": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "applicationinsights.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "applicationinsights.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, + "appstream2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + CredentialScope: credentialScope{ + Service: "appstream", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "appstream2-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "athena": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "athena-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "athena-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "athena-fips.us-gov-west-1.api.aws", + }, + }, + }, + "autoscaling": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "autoscaling-plans": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-plans.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "autoscaling-plans.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-plans.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "autoscaling-plans.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + + Deprecated: boxedTrue, + }, + }, + }, + "backup": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "backup-gateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "batch": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "batch.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "batch.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "batch.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "batch.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "batch.us-gov-west-1.amazonaws.com", + }, + }, + }, + "bedrock": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "bedrock-fips-us-gov-west-1", + }: endpoint{ + Hostname: "bedrock-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-fips-us-gov-west-1", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-us-gov-west-1", + }: endpoint{ + Hostname: "bedrock-runtime.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "bedrock-us-gov-west-1", + }: endpoint{ + Hostname: "bedrock.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "cassandra": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "cassandra.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "cassandra.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "cassandra.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cassandra.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "cassandra.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "cloudcontrolapi-fips.us-gov-west-1.api.aws", + }, + }, + }, + "clouddirectory": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "clouddirectory.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "clouddirectory.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "cloudformation": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "cloudformation.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudformation.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "cloudformation.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "cloudformation.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudformation.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "cloudformation.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "cloudhsm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "cloudhsmv2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "cloudhsm", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "cloudtrail": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudtrail.us-gov-west-1.amazonaws.com", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "cloudtrail.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "cloudtrail.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudtrail.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cloudtrail.us-gov-west-1.amazonaws.com", + }, + }, + }, + "codebuild": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "codecommit": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codecommit-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "codecommit-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "codedeploy": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "codepipeline": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "codestar-connections": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + }, + }, + "cognito-identity": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "cognito-idp": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "comprehend": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "comprehendmedical": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "compute-optimizer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "compute-optimizer-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "compute-optimizer-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, + "config": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "config.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "config.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "config.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "config.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "config.us-gov-west-1.amazonaws.com", + }, + }, + }, + "connect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "connect.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "connect.us-gov-west-1.amazonaws.com", + }, + }, + }, + "controltower": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "controltower-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "controltower-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "controltower-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "data-ats.iot": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + CredentialScope: credentialScope{ + Service: "iotdata", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "data.iot-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "iotdata", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "data.iot-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Service: "iotdata", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iot-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iot-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "data.jobs.iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.jobs.iot-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "databrew": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "databrew.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "databrew.us-gov-west-1.amazonaws.com", + }, + }, + }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "datasync-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "datasync-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "datazone.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "datazone.us-gov-west-1.api.aws", + }, + }, + }, + "directconnect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "directconnect-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "directconnect-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "directconnect-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "dlm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dlm.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "dlm.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dlm.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "dlm.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "dms": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "dms", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dms", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dms-fips", + }: endpoint{ + Hostname: "dms.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "dms.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "dms.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "docdb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "rds.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, + "drs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "ds": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "ds-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "ds-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ds-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "dynamodb": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "dynamodb.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dynamodb.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "dynamodb.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "ebs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, }, }, - "acm": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "ec2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "ec2.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "ec2.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.us-gov-east-1.api.aws", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "ec2.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "ec2.us-gov-west-1.api.aws", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, }, }, - "api.ecr": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{ - Hostname: "api.ecr.cn-north-1.amazonaws.com.cn", + "ecs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "ecs-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "cn-northwest-1": endpoint{ - Hostname: "api.ecr.cn-northwest-1.amazonaws.com.cn", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "ecs-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecs-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ecs-fips.us-gov-west-1.amazonaws.com", }, }, }, - "api.sagemaker": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "eks": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "eks.{region}.{dnsSuffix}", + Protocols: []string{"http", "https"}, + }, }, - }, - "apigateway": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "eks.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "eks.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "eks.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "eks.us-gov-west-1.amazonaws.com", + }, }, }, - "application-autoscaling": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + "eks-auth": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "eks-auth.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "eks-auth.us-gov-west-1.api.aws", + }, }, }, - "appsync": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "elasticache": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticache.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "elasticache.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticache.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "elasticache.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, - "athena": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "elasticbeanstalk": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, - "autoscaling": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + "elasticfilesystem": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com", + }, }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + }, + "elasticloadbalancing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticloadbalancing.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "elasticloadbalancing.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticloadbalancing.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, }, }, - "autoscaling-plans": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + "elasticmapreduce": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-west-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + }, + "email": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "email-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "backup": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "emr-containers": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "emr-containers.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "emr-containers.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-containers.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-containers.us-gov-west-1.amazonaws.com", + }, }, }, - "batch": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "emr-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "emr-serverless.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "emr-serverless.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-serverless.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "emr-serverless.us-gov-west-1.amazonaws.com", + }, }, }, - "budgets": service{ - PartitionEndpoint: "aws-cn-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-cn-global": endpoint{ - Hostname: "budgets.amazonaws.com.cn", + "es": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "es-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "es-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "es-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "es-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "es-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "ce": service{ - PartitionEndpoint: "aws-cn-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-cn-global": endpoint{ - Hostname: "ce.cn-northwest-1.amazonaws.com.cn", + "events": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "events.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - }, - }, - "cloudformation": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "cloudfront": service{ - PartitionEndpoint: "aws-cn-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-cn-global": endpoint{ - Hostname: "cloudfront.cn-northwest-1.amazonaws.com.cn", - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "events.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "events.us-gov-west-1.amazonaws.com", }, }, }, - "cloudtrail": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "codebuild": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "codecommit": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "firehose": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "firehose-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "firehose-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "firehose-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "firehose-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "codedeploy": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "fms": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, }, - }, - "cognito-identity": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "fms-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "fms-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fms-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "config": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "fsx": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-prod-us-gov-east-1", + }: endpoint{ + Hostname: "fsx-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-prod-us-gov-west-1", + }: endpoint{ + Hostname: "fsx-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "fsx-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "fsx-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "prod-us-gov-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "prod-us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "prod-us-gov-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "prod-us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "cur": service{ - - Endpoints: endpoints{ - "cn-northwest-1": endpoint{}, + "geo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "dax": service{ - - Endpoints: endpoints{ - "cn-northwest-1": endpoint{}, + "glacier": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "glacier.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "glacier.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glacier.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glacier.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, }, }, - "directconnect": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "glue": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "glue-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "glue-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-west-1.api.aws", + }, }, }, - "dms": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "greengrass": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, }, - }, - "docdb": service{ - - Endpoints: endpoints{ - "cn-northwest-1": endpoint{ - Hostname: "rds.cn-northwest-1.amazonaws.com.cn", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "dataplane-us-gov-east-1", + }: endpoint{ + Hostname: "greengrass-ats.iot.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "dataplane-us-gov-west-1", + }: endpoint{ + Hostname: "greengrass-ats.iot.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "greengrass.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "greengrass.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "greengrass.us-gov-west-1.amazonaws.com", + }, }, }, - "ds": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "dynamodb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "guardduty": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "guardduty.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + }, }, - }, - "ebs": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "guardduty.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "guardduty.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "guardduty.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "guardduty.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, - "ec2": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + "health": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "health.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "global.health.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "health-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "health-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", + "iam": service{ + PartitionEndpoint: "aws-us-gov-global", IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "iam.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "aws-us-gov-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iam.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "aws-us-gov-global-fips", + }: endpoint{ + Hostname: "iam.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "iam-govcloud", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "iam-govcloud", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iam.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "iam-govcloud-fips", + }: endpoint{ + Hostname: "iam.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, }, }, }, - "ecs": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "eks": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "elasticache": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "elasticbeanstalk": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "identitystore": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "identitystore.{region}.{dnsSuffix}", + }, }, - }, - "elasticfilesystem": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - "fips-cn-north-1": endpoint{ - Hostname: "elasticfilesystem-fips.cn-north-1.amazonaws.com.cn", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "identitystore.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-cn-northwest-1": endpoint{ - Hostname: "elasticfilesystem-fips.cn-northwest-1.amazonaws.com.cn", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "identitystore.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "identitystore.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "identitystore.us-gov-west-1.amazonaws.com", + }, + }, + }, + "ingest.timestream": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ingest.timestream.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "ingest.timestream.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "elasticloadbalancing": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "elasticmapreduce": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "es": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "events": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "firehose": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "fsx": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "gamelift": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - }, - }, - "glacier": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "glue": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "greengrass": service{ - IsRegionalized: boxedTrue, - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - }, - }, - "health": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "inspector": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "inspector-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "inspector-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "iam": service{ - PartitionEndpoint: "aws-cn-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-cn-global": endpoint{ - Hostname: "iam.cn-north-1.amazonaws.com.cn", + "inspector2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "inspector2-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "inspector2-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "inspector2-fips.us-gov-west-1.amazonaws.com", }, }, }, - "iot": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", + "internetmonitor": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", }, }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "internetmonitor.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "internetmonitor.us-gov-west-1.api.aws", + }, }, }, - "iotanalytics": service{ + "iot": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "iot-fips.us-gov-east-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "iot-fips.us-gov-west-1.amazonaws.com", - Endpoints: endpoints{ - "cn-north-1": endpoint{}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iot-fips.us-gov-west-1.amazonaws.com", + }, }, }, "iotevents": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "iotevents-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotevents-fips.us-gov-west-1.amazonaws.com", + }, }, }, "ioteventsdata": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{ - Hostname: "data.iotevents.cn-north-1.amazonaws.com.cn", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "data.iotevents-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "data.iotevents.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "data.iotevents-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", }, }, }, }, "iotsecuredtunneling": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "kafka": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.{region}.{dnsSuffix}", + }, }, - }, - "kinesis": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.tunneling.iot-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "kinesisanalytics": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "iotsitewise": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "iotsitewise-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iotsitewise-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "kms": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "iottwinmaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "api-us-gov-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "data-us-gov-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-api-us-gov-west-1", + }: endpoint{ + Hostname: "api.iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-data-us-gov-west-1", + }: endpoint{ + Hostname: "data.iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "iottwinmaker-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "lakeformation": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, + "kafka": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "kafka.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, - "lambda": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "kendra": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "kendra-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kendra-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "license-manager": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "kendra-ranking": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, }, - }, - "logs": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "kendra-ranking.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "kendra-ranking.us-gov-west-1.api.aws", + }, }, }, - "mediaconvert": service{ - - Endpoints: endpoints{ - "cn-northwest-1": endpoint{ - Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn", + "kinesis": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "kinesis.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "kinesis.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "kinesis.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesis.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "kinesis.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesis.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", }, }, }, }, - "monitoring": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "kinesisanalytics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, }, }, - "neptune": service{ - - Endpoints: endpoints{ - "cn-northwest-1": endpoint{ - Hostname: "rds.cn-northwest-1.amazonaws.com.cn", + "kinesisvideo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "kinesisvideo-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - }, - }, - "organizations": service{ - PartitionEndpoint: "aws-cn-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-cn-global": endpoint{ - Hostname: "organizations.cn-northwest-1.amazonaws.com.cn", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "kinesisvideo-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "polly": service{ - - Endpoints: endpoints{ - "cn-northwest-1": endpoint{}, - }, - }, - "ram": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "rds": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "redshift": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "resource-groups": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "route53": service{ - PartitionEndpoint: "aws-cn-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-cn-global": endpoint{ - Hostname: "route53.amazonaws.com.cn", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "kinesisvideo-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-east-1", }, }, - }, - }, - "runtime.sagemaker": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "s3": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - SignatureVersions: []string{"s3v4"}, - - HasDualStack: boxedTrue, - DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}", - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "s3-control": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - SignatureVersions: []string{"s3v4"}, - - HasDualStack: boxedTrue, - DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}", - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{ - Hostname: "s3-control.cn-north-1.amazonaws.com.cn", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesisvideo-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-east-1", }, }, - "cn-northwest-1": endpoint{ - Hostname: "s3-control.cn-northwest-1.amazonaws.com.cn", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "kinesisvideo-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kinesisvideo-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", }, }, }, }, - "secretsmanager": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "securityhub": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "serverlessrepo": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{ - Protocols: []string{"https"}, + "kms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ProdFips", + }: endpoint{ + Hostname: "kms-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, }, - "cn-northwest-1": endpoint{ - Protocols: []string{"https"}, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-gov-east-1.amazonaws.com", }, - }, - }, - "servicediscovery": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "sms": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "snowball": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - "fips-cn-north-1": endpoint{ - Hostname: "snowball-fips.cn-north-1.amazonaws.com.cn", + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "kms-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-cn-northwest-1": endpoint{ - Hostname: "snowball-fips.cn-northwest-1.amazonaws.com.cn", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "kms-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "sns": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "sqs": service{ - Defaults: endpoint{ - SSLCommonName: "{region}.queue.{dnsSuffix}", - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "ssm": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "states": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "storagegateway": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, - }, - }, - "streams.dynamodb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "dynamodb", + "lakeformation": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-west-1.api.aws", }, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, }, }, - "sts": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "lambda": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "lambda-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "lambda-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lambda-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lambda.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "lambda-fips.us-gov-west-1.amazonaws.com", + }, }, }, - "support": service{ - PartitionEndpoint: "aws-cn-global", - - Endpoints: endpoints{ - "aws-cn-global": endpoint{ - Hostname: "support.cn-north-1.amazonaws.com.cn", + "license-manager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com", }, }, }, - "swf": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "license-manager-linux-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, }, }, - "tagging": service{ - - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + "license-manager-user-subscriptions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, }, }, - "transcribe": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "cn-north-1": endpoint{ - Hostname: "cn.transcribe.cn-north-1.amazonaws.com.cn", + "logs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "logs.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-north-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "cn-northwest-1": endpoint{ - Hostname: "cn.transcribe.cn-northwest-1.amazonaws.com.cn", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "logs.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "cn-northwest-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "logs.us-gov-west-1.amazonaws.com", }, }, }, - "workspaces": service{ + "m2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ - Endpoints: endpoints{ - "cn-northwest-1": endpoint{}, - }, - }, - "xray": service{ + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ - Endpoints: endpoints{ - "cn-north-1": endpoint{}, - "cn-northwest-1": endpoint{}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{}, }, }, - }, -} - -// AwsUsGovPartition returns the Resolver for AWS GovCloud (US). -func AwsUsGovPartition() Partition { - return awsusgovPartition.Partition() -} - -var awsusgovPartition = partition{ - ID: "aws-us-gov", - Name: "AWS GovCloud (US)", - DNSSuffix: "amazonaws.com", - RegionRegex: regionRegex{ - Regexp: func() *regexp.Regexp { - reg, _ := regexp.Compile("^us\\-gov\\-\\w+\\-\\d+$") - return reg - }(), - }, - Defaults: endpoint{ - Hostname: "{service}.{region}.{dnsSuffix}", - Protocols: []string{"https"}, - SignatureVersions: []string{"v4"}, - }, - Regions: regions{ - "us-gov-east-1": region{ - Description: "AWS GovCloud (US-East)", + "managedblockchain": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, }, - "us-gov-west-1": region{ - Description: "AWS GovCloud (US-West)", + "mediaconvert": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "mediaconvert.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mediaconvert.us-gov-west-1.amazonaws.com", + }, + }, }, - }, - Services: services{ - "access-analyzer": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "access-analyzer.us-gov-east-1.amazonaws.com", + "meetings-chime": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "meetings-chime-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "meetings-chime-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "access-analyzer.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "meetings-chime-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "meetings-chime-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "metering.marketplace": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Service: "aws-marketplace", }, }, }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, }, - "acm": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "acm.us-gov-east-1.amazonaws.com", + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "mgn": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "mgn-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "acm.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "mgn-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mgn-fips.us-gov-west-1.amazonaws.com", }, }, }, - "acm-pca": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, + "models-v2-lex": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, }, - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "acm-pca.us-gov-east-1.amazonaws.com", + }, + "models.lex": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Service: "lex", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "acm-pca.us-gov-west-1.amazonaws.com", + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "models-fips.lex.{region}.{dnsSuffix}", + CredentialScope: credentialScope{ + Service: "lex", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "models-fips.lex.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "models-fips.lex.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "api.ecr": service{ - - Endpoints: endpoints{ - "fips-dkr-us-gov-east-1": endpoint{ - Hostname: "ecr-fips.us-gov-east-1.amazonaws.com", + "monitoring": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "monitoring.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "monitoring.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-dkr-us-gov-west-1": endpoint{ - Hostname: "ecr-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "monitoring.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-east-1": endpoint{ - Hostname: "ecr-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "monitoring.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "monitoring.us-gov-west-1.amazonaws.com", + }, + }, + }, + "mq": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "mq-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "ecr-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "mq-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{ - Hostname: "api.ecr.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mq-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "mq-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "neptune": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "rds.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "api.ecr.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "rds.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, }, }, - "api.sagemaker": service{ - - Endpoints: endpoints{ - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "api-fips.sagemaker.us-gov-west-1.amazonaws.com", + "network-firewall": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "network-firewall-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1-fips-secondary": endpoint{ - Hostname: "api.sagemaker.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "network-firewall-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "apigateway": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "application-autoscaling": service{ - Defaults: endpoint{ - Hostname: "autoscaling.{region}.amazonaws.com", - Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "application-autoscaling", - }, - }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "network-firewall-fips.us-gov-east-1.amazonaws.com", }, - "us-gov-west-1": endpoint{ - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "network-firewall-fips.us-gov-west-1.amazonaws.com", }, }, }, - "appstream2": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - CredentialScope: credentialScope{ - Service: "appstream", + "networkmanager": service{ + PartitionEndpoint: "aws-us-gov-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "networkmanager.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, }, - }, - Endpoints: endpoints{ - "fips": endpoint{ - Hostname: "appstream2-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "aws-us-gov-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "networkmanager.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "fips-aws-us-gov-global", + }: endpoint{ + Hostname: "networkmanager.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{}, }, }, - "athena": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "athena-fips.us-gov-east-1.amazonaws.com", + "oidc": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "oidc.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "athena-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "oidc.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "autoscaling": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Protocols: []string{"http", "https"}, - }, - "us-gov-west-1": endpoint{ - Protocols: []string{"http", "https"}, + "organizations": service{ + PartitionEndpoint: "aws-us-gov-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "organizations.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, }, - }, - }, - "autoscaling-plans": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "aws-us-gov-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "organizations.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, }, - "us-gov-west-1": endpoint{ - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "fips-aws-us-gov-global", + }: endpoint{ + Hostname: "organizations.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, }, }, }, - "backup": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "batch": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "batch.us-gov-east-1.amazonaws.com", + "outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "outposts.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "batch.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "outposts.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "outposts.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "outposts.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "clouddirectory": service{ - - Endpoints: endpoints{ - "us-gov-west-1": endpoint{}, + "participant.connect": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "participant.connect.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "participant.connect.us-gov-west-1.amazonaws.com", + }, }, }, - "cloudformation": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "cloudformation.us-gov-east-1.amazonaws.com", + "pi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "pi-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "cloudformation.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "pi-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "cloudhsm": service{ - - Endpoints: endpoints{ - "us-gov-west-1": endpoint{}, - }, - }, - "cloudhsmv2": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "cloudhsm", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.us-gov-east-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.us-gov-east-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.us-gov-east-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "pi.us-gov-west-1.api.aws", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pi-fips.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "pi-fips.us-gov-west-1.api.aws", + Protocols: []string{"https"}, }, - }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "cloudtrail": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "cloudtrail.us-gov-east-1.amazonaws.com", + "pinpoint": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Service: "mobiletargeting", }, }, - "us-gov-west-1": endpoint{ - Hostname: "cloudtrail.us-gov-west-1.amazonaws.com", + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "codebuild": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "codebuild-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "pinpoint.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "codebuild-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, }, }, - "codecommit": service{ - - Endpoints: endpoints{ - "fips": endpoint{ - Hostname: "codecommit-fips.us-gov-west-1.amazonaws.com", + "polly": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "polly-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "polly-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "codedeploy": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "codedeploy-fips.us-gov-east-1.amazonaws.com", + "portal.sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "portal.sso.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "codedeploy-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "portal.sso.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, }, }, - "codepipeline": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "codepipeline-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-west-1", - }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-west-1.api.aws", }, - "us-gov-west-1": endpoint{}, }, }, - "cognito-identity": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "cognito-identity-fips.us-gov-west-1.amazonaws.com", + "quicksight": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "api", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "ram": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "ram.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "ram.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "ram.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-west-1": endpoint{}, - }, - }, - "cognito-idp": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "cognito-idp-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ram.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-west-1": endpoint{}, - }, - }, - "comprehend": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "comprehend-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "ram.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{}, }, }, - "comprehendmedical": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "comprehendmedical-fips.us-gov-west-1.amazonaws.com", + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "rbin-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-west-1": endpoint{}, }, }, - "config": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "config.us-gov-east-1.amazonaws.com", + "rds": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds.us-gov-east-1", + }: endpoint{ + Hostname: "rds.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "config.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "rds.us-gov-west-1", + }: endpoint{ + Hostname: "rds.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "datasync": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "datasync-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "rds.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "datasync-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "rds.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "directconnect": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "directconnect.us-gov-east-1.amazonaws.com", + "redshift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "redshift.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "directconnect.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "redshift.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, }, }, - "dms": service{ - - Endpoints: endpoints{ - "dms-fips": endpoint{ - Hostname: "dms.us-gov-west-1.amazonaws.com", + "rekognition": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rekognition-fips.us-gov-west-1", + }: endpoint{ + Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "docdb": service{ - - Endpoints: endpoints{ - "us-gov-west-1": endpoint{ - Hostname: "rds.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "rekognition.us-gov-west-1", + }: endpoint{ CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "ds": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "ds-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "rekognition.us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "ds-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "dynamodb": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "dynamodb.us-gov-east-1.amazonaws.com", + "resiliencehub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "dynamodb.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", }, }, }, - "ebs": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "ec2": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "ec2.us-gov-east-1.amazonaws.com", + "resource-groups": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "resource-groups.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "resource-groups.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "ec2.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "resource-groups.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resource-groups.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resource-groups.us-gov-west-1.amazonaws.com", }, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, + "robomaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, }, }, - "ecs": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "ecs-fips.us-gov-east-1.amazonaws.com", + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "ecs-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rolesanywhere-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "eks": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "eks.us-gov-east-1.amazonaws.com", + "route53": service{ + PartitionEndpoint: "aws-us-gov-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "route53.us-gov.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "eks.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "aws-us-gov-global", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53.us-gov.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "elasticache": service{ - - Endpoints: endpoints{ - "fips": endpoint{ - Hostname: "elasticache.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-aws-us-gov-global", + }: endpoint{ + Hostname: "route53.us-gov.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "elasticbeanstalk": service{ + "route53resolver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53resolver.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "route53resolver.us-gov-east-1.amazonaws.com", - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "elasticbeanstalk.us-gov-east-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "route53resolver.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "route53resolver.us-gov-west-1.amazonaws.com", + + Deprecated: boxedTrue, + }, + }, + }, + "runtime-v2-lex": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "runtime.lex": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Service: "lex", }, }, - "us-gov-west-1": endpoint{ - Hostname: "elasticbeanstalk.us-gov-west-1.amazonaws.com", + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.lex.{region}.{dnsSuffix}", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Service: "lex", }, }, }, - }, - "elasticfilesystem": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "elasticfilesystem-fips.us-gov-east-1.amazonaws.com", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime-fips.lex.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "runtime-fips.lex.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "elasticfilesystem-fips.us-gov-west-1.amazonaws.com", + }, + }, + "runtime.sagemaker": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime.sagemaker.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "runtime.sagemaker.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "runtime.sagemaker.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "elasticloadbalancing": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "elasticloadbalancing.us-gov-east-1.amazonaws.com", + "s3": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SignatureVersions: []string{"s3", "s3v4"}, + }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + defaultKey{ + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "{service}-fips.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "s3-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "elasticloadbalancing.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "s3-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "s3.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-gov-east-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "s3.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3.dualstack.us-gov-west-1.amazonaws.com", + Protocols: []string{"http", "https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-gov-west-1.amazonaws.com", Protocols: []string{"http", "https"}, }, }, }, - "elasticmapreduce": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "elasticmapreduce.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-east-1", - }, + "s3-control": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "elasticmapreduce.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-west-1", - }, + defaultKey{ + Variant: dualStackVariant, + }: endpoint{ + Hostname: "{service}.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{ - Protocols: []string{"https"}, + defaultKey{ + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "{service}-fips.dualstack.{region}.{dnsSuffix}", + DNSSuffix: "amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, }, }, - }, - "email": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "email-fips.us-gov-west-1.amazonaws.com", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "s3-control.us-gov-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{}, - }, - }, - "es": service{ - - Endpoints: endpoints{ - "fips": endpoint{ - Hostname: "es-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-gov-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "events": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "events.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-gov-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "events.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-gov-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, }, - }, - }, - "firehose": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "firehose-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-gov-east-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "firehose-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "s3-control.us-gov-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "glacier": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "glacier.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-gov-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "glacier.us-gov-west-1.amazonaws.com", - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-gov-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - }, - }, - "glue": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "glue-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-gov-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "glue-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-gov-west-1.amazonaws.com", + SignatureVersions: []string{"s3v4"}, CredentialScope: credentialScope{ Region: "us-gov-west-1", }, - }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, + Deprecated: boxedTrue, + }, + }, + }, + "s3-outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, - "greengrass": service{ - IsRegionalized: boxedTrue, - Defaults: endpoint{ - Protocols: []string{"https"}, + "secretsmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + + Deprecated: boxedTrue, + }, }, - Endpoints: endpoints{ - "dataplane-us-gov-east-1": endpoint{ - Hostname: "greengrass-ats.iot.us-gov-east-1.amazonaws.com", + }, + "securityhub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "dataplane-us-gov-west-1": endpoint{ - Hostname: "greengrass-ats.iot.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, + "securitylake": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake.us-gov-east-1.amazonaws.com", }, - "fips-us-gov-east-1": endpoint{ - Hostname: "greengrass-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "securitylake.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{ - Hostname: "greengrass.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "securitylake.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "securitylake.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "guardduty": service{ - IsRegionalized: boxedTrue, - Defaults: endpoint{ - Protocols: []string{"https"}, + "serverlessrepo": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "guardduty.us-gov-east-1.amazonaws.com", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "guardduty.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "health": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "health-fips.us-gov-west-1.amazonaws.com", + "servicecatalog": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "iam": service{ - PartitionEndpoint: "aws-us-gov-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-us-gov-global": endpoint{ - Hostname: "iam.us-gov.amazonaws.com", + "servicecatalog-appregistry": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicecatalog-appregistry.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "servicediscovery": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "servicediscovery", + }: endpoint{ CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "iam-govcloud-fips": endpoint{ - Hostname: "iam.us-gov.amazonaws.com", + endpointKey{ + Region: "servicediscovery", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "inspector": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "inspector-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "servicediscovery-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, - }, - "fips-us-gov-west-1": endpoint{ - Hostname: "inspector-fips.us-gov-west-1.amazonaws.com", + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "iot": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "execute-api", + "servicequotas": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicequotas.{region}.{dnsSuffix}", + Protocols: []string{"https"}, }, }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "iotsecuredtunneling": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "kafka": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "kinesis": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "kinesis.us-gov-east-1.amazonaws.com", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "servicequotas.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "kinesis.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "servicequotas.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicequotas.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "servicequotas.us-gov-west-1.amazonaws.com", }, }, }, - "kinesisanalytics": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "kms": service{ - - Endpoints: endpoints{ - "ProdFips": endpoint{ - Hostname: "kms-fips.us-gov-west-1.amazonaws.com", + "signer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "signer-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "lakeformation": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "signer-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{}, - }, - }, - "lambda": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "lambda-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "fips-verification-us-gov-east-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "lambda-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-verification-us-gov-west-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "license-manager": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "license-manager-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "signer-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "verification-us-gov-east-1", + }: endpoint{ + Hostname: "verification.signer.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "license-manager-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "verification-us-gov-west-1", + }: endpoint{ + Hostname: "verification.signer.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "logs": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "logs.us-gov-east-1.amazonaws.com", + "simspaceweaver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "logs.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", }, }, }, - "mediaconvert": service{ - - Endpoints: endpoints{ - "us-gov-west-1": endpoint{ - Hostname: "mediaconvert.us-gov-west-1.amazonaws.com", + "sms": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "sms-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "metering.marketplace": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "aws-marketplace", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-fips.us-gov-west-1.amazonaws.com", }, }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, }, - "monitoring": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "monitoring.us-gov-east-1.amazonaws.com", + "sms-voice": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "sms-voice-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "monitoring.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sms-voice-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "neptune": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "rds.us-gov-east-1.amazonaws.com", + "snowball": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "snowball-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "rds.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "snowball-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "snowball-fips.us-gov-west-1.amazonaws.com", }, }, }, - "organizations": service{ - PartitionEndpoint: "aws-us-gov-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-us-gov-global": endpoint{ - Hostname: "organizations.us-gov-west-1.amazonaws.com", + "sns": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "sns.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-aws-us-gov-global": endpoint{ - Hostname: "organizations.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "sns.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sns.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, }, }, }, - "outposts": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "outposts.us-gov-east-1.amazonaws.com", + "sqs": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "sqs.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "sqs.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "outposts.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "sqs.us-gov-west-1.amazonaws.com", + SSLCommonName: "{region}.queue.{dnsSuffix}", + Protocols: []string{"http", "https"}, CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, }, }, - "pinpoint": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "mobiletargeting", - }, - }, - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "pinpoint-fips.us-gov-west-1.amazonaws.com", + "ssm": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "ssm.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "pinpoint.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "ssm.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "ssm.us-gov-west-1.amazonaws.com", }, }, }, - "polly": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "polly-fips.us-gov-west-1.amazonaws.com", + "sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{}, - }, - }, - "ram": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "rds": service{ - - Endpoints: endpoints{ - "rds.us-gov-east-1": endpoint{ - Hostname: "rds.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "rds.us-gov-west-1": endpoint{ - Hostname: "rds.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "redshift": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "redshift.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "redshift.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - }, - }, - "rekognition": service{ - - Endpoints: endpoints{ - "rekognition-fips.us-gov-west-1": endpoint{ - Hostname: "rekognition-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{}, }, }, - "resource-groups": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "resource-groups.us-gov-east-1.amazonaws.com", + "states": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "states-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "resource-groups.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "states.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "states-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "states.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "route53": service{ - PartitionEndpoint: "aws-us-gov-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-us-gov-global": endpoint{ - Hostname: "route53.us-gov.amazonaws.com", + "storagegateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "fips-aws-us-gov-global": endpoint{ - Hostname: "route53.us-gov.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - }, - }, - "route53resolver": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "runtime.sagemaker": service{ - - Endpoints: endpoints{ - "us-gov-west-1": endpoint{}, - }, - }, - "s3": service{ - Defaults: endpoint{ - SignatureVersions: []string{"s3", "s3v4"}, - - HasDualStack: boxedTrue, - DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}", - }, - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "s3-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, - }, - "us-gov-east-1": endpoint{ - Hostname: "s3.us-gov-east-1.amazonaws.com", - Protocols: []string{"http", "https"}, - }, - "us-gov-west-1": endpoint{ - Hostname: "s3.us-gov-west-1.amazonaws.com", - Protocols: []string{"http", "https"}, + Deprecated: boxedTrue, }, }, }, - "s3-control": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - SignatureVersions: []string{"s3v4"}, - - HasDualStack: boxedTrue, - DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}", - }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "s3-control.us-gov-east-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + "streams.dynamodb": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Service: "dynamodb", }, }, - "us-gov-east-1-fips": endpoint{ - Hostname: "s3-control-fips.us-gov-east-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "streams.dynamodb.{region}.{dnsSuffix}", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Service: "dynamodb", }, }, - "us-gov-west-1": endpoint{ - Hostname: "s3-control.us-gov-west-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "streams.dynamodb.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "streams.dynamodb.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1-fips": endpoint{ - Hostname: "s3-control-fips.us-gov-west-1.amazonaws.com", - SignatureVersions: []string{"s3v4"}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "streams.dynamodb.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "streams.dynamodb.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "secretsmanager": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", + "sts": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "sts.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sts.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "sts.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sts.us-gov-west-1.amazonaws.com", }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "sts.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "securityhub": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "securityhub-fips.us-gov-east-1.amazonaws.com", + "support": service{ + PartitionEndpoint: "aws-us-gov-global", + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "support.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "securityhub-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "support.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "serverlessrepo": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "serverlessrepo.us-gov-east-1.amazonaws.com", - Protocols: []string{"https"}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "serverlessrepo.us-gov-west-1.amazonaws.com", - Protocols: []string{"https"}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "support.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "servicecatalog": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "servicecatalog-fips.us-gov-east-1.amazonaws.com", + "swf": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "swf.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "servicecatalog-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "swf.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, }, - }, - }, - "sms": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "sms-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "swf.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "sms-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "swf.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "snowball": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "snowball-fips.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "swf.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "snowball-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "swf.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "sns": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "sns.us-gov-east-1.amazonaws.com", + "synthetics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "synthetics-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "sns.us-gov-west-1.amazonaws.com", - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "synthetics-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "synthetics-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "synthetics-fips.us-gov-west-1.amazonaws.com", }, }, }, - "sqs": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "sqs.us-gov-east-1.amazonaws.com", + "tagging": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "textract": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "textract-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{ - Hostname: "sqs.us-gov-west-1.amazonaws.com", - SSLCommonName: "{region}.queue.{dnsSuffix}", - Protocols: []string{"http", "https"}, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "textract-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "textract-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "textract-fips.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "textract.us-gov-west-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "textract-fips.us-gov-west-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "textract-fips.us-gov-west-1.api.aws", }, }, }, - "ssm": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "ssm.us-gov-east-1.amazonaws.com", + "transcribe": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "ssm.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "states": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "states-fips.us-gov-east-1.amazonaws.com", + "transcribestreaming": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, + "transfer": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "transfer-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "states.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "transfer-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "storagegateway": service{ - - Endpoints: endpoints{ - "fips": endpoint{ - Hostname: "storagegateway-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-west-1", - }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "transfer-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "streams.dynamodb": service{ - Defaults: endpoint{ - CredentialScope: credentialScope{ - Service: "dynamodb", + "translate": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, }, }, - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "dynamodb.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-east-1", - }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "translate-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "dynamodb.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "translate-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, }, }, - "sts": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-east-1-fips": endpoint{ - Hostname: "sts.us-gov-east-1.amazonaws.com", + "verifiedpermissions": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "sts.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "verifiedpermissions-fips.us-gov-west-1.amazonaws.com", }, }, }, - "support": service{ - PartitionEndpoint: "aws-us-gov-global", - - Endpoints: endpoints{ - "aws-us-gov-global": endpoint{ - Hostname: "support.us-gov-west-1.amazonaws.com", + "waf-regional": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "support.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - }, - }, - "swf": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{ - Hostname: "swf.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "waf-regional.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "swf.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, }, - }, - }, - "tagging": service{ - - Endpoints: endpoints{ - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "transcribe": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "fips.transcribe.us-gov-east-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "waf-regional.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-east-1", + Region: "us-gov-west-1", }, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "fips.transcribe.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, - "transfer": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ - Hostname: "transfer-fips.us-gov-east-1.amazonaws.com", + "wafv2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "wafv2-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ - Hostname: "transfer-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "wafv2-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, - }, - }, - "translate": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, - }, - Endpoints: endpoints{ - "us-gov-west-1": endpoint{}, - "us-gov-west-1-fips": endpoint{ - Hostname: "translate-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "wafv2.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ - Region: "us-gov-west-1", + Region: "us-gov-east-1", }, }, - }, - }, - "waf-regional": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ - Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "wafv2.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, - "us-gov-west-1": endpoint{ - Hostname: "waf-regional.us-gov-west-1.amazonaws.com", + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "wafv2-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, }, }, + "wellarchitected": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "workspaces": service{ - - Endpoints: endpoints{ - "fips-us-gov-west-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ Hostname: "workspaces-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workspaces-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "workspaces-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-west-1": endpoint{}, }, }, "xray": service{ - - Endpoints: endpoints{ - "fips-us-gov-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ Hostname: "xray-fips.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, - "fips-us-gov-west-1": endpoint{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ Hostname: "xray-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "xray-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "xray-fips.us-gov-west-1.amazonaws.com", }, - "us-gov-east-1": endpoint{}, - "us-gov-west-1": endpoint{}, }, }, }, @@ -9488,203 +46342,646 @@ var awsisoPartition = partition{ return reg }(), }, - Defaults: endpoint{ - Hostname: "{service}.{region}.{dnsSuffix}", - Protocols: []string{"https"}, - SignatureVersions: []string{"v4"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "c2s.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, }, Regions: regions{ "us-iso-east-1": region{ Description: "US ISO East", }, + "us-iso-west-1": region{ + Description: "US ISO WEST", + }, }, Services: services{ "api.ecr": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ Hostname: "api.ecr.us-iso-east-1.c2s.ic.gov", CredentialScope: credentialScope{ Region: "us-iso-east-1", }, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{ + Hostname: "api.ecr.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + }, + }, + }, + "api.pricing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "pricing", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "api.sagemaker": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "apigateway": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "appconfig": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "appconfigdata": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "application-autoscaling": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + }, + "athena": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "autoscaling": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "cloudformation": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "cloudtrail": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "codedeploy": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "comprehend": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, }, - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "config": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "datapipeline": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "datasync-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + }, }, }, "directconnect": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "dlm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "dms": service{ - - Endpoints: endpoints{ - "dms-fips": endpoint{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "dms", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dms", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dms-fips", + }: endpoint{ + Hostname: "dms.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ Hostname: "dms.us-iso-east-1.c2s.ic.gov", CredentialScope: credentialScope{ Region: "us-iso-east-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "dms.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, }, - "us-iso-east-1": endpoint{}, }, }, "ds": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "dynamodb": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, - "ec2": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + "ebs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, + "ec2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "ecs": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "eks": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "elasticache": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "elasticfilesystem": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-iso-west-1.c2s.ic.gov", + }, }, }, "elasticloadbalancing": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "elasticmapreduce": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ + Protocols: []string{"https"}, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", Protocols: []string{"https"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + }, }, }, "es": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "events": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "firehose": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "fsx": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-prod-us-iso-east-1", + }: endpoint{ + Hostname: "fsx-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "fsx-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "prod-us-iso-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "prod-us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "fsx-fips.us-iso-east-1.c2s.ic.gov", + }, }, }, "glacier": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "glue": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, + "guardduty": service{ + IsRegionalized: boxedTrue, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "health": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "iam": service{ PartitionEndpoint: "aws-iso-global", IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-iso-global": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-iso-global", + }: endpoint{ Hostname: "iam.us-iso-east-1.c2s.ic.gov", CredentialScope: credentialScope{ Region: "us-iso-east-1", @@ -9693,59 +46990,277 @@ var awsisoPartition = partition{ }, }, "kinesis": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "kms": service{ - - Endpoints: endpoints{ - "ProdFips": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ProdFips", + }: endpoint{ + Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov", CredentialScope: credentialScope{ Region: "us-iso-east-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "kms-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, }, - "us-iso-east-1": endpoint{}, }, }, "lambda": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "license-manager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "logs": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "medialive": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, + "mediapackage": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "monitoring": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + }, + }, + "ram": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "rbin-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-iso-west-1.c2s.ic.gov", + }, }, }, "rds": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds.us-iso-east-1", + }: endpoint{ + Hostname: "rds.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + }: endpoint{ + Hostname: "rds.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ + Hostname: "rds.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "rds.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ + Hostname: "redshift.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{ + Hostname: "redshift.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + }, + }, + }, + "resource-groups": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "route53": service{ PartitionEndpoint: "aws-iso-global", IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-iso-global": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-iso-global", + }: endpoint{ Hostname: "route53.c2s.ic.gov", CredentialScope: credentialScope{ Region: "us-iso-east-1", @@ -9753,75 +47268,309 @@ var awsisoPartition = partition{ }, }, }, + "route53resolver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, "runtime.sagemaker": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "s3": service{ - Defaults: endpoint{ - SignatureVersions: []string{"s3v4"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SignatureVersions: []string{"s3v4"}, + }, }, - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-iso-east-1.c2s.ic.gov", Protocols: []string{"http", "https"}, SignatureVersions: []string{"s3v4"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-iso-west-1.c2s.ic.gov", + }, }, }, - "snowball": service{ + "s3-control": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ + Hostname: "s3-control.us-iso-east-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-iso-east-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-iso-east-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-iso-east-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-iso-east-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{ + Hostname: "s3-control.us-iso-west-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + }, + endpointKey{ + Region: "us-iso-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-iso-west-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + }, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-iso-west-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + }, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-iso-west-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-iso-west-1.c2s.ic.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "s3-outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{}, + }, + }, + "secretsmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "snowball": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "sns": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "sqs": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{ Protocols: []string{"http", "https"}, }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "ssm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "states": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "streams.dynamodb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "dynamodb", + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "dynamodb", + }, }, }, - Endpoints: endpoints{ - "us-iso-east-1": endpoint{ - Protocols: []string{"http", "https"}, - }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "sts": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "support": service{ PartitionEndpoint: "aws-iso-global", - - Endpoints: endpoints{ - "aws-iso-global": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-iso-global", + }: endpoint{ Hostname: "support.us-iso-east-1.c2s.ic.gov", CredentialScope: credentialScope{ Region: "us-iso-east-1", @@ -9830,37 +47579,81 @@ var awsisoPartition = partition{ }, }, "swf": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "synthetics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "tagging": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + }, + }, + "textract": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "transcribe": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, }, - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "transcribestreaming": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "translate": service{ - Defaults: endpoint{ - Protocols: []string{"https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + }, }, - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, }, }, "workspaces": service{ - - Endpoints: endpoints{ - "us-iso-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, }, @@ -9881,10 +47674,20 @@ var awsisobPartition = partition{ return reg }(), }, - Defaults: endpoint{ - Hostname: "{service}.{region}.{dnsSuffix}", - Protocols: []string{"https"}, - SignatureVersions: []string{"v4"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "sc2s.sgov.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, }, Regions: regions{ "us-isob-east-1": region{ @@ -9893,9 +47696,10 @@ var awsisobPartition = partition{ }, Services: services{ "api.ecr": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{ Hostname: "api.ecr.us-isob-east-1.sc2s.sgov.gov", CredentialScope: credentialScope{ Region: "us-isob-east-1", @@ -9903,147 +47707,344 @@ var awsisobPartition = partition{ }, }, }, + "api.pricing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "pricing", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "api.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "apigateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "appconfig": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "appconfigdata": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "application-autoscaling": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "autoscaling": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "cloudformation": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "cloudtrail": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "codedeploy": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "config": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "directconnect": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "dlm": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "dms": service{ - - Endpoints: endpoints{ - "dms-fips": endpoint{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{}, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.{region}.{dnsSuffix}", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "dms", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dms", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "dms-fips", + }: endpoint{ + Hostname: "dms.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "dms.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ Hostname: "dms.us-isob-east-1.sc2s.sgov.gov", CredentialScope: credentialScope{ Region: "us-isob-east-1", }, + Deprecated: boxedTrue, }, - "us-isob-east-1": endpoint{}, + }, + }, + "ds": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "dynamodb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, - "ec2": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + "ebs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, + "ec2": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, }, }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, }, "ecs": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "eks": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "elasticache": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "elasticfilesystem": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticfilesystem-fips.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "elasticloadbalancing": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{ Protocols: []string{"https"}, }, }, }, "elasticmapreduce": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "es": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "events": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "firehose": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "glacier": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "health": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "iam": service{ PartitionEndpoint: "aws-iso-b-global", IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-iso-b-global": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-iso-b-global", + }: endpoint{ Hostname: "iam.us-isob-east-1.sc2s.sgov.gov", CredentialScope: credentialScope{ Region: "us-isob-east-1", @@ -10052,125 +48053,442 @@ var awsisobPartition = partition{ }, }, "kinesis": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "kms": service{ - - Endpoints: endpoints{ - "ProdFips": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ProdFips", + }: endpoint{ + Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov", CredentialScope: credentialScope{ Region: "us-isob-east-1", }, + Deprecated: boxedTrue, }, - "us-isob-east-1": endpoint{}, }, }, "lambda": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "license-manager": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "logs": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "medialive": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "mediapackage": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "metering.marketplace": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "aws-marketplace", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "metrics.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "monitoring": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "ram": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "rbin": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rbin-fips.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "rds": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds.us-isob-east-1", + }: endpoint{ + Hostname: "rds.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ + Hostname: "rds.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{ + Hostname: "redshift.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + }, + }, + "resource-groups": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "route53": service{ + PartitionEndpoint: "aws-iso-b-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-iso-b-global", + }: endpoint{ + Hostname: "route53.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + }, + }, + "route53resolver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "runtime.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "s3": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - SignatureVersions: []string{"s3v4"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-fips.dualstack.us-isob-east-1.sc2s.sgov.gov", + }, }, }, - "snowball": service{ + "s3-control": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"https"}, + SignatureVersions: []string{"s3v4"}, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{ + Hostname: "s3-control.us-isob-east-1.sc2s.sgov.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + endpointKey{ + Region: "us-isob-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "s3-control.dualstack.us-isob-east-1.sc2s.sgov.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "s3-control-fips.us-isob-east-1.sc2s.sgov.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "s3-control-fips.dualstack.us-isob-east-1.sc2s.sgov.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ + Hostname: "s3-control-fips.us-isob-east-1.sc2s.sgov.gov", + SignatureVersions: []string{"s3v4"}, + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "s3-outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{}, + }, + }, + "secretsmanager": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "snowball": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "sns": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + }, }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "sqs": service{ - Defaults: endpoint{ - SSLCommonName: "{region}.queue.{dnsSuffix}", - Protocols: []string{"http", "https"}, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "{region}.queue.{dnsSuffix}", + Protocols: []string{"http", "https"}, + }, }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "ssm": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "states": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "storagegateway": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "storagegateway-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ + Hostname: "storagegateway-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, }, }, "streams.dynamodb": service{ - Defaults: endpoint{ - Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "dynamodb", + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "dynamodb", + }, }, }, - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "sts": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, "support": service{ PartitionEndpoint: "aws-iso-b-global", - - Endpoints: endpoints{ - "aws-iso-b-global": endpoint{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-iso-b-global", + }: endpoint{ Hostname: "support.us-isob-east-1.sc2s.sgov.gov", CredentialScope: credentialScope{ Region: "us-isob-east-1", @@ -10179,10 +48497,104 @@ var awsisobPartition = partition{ }, }, "swf": service{ - - Endpoints: endpoints{ - "us-isob-east-1": endpoint{}, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "synthetics": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + "tagging": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, }, }, + "workspaces": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, + }, +} + +// AwsIsoEPartition returns the Resolver for AWS ISOE (Europe). +func AwsIsoEPartition() Partition { + return awsisoePartition.Partition() +} + +var awsisoePartition = partition{ + ID: "aws-iso-e", + Name: "AWS ISOE (Europe)", + DNSSuffix: "cloud.adc-e.uk", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^eu\\-isoe\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "cloud.adc-e.uk", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + Regions: regions{ + "eu-isoe-west-1": region{ + Description: "EU ISOE West", + }, + }, + Services: services{}, +} + +// AwsIsoFPartition returns the Resolver for AWS ISOF. +func AwsIsoFPartition() Partition { + return awsisofPartition.Partition() +} + +var awsisofPartition = partition{ + ID: "aws-iso-f", + Name: "AWS ISOF", + DNSSuffix: "csp.hci.ic.gov", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^us\\-isof\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "csp.hci.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, }, + Regions: regions{}, + Services: services{}, } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go index 84316b92c..66dec6beb 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go @@ -9,7 +9,7 @@ // AWS GovCloud (US) (aws-us-gov). // . // -// Enumerating Regions and Endpoint Metadata +// # Enumerating Regions and Endpoint Metadata // // Casting the Resolver returned by DefaultResolver to a EnumPartitions interface // will allow you to get access to the list of underlying Partitions with the @@ -17,22 +17,22 @@ // resolving to a single partition, or enumerate regions, services, and endpoints // in the partition. // -// resolver := endpoints.DefaultResolver() -// partitions := resolver.(endpoints.EnumPartitions).Partitions() +// resolver := endpoints.DefaultResolver() +// partitions := resolver.(endpoints.EnumPartitions).Partitions() // -// for _, p := range partitions { -// fmt.Println("Regions for", p.ID()) -// for id, _ := range p.Regions() { -// fmt.Println("*", id) -// } +// for _, p := range partitions { +// fmt.Println("Regions for", p.ID()) +// for id, _ := range p.Regions() { +// fmt.Println("*", id) +// } // -// fmt.Println("Services for", p.ID()) -// for id, _ := range p.Services() { -// fmt.Println("*", id) -// } -// } +// fmt.Println("Services for", p.ID()) +// for id, _ := range p.Services() { +// fmt.Println("*", id) +// } +// } // -// Using Custom Endpoints +// # Using Custom Endpoints // // The endpoints package also gives you the ability to use your own logic how // endpoints are resolved. This is a great way to define a custom endpoint @@ -47,20 +47,19 @@ // of Resolver.EndpointFor, converting it to a type that satisfies the // Resolver interface. // +// myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) { +// if service == endpoints.S3ServiceID { +// return endpoints.ResolvedEndpoint{ +// URL: "s3.custom.endpoint.com", +// SigningRegion: "custom-signing-region", +// }, nil +// } // -// myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) { -// if service == endpoints.S3ServiceID { -// return endpoints.ResolvedEndpoint{ -// URL: "s3.custom.endpoint.com", -// SigningRegion: "custom-signing-region", -// }, nil -// } +// return endpoints.DefaultResolver().EndpointFor(service, region, optFns...) +// } // -// return endpoints.DefaultResolver().EndpointFor(service, region, optFns...) -// } -// -// sess := session.Must(session.NewSession(&aws.Config{ -// Region: aws.String("us-west-2"), -// EndpointResolver: endpoints.ResolverFunc(myCustomResolver), -// })) +// sess := session.Must(session.NewSession(&aws.Config{ +// Region: aws.String("us-west-2"), +// EndpointResolver: endpoints.ResolverFunc(myCustomResolver), +// })) package endpoints diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go index ca956e5f1..a686a48fa 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go @@ -8,6 +8,41 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" ) +// A Logger is a minimalistic interface for the SDK to log messages to. +type Logger interface { + Log(...interface{}) +} + +// DualStackEndpointState is a constant to describe the dual-stack endpoint resolution +// behavior. +type DualStackEndpointState uint + +const ( + // DualStackEndpointStateUnset is the default value behavior for dual-stack endpoint + // resolution. + DualStackEndpointStateUnset DualStackEndpointState = iota + + // DualStackEndpointStateEnabled enable dual-stack endpoint resolution for endpoints. + DualStackEndpointStateEnabled + + // DualStackEndpointStateDisabled disables dual-stack endpoint resolution for endpoints. + DualStackEndpointStateDisabled +) + +// FIPSEndpointState is a constant to describe the FIPS endpoint resolution behavior. +type FIPSEndpointState uint + +const ( + // FIPSEndpointStateUnset is the default value behavior for FIPS endpoint resolution. + FIPSEndpointStateUnset FIPSEndpointState = iota + + // FIPSEndpointStateEnabled enables FIPS endpoint resolution for service endpoints. + FIPSEndpointStateEnabled + + // FIPSEndpointStateDisabled disables FIPS endpoint resolution for endpoints. + FIPSEndpointStateDisabled +) + // Options provide the configuration needed to direct how the // endpoints will be resolved. type Options struct { @@ -21,8 +56,19 @@ type Options struct { // be returned. This endpoint may not be valid. If StrictMatching is // enabled only services that are known to support dualstack will return // dualstack endpoints. + // + // Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility. + // UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients + // moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher + // precedence then this option. UseDualStack bool + // Sets the resolver to resolve a dual-stack endpoint for the service. + UseDualStackEndpoint DualStackEndpointState + + // UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint. + UseFIPSEndpoint FIPSEndpointState + // Enables strict matching of services and regions resolved endpoints. // If the partition doesn't enumerate the exact service and region an // error will be returned. This option will prevent returning endpoints @@ -48,11 +94,65 @@ type Options struct { // This option is ignored if StrictMatching is enabled. ResolveUnknownService bool + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + EC2MetadataEndpointMode EC2IMDSEndpointModeState + // STS Regional Endpoint flag helps with resolving the STS endpoint STSRegionalEndpoint STSRegionalEndpoint // S3 Regional Endpoint flag helps with resolving the S3 endpoint S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint + + // ResolvedRegion is the resolved region string. If provided (non-zero length) it takes priority + // over the region name passed to the ResolveEndpoint call. + ResolvedRegion string + + // Logger is the logger that will be used to log messages. + Logger Logger + + // Determines whether logging of deprecated endpoints usage is enabled. + LogDeprecated bool +} + +func (o Options) getEndpointVariant(service string) (v endpointVariant) { + const s3 = "s3" + const s3Control = "s3-control" + + if (o.UseDualStackEndpoint == DualStackEndpointStateEnabled) || + ((service == s3 || service == s3Control) && (o.UseDualStackEndpoint == DualStackEndpointStateUnset && o.UseDualStack)) { + v |= dualStackVariant + } + if o.UseFIPSEndpoint == FIPSEndpointStateEnabled { + v |= fipsVariant + } + return v +} + +// EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode. +type EC2IMDSEndpointModeState uint + +// Enumeration values for EC2IMDSEndpointModeState +const ( + EC2IMDSEndpointModeStateUnset EC2IMDSEndpointModeState = iota + EC2IMDSEndpointModeStateIPv4 + EC2IMDSEndpointModeStateIPv6 +) + +// SetFromString sets the EC2IMDSEndpointModeState based on the provided string value. Unknown values will default to EC2IMDSEndpointModeStateUnset +func (e *EC2IMDSEndpointModeState) SetFromString(v string) error { + v = strings.TrimSpace(v) + + switch { + case len(v) == 0: + *e = EC2IMDSEndpointModeStateUnset + case strings.EqualFold(v, "IPv6"): + *e = EC2IMDSEndpointModeStateIPv6 + case strings.EqualFold(v, "IPv4"): + *e = EC2IMDSEndpointModeStateIPv4 + default: + return fmt.Errorf("unknown EC2 IMDS endpoint mode, must be either IPv6 or IPv4") + } + return nil } // STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint @@ -166,10 +266,25 @@ func DisableSSLOption(o *Options) { // UseDualStackOption sets the UseDualStack option. Can be used as a functional // option when resolving endpoints. +// +// Deprecated: UseDualStackEndpointOption should be used to enable usage of a service's dual-stack endpoint. +// When DualStackEndpointState is set to a non-zero value it takes higher precedence then this option. func UseDualStackOption(o *Options) { o.UseDualStack = true } +// UseDualStackEndpointOption sets the UseDualStackEndpoint option to enabled. Can be used as a functional +// option when resolving endpoints. +func UseDualStackEndpointOption(o *Options) { + o.UseDualStackEndpoint = DualStackEndpointStateEnabled +} + +// UseFIPSEndpointOption sets the UseFIPSEndpoint option to enabled. Can be used as a functional +// option when resolving endpoints. +func UseFIPSEndpointOption(o *Options) { + o.UseFIPSEndpoint = FIPSEndpointStateEnabled +} + // StrictMatchingOption sets the StrictMatching option. Can be used as a functional // option when resolving endpoints. func StrictMatchingOption(o *Options) { @@ -238,16 +353,18 @@ type EnumPartitions interface { // as the second parameter. // // This example shows how to get the regions for DynamoDB in the AWS partition. -// rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID) +// +// rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID) // // This is equivalent to using the partition directly. -// rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions() +// +// rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions() func RegionsForService(ps []Partition, partitionID, serviceID string) (map[string]Region, bool) { for _, p := range ps { if p.ID() != partitionID { continue } - if _, ok := p.p.Services[serviceID]; !ok { + if _, ok := p.p.Services[serviceID]; !(ok || serviceID == Ec2metadataServiceID) { break } @@ -308,8 +425,8 @@ func (p Partition) ID() string { return p.id } // of new regions and services expansions. // // Errors that can be returned. -// * UnknownServiceError -// * UnknownEndpointError +// - UnknownServiceError +// - UnknownEndpointError func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) { return p.p.EndpointFor(service, region, opts...) } @@ -333,6 +450,7 @@ func (p Partition) Regions() map[string]Region { // enumerating over the services in a partition. func (p Partition) Services() map[string]Service { ss := make(map[string]Service, len(p.p.Services)) + for id := range p.p.Services { ss[id] = Service{ id: id, @@ -340,6 +458,15 @@ func (p Partition) Services() map[string]Service { } } + // Since we have removed the customization that injected this into the model + // we still need to pretend that this is a modeled service. + if _, ok := ss[Ec2metadataServiceID]; !ok { + ss[Ec2metadataServiceID] = Service{ + id: Ec2metadataServiceID, + p: p.p, + } + } + return ss } @@ -367,7 +494,7 @@ func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (Resolve func (r Region) Services() map[string]Service { ss := map[string]Service{} for id, s := range r.p.Services { - if _, ok := s.Endpoints[r.id]; ok { + if _, ok := s.Endpoints[endpointKey{Region: r.id}]; ok { ss[id] = Service{ id: id, p: r.p, @@ -400,10 +527,24 @@ func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (Resolve // an URL that can be resolved to a instance of a service. func (s Service) Regions() map[string]Region { rs := map[string]Region{} - for id := range s.p.Services[s.id].Endpoints { - if r, ok := s.p.Regions[id]; ok { - rs[id] = Region{ - id: id, + + service, ok := s.p.Services[s.id] + + // Since ec2metadata customization has been removed we need to check + // if it was defined in non-standard endpoints.json file. If it's not + // then we can return the empty map as there is no regional-endpoints for IMDS. + // Otherwise, we iterate need to iterate the non-standard model. + if s.id == Ec2metadataServiceID && !ok { + return rs + } + + for id := range service.Endpoints { + if id.Variant != 0 { + continue + } + if r, ok := s.p.Regions[id.Region]; ok { + rs[id.Region] = Region{ + id: id.Region, desc: r.Description, p: s.p, } @@ -421,8 +562,11 @@ func (s Service) Regions() map[string]Region { func (s Service) Endpoints() map[string]Endpoint { es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints)) for id := range s.p.Services[s.id].Endpoints { - es[id] = Endpoint{ - id: id, + if id.Variant != 0 { + continue + } + es[id.Region] = Endpoint{ + id: id.Region, serviceID: s.id, p: s.p, } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go index 773613722..89f6627dc 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go @@ -1,12 +1,46 @@ package endpoints import ( + "encoding/json" "fmt" "regexp" "strconv" "strings" ) +const ( + ec2MetadataEndpointIPv6 = "http://[fd00:ec2::254]/latest" + ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest" +) + +const dnsSuffixTemplateKey = "{dnsSuffix}" + +// defaultKey is a compound map key of a variant and other values. +type defaultKey struct { + Variant endpointVariant + ServiceVariant serviceVariant +} + +// endpointKey is a compound map key of a region and associated variant value. +type endpointKey struct { + Region string + Variant endpointVariant +} + +// endpointVariant is a bit field to describe the endpoints attributes. +type endpointVariant uint64 + +// serviceVariant is a bit field to describe the service endpoint attributes. +type serviceVariant uint64 + +const ( + // fipsVariant indicates that the endpoint is FIPS capable. + fipsVariant endpointVariant = 1 << (64 - 1 - iota) + + // dualStackVariant indicates that the endpoint is DualStack capable. + dualStackVariant +) + var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`) type partitions []partition @@ -15,8 +49,12 @@ func (ps partitions) EndpointFor(service, region string, opts ...func(*Options)) var opt Options opt.Set(opts...) + if len(opt.ResolvedRegion) > 0 { + region = opt.ResolvedRegion + } + for i := 0; i < len(ps); i++ { - if !ps[i].canResolveEndpoint(service, region, opt.StrictMatching) { + if !ps[i].canResolveEndpoint(service, region, opt) { continue } @@ -44,14 +82,76 @@ func (ps partitions) Partitions() []Partition { return parts } +type endpointWithVariants struct { + endpoint + Variants []endpointWithTags `json:"variants"` +} + +type endpointWithTags struct { + endpoint + Tags []string `json:"tags"` +} + +type endpointDefaults map[defaultKey]endpoint + +func (p *endpointDefaults) UnmarshalJSON(data []byte) error { + if *p == nil { + *p = make(endpointDefaults) + } + + var e endpointWithVariants + if err := json.Unmarshal(data, &e); err != nil { + return err + } + + (*p)[defaultKey{Variant: 0}] = e.endpoint + + e.Hostname = "" + e.DNSSuffix = "" + + for _, variant := range e.Variants { + endpointVariant, unknown := parseVariantTags(variant.Tags) + if unknown { + continue + } + + var ve endpoint + ve.mergeIn(e.endpoint) + ve.mergeIn(variant.endpoint) + + (*p)[defaultKey{Variant: endpointVariant}] = ve + } + + return nil +} + +func parseVariantTags(tags []string) (ev endpointVariant, unknown bool) { + if len(tags) == 0 { + unknown = true + return + } + + for _, tag := range tags { + switch { + case strings.EqualFold("fips", tag): + ev |= fipsVariant + case strings.EqualFold("dualstack", tag): + ev |= dualStackVariant + default: + unknown = true + } + } + return ev, unknown +} + type partition struct { - ID string `json:"partition"` - Name string `json:"partitionName"` - DNSSuffix string `json:"dnsSuffix"` - RegionRegex regionRegex `json:"regionRegex"` - Defaults endpoint `json:"defaults"` - Regions regions `json:"regions"` - Services services `json:"services"` + ID string `json:"partition"` + Name string `json:"partitionName"` + DNSSuffix string `json:"dnsSuffix"` + RegionRegex regionRegex `json:"regionRegex"` + Defaults endpointDefaults `json:"defaults"` + Regions regions `json:"regions"` + Services services `json:"services"` } func (p partition) Partition() Partition { @@ -62,15 +162,18 @@ func (p partition) Partition() Partition { } } -func (p partition) canResolveEndpoint(service, region string, strictMatch bool) bool { +func (p partition) canResolveEndpoint(service, region string, options Options) bool { s, hasService := p.Services[service] - _, hasEndpoint := s.Endpoints[region] + _, hasEndpoint := s.Endpoints[endpointKey{ + Region: region, + Variant: options.getEndpointVariant(service), + }] if hasEndpoint && hasService { return true } - if strictMatch { + if options.StrictMatching { return false } @@ -101,7 +204,17 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) ( var opt Options opt.Set(opts...) + if len(opt.ResolvedRegion) > 0 { + region = opt.ResolvedRegion + } + s, hasService := p.Services[service] + + if service == Ec2metadataServiceID && !hasService { + endpoint := getEC2MetadataEndpoint(p.ID, service, opt.EC2MetadataEndpointMode) + return endpoint, nil + } + if len(service) == 0 || !(hasService || opt.ResolveUnknownService) { // Only return error if the resolver will not fallback to creating // endpoint based on service endpoint ID passed in. @@ -112,21 +225,94 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) ( region = s.PartitionEndpoint } - if (service == "sts" && opt.STSRegionalEndpoint != RegionalSTSEndpoint) || - (service == "s3" && opt.S3UsEast1RegionalEndpoint != RegionalS3UsEast1Endpoint) { - if _, ok := legacyGlobalRegions[service][region]; ok { - region = "aws-global" + if r, ok := isLegacyGlobalRegion(service, region, opt); ok { + region = r + } + + variant := opt.getEndpointVariant(service) + + endpoints := s.Endpoints + + serviceDefaults, hasServiceDefault := s.Defaults[defaultKey{Variant: variant}] + // If we searched for a variant which may have no explicit service defaults, + // then we need to inherit the standard service defaults except the hostname and dnsSuffix + if variant != 0 && !hasServiceDefault { + serviceDefaults = s.Defaults[defaultKey{}] + serviceDefaults.Hostname = "" + serviceDefaults.DNSSuffix = "" + } + + partitionDefaults, hasPartitionDefault := p.Defaults[defaultKey{Variant: variant}] + + var dnsSuffix string + if len(serviceDefaults.DNSSuffix) > 0 { + dnsSuffix = serviceDefaults.DNSSuffix + } else if variant == 0 { + // For legacy reasons the partition dnsSuffix is not in the defaults, so if we looked for + // a non-variant endpoint then we need to set the dnsSuffix. + dnsSuffix = p.DNSSuffix + } + + noDefaults := !hasServiceDefault && !hasPartitionDefault + + e, hasEndpoint := s.endpointForRegion(region, endpoints, variant) + if len(region) == 0 || (!hasEndpoint && (opt.StrictMatching || noDefaults)) { + return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(endpoints, variant)) + } + + defs := []endpoint{partitionDefaults, serviceDefaults} + + return e.resolve(service, p.ID, region, dnsSuffixTemplateKey, dnsSuffix, defs, opt) +} + +func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint { + switch mode { + case EC2IMDSEndpointModeStateIPv6: + return ResolvedEndpoint{ + URL: ec2MetadataEndpointIPv6, + PartitionID: partitionID, + SigningRegion: "aws-global", + SigningName: service, + SigningNameDerived: true, + SigningMethod: "v4", + } + case EC2IMDSEndpointModeStateIPv4: + fallthrough + default: + return ResolvedEndpoint{ + URL: ec2MetadataEndpointIPv4, + PartitionID: partitionID, + SigningRegion: "aws-global", + SigningName: service, + SigningNameDerived: true, + SigningMethod: "v4", } } +} - e, hasEndpoint := s.endpointForRegion(region) - if len(region) == 0 || (!hasEndpoint && opt.StrictMatching) { - return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(s.Endpoints)) +func isLegacyGlobalRegion(service string, region string, opt Options) (string, bool) { + if opt.getEndpointVariant(service) != 0 { + return "", false } - defs := []endpoint{p.Defaults, s.Defaults} + const ( + sts = "sts" + s3 = "s3" + awsGlobal = "aws-global" + ) - return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt) + switch { + case service == sts && opt.STSRegionalEndpoint == RegionalSTSEndpoint: + return region, false + case service == s3 && opt.S3UsEast1RegionalEndpoint == RegionalS3UsEast1Endpoint: + return region, false + default: + if _, ok := legacyGlobalRegions[service][region]; ok { + return awsGlobal, true + } + } + + return region, false } func serviceList(ss services) []string { @@ -136,10 +322,13 @@ func serviceList(ss services) []string { } return list } -func endpointList(es endpoints) []string { +func endpointList(es serviceEndpoints, variant endpointVariant) []string { list := make([]string, 0, len(es)) for k := range es { - list = append(list, k) + if k.Variant != variant { + continue + } + list = append(list, k.Region) } return list } @@ -171,19 +360,19 @@ type region struct { type services map[string]service type service struct { - PartitionEndpoint string `json:"partitionEndpoint"` - IsRegionalized boxedBool `json:"isRegionalized,omitempty"` - Defaults endpoint `json:"defaults"` - Endpoints endpoints `json:"endpoints"` + PartitionEndpoint string `json:"partitionEndpoint"` + IsRegionalized boxedBool `json:"isRegionalized,omitempty"` + Defaults endpointDefaults `json:"defaults"` + Endpoints serviceEndpoints `json:"endpoints"` } -func (s *service) endpointForRegion(region string) (endpoint, bool) { - if s.IsRegionalized == boxedFalse { - return s.Endpoints[s.PartitionEndpoint], region == s.PartitionEndpoint +func (s *service) endpointForRegion(region string, endpoints serviceEndpoints, variant endpointVariant) (endpoint, bool) { + if e, ok := endpoints[endpointKey{Region: region, Variant: variant}]; ok { + return e, true } - if e, ok := s.Endpoints[region]; ok { - return e, true + if s.IsRegionalized == boxedFalse { + return endpoints[endpointKey{Region: s.PartitionEndpoint, Variant: variant}], region == s.PartitionEndpoint } // Unable to find any matching endpoint, return @@ -191,22 +380,73 @@ func (s *service) endpointForRegion(region string) (endpoint, bool) { return endpoint{}, false } -type endpoints map[string]endpoint +type serviceEndpoints map[endpointKey]endpoint + +func (s *serviceEndpoints) UnmarshalJSON(data []byte) error { + if *s == nil { + *s = make(serviceEndpoints) + } + + var regionToEndpoint map[string]endpointWithVariants + + if err := json.Unmarshal(data, ®ionToEndpoint); err != nil { + return err + } + + for region, e := range regionToEndpoint { + (*s)[endpointKey{Region: region}] = e.endpoint + + e.Hostname = "" + e.DNSSuffix = "" + + for _, variant := range e.Variants { + endpointVariant, unknown := parseVariantTags(variant.Tags) + if unknown { + continue + } + + var ve endpoint + ve.mergeIn(e.endpoint) + ve.mergeIn(variant.endpoint) + + (*s)[endpointKey{Region: region, Variant: endpointVariant}] = ve + } + } + + return nil +} type endpoint struct { Hostname string `json:"hostname"` Protocols []string `json:"protocols"` CredentialScope credentialScope `json:"credentialScope"` - // Custom fields not modeled - HasDualStack boxedBool `json:"-"` - DualStackHostname string `json:"-"` + DNSSuffix string `json:"dnsSuffix"` // Signature Version not used SignatureVersions []string `json:"signatureVersions"` // SSLCommonName not used. SSLCommonName string `json:"sslCommonName"` + + Deprecated boxedBool `json:"deprecated"` +} + +// isZero returns whether the endpoint structure is an empty (zero) value. +func (e endpoint) isZero() bool { + switch { + case len(e.Hostname) != 0: + return false + case len(e.Protocols) != 0: + return false + case e.CredentialScope != (credentialScope{}): + return false + case len(e.SignatureVersions) != 0: + return false + case len(e.SSLCommonName) != 0: + return false + } + return true } const ( @@ -235,7 +475,7 @@ func getByPriority(s []string, p []string, def string) string { return s[0] } -func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) { +func (e endpoint) resolve(service, partitionID, region, dnsSuffixTemplateVariable, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) { var merged endpoint for _, def := range defs { merged.mergeIn(def) @@ -256,23 +496,26 @@ func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs [ } hostname := e.Hostname - // Offset the hostname for dualstack if enabled - if opts.UseDualStack && e.HasDualStack == boxedTrue { - hostname = e.DualStackHostname - region = signingRegion - } if !validateInputRegion(region) { return ResolvedEndpoint{}, fmt.Errorf("invalid region identifier format provided") } + if len(merged.DNSSuffix) > 0 { + dnsSuffix = merged.DNSSuffix + } + u := strings.Replace(hostname, "{service}", service, 1) u = strings.Replace(u, "{region}", region, 1) - u = strings.Replace(u, "{dnsSuffix}", dnsSuffix, 1) + u = strings.Replace(u, dnsSuffixTemplateVariable, dnsSuffix, 1) scheme := getEndpointScheme(e.Protocols, opts.DisableSSL) u = fmt.Sprintf("%s://%s", scheme, u) + if e.Deprecated == boxedTrue && opts.LogDeprecated && opts.Logger != nil { + opts.Logger.Log(fmt.Sprintf("endpoint identifier %q, url %q marked as deprecated", region, u)) + } + return ResolvedEndpoint{ URL: u, PartitionID: partitionID, @@ -310,11 +553,11 @@ func (e *endpoint) mergeIn(other endpoint) { if len(other.SSLCommonName) > 0 { e.SSLCommonName = other.SSLCommonName } - if other.HasDualStack != boxedBoolUnset { - e.HasDualStack = other.HasDualStack + if len(other.DNSSuffix) > 0 { + e.DNSSuffix = other.DNSSuffix } - if len(other.DualStackHostname) > 0 { - e.DualStackHostname = other.DualStackHostname + if other.Deprecated != boxedBoolUnset { + e.Deprecated = other.Deprecated } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go index 0fdfcc56e..84922bca8 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go @@ -1,3 +1,4 @@ +//go:build codegen // +build codegen package endpoints @@ -154,18 +155,71 @@ func serviceSet(ps partitions) map[string]struct{} { return set } +func endpointVariantSetter(variant endpointVariant) (string, error) { + if variant == 0 { + return "0", nil + } + + if variant > (fipsVariant | dualStackVariant) { + return "", fmt.Errorf("unknown endpoint variant") + } + + var symbols []string + if variant&fipsVariant != 0 { + symbols = append(symbols, "fipsVariant") + } + if variant&dualStackVariant != 0 { + symbols = append(symbols, "dualStackVariant") + } + v := strings.Join(symbols, "|") + + return v, nil +} + +func endpointKeySetter(e endpointKey) (string, error) { + var sb strings.Builder + sb.WriteString("endpointKey{\n") + sb.WriteString(fmt.Sprintf("Region: %q,\n", e.Region)) + if e.Variant != 0 { + variantSetter, err := endpointVariantSetter(e.Variant) + if err != nil { + return "", err + } + sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter)) + } + sb.WriteString("}") + return sb.String(), nil +} + +func defaultKeySetter(e defaultKey) (string, error) { + var sb strings.Builder + sb.WriteString("defaultKey{\n") + if e.Variant != 0 { + variantSetter, err := endpointVariantSetter(e.Variant) + if err != nil { + return "", err + } + sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter)) + } + sb.WriteString("}") + return sb.String(), nil +} + var funcMap = template.FuncMap{ - "ToSymbol": toSymbol, - "QuoteString": quoteString, - "RegionConst": regionConstName, - "PartitionGetter": partitionGetter, - "PartitionVarName": partitionVarName, - "ListPartitionNames": listPartitionNames, - "BoxedBoolIfSet": boxedBoolIfSet, - "StringIfSet": stringIfSet, - "StringSliceIfSet": stringSliceIfSet, - "EndpointIsSet": endpointIsSet, - "ServicesSet": serviceSet, + "ToSymbol": toSymbol, + "QuoteString": quoteString, + "RegionConst": regionConstName, + "PartitionGetter": partitionGetter, + "PartitionVarName": partitionVarName, + "ListPartitionNames": listPartitionNames, + "BoxedBoolIfSet": boxedBoolIfSet, + "StringIfSet": stringIfSet, + "StringSliceIfSet": stringSliceIfSet, + "EndpointIsSet": endpointIsSet, + "ServicesSet": serviceSet, + "EndpointVariantSetter": endpointVariantSetter, + "EndpointKeySetter": endpointKeySetter, + "DefaultKeySetter": defaultKeySetter, } const v3Tmpl = ` @@ -271,9 +325,9 @@ partition{ {{ StringIfSet "Name: %q,\n" .Name -}} {{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}} RegionRegex: {{ template "gocode RegionRegex" .RegionRegex }}, - {{ if EndpointIsSet .Defaults -}} - Defaults: {{ template "gocode Endpoint" .Defaults }}, - {{- end }} + {{ if (gt (len .Defaults) 0) -}} + Defaults: {{ template "gocode Defaults" .Defaults -}}, + {{ end -}} Regions: {{ template "gocode Regions" .Regions }}, Services: {{ template "gocode Services" .Services }}, } @@ -314,19 +368,27 @@ services{ service{ {{ StringIfSet "PartitionEndpoint: %q,\n" .PartitionEndpoint -}} {{ BoxedBoolIfSet "IsRegionalized: %s,\n" .IsRegionalized -}} - {{ if EndpointIsSet .Defaults -}} - Defaults: {{ template "gocode Endpoint" .Defaults -}}, - {{- end }} + {{ if (gt (len .Defaults) 0) -}} + Defaults: {{ template "gocode Defaults" .Defaults -}}, + {{ end -}} {{ if .Endpoints -}} Endpoints: {{ template "gocode Endpoints" .Endpoints }}, {{- end }} } {{- end }} +{{ define "gocode Defaults" -}} +endpointDefaults{ + {{ range $id, $endpoint := . -}} + {{ DefaultKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }}, + {{ end }} +} +{{- end }} + {{ define "gocode Endpoints" -}} -endpoints{ +serviceEndpoints{ {{ range $id, $endpoint := . -}} - "{{ $id }}": {{ template "gocode Endpoint" $endpoint }}, + {{ EndpointKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }}, {{ end }} } {{- end }} @@ -334,6 +396,7 @@ endpoints{ {{ define "gocode Endpoint" -}} endpoint{ {{ StringIfSet "Hostname: %q,\n" .Hostname -}} + {{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}} {{ StringIfSet "SSLCommonName: %q,\n" .SSLCommonName -}} {{ StringSliceIfSet "Protocols: []string{%s},\n" .Protocols -}} {{ StringSliceIfSet "SignatureVersions: []string{%s},\n" .SignatureVersions -}} @@ -343,9 +406,7 @@ endpoint{ {{ StringIfSet "Service: %q,\n" .CredentialScope.Service -}} }, {{- end }} - {{ BoxedBoolIfSet "HasDualStack: %s,\n" .HasDualStack -}} - {{ StringIfSet "DualStackHostname: %q,\n" .DualStackHostname -}} - + {{ BoxedBoolIfSet "Deprecated: %s,\n" .Deprecated -}} } {{- end }} ` diff --git a/vendor/github.com/aws/aws-sdk-go/aws/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/logger.go index 6ed15b2ec..49674cc79 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/logger.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/logger.go @@ -77,6 +77,9 @@ const ( // wire unmarshaled message content of requests and responses made while // using the SDK Will also enable LogDebug. LogDebugWithEventStreamBody + + // LogDebugWithDeprecated states the SDK should log details about deprecated functionality. + LogDebugWithDeprecated ) // A Logger is a minimalistic interface for the SDK to log messages to. Should diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go index e819ab6c0..9556332b6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go @@ -330,6 +330,9 @@ func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) { // WithSetRequestHeaders updates the operation request's HTTP header to contain // the header key value pairs provided. If the header key already exists in the // request's HTTP header set, the existing value(s) will be replaced. +// +// Header keys added will be added as canonical format with title casing +// applied via http.Header.Set method. func WithSetRequestHeaders(h map[string]string) Option { return withRequestHeader(h).SetRequestHeaders } @@ -338,6 +341,6 @@ type withRequestHeader map[string]string func (h withRequestHeader) SetRequestHeaders(r *Request) { for k, v := range h { - r.HTTPRequest.Header[k] = []string{v} + r.HTTPRequest.Header.Set(k, v) } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index d597c6ead..636d9ec94 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go @@ -4,6 +4,7 @@ import ( "bytes" "fmt" "io" + "io/ioutil" "net/http" "net/url" "reflect" @@ -129,12 +130,27 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers, httpReq, _ := http.NewRequest(method, "", nil) var err error - httpReq.URL, err = url.Parse(clientInfo.Endpoint + operation.HTTPPath) + httpReq.URL, err = url.Parse(clientInfo.Endpoint) if err != nil { httpReq.URL = &url.URL{} err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err) } + if len(operation.HTTPPath) != 0 { + opHTTPPath := operation.HTTPPath + var opQueryString string + if idx := strings.Index(opHTTPPath, "?"); idx >= 0 { + opQueryString = opHTTPPath[idx+1:] + opHTTPPath = opHTTPPath[:idx] + } + + if strings.HasSuffix(httpReq.URL.Path, "/") && strings.HasPrefix(opHTTPPath, "/") { + opHTTPPath = opHTTPPath[1:] + } + httpReq.URL.Path += opHTTPPath + httpReq.URL.RawQuery = opQueryString + } + r := &Request{ Config: cfg, ClientInfo: clientInfo, @@ -510,6 +526,14 @@ func (r *Request) GetBody() io.ReadSeeker { // Send will not close the request.Request's body. func (r *Request) Send() error { defer func() { + // Ensure a non-nil HTTPResponse parameter is set to ensure handlers + // checking for HTTPResponse values, don't fail. + if r.HTTPResponse == nil { + r.HTTPResponse = &http.Response{ + Header: http.Header{}, + Body: ioutil.NopCloser(&bytes.Buffer{}), + } + } // Regardless of success or failure of the request trigger the Complete // request handlers. r.Handlers.Complete.Run(r) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go index e36e468b7..5921b8ff2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go @@ -1,3 +1,4 @@ +//go:build !go1.8 // +build !go1.8 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go index de1292f45..ea643c9c4 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go @@ -1,3 +1,4 @@ +//go:build go1.8 // +build go1.8 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go index a7365cd1e..d8c505302 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go index 307fa0705..49a243ef2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package request diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go index 752ae47f8..3f0001f91 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go @@ -15,8 +15,8 @@ import ( // and determine if a request API error should be retried. // // client.DefaultRetryer is the SDK's default implementation of the Retryer. It -// uses the which uses the Request.IsErrorRetryable and Request.IsErrorThrottle -// methods to determine if the request is retried. +// uses the Request.IsErrorRetryable and Request.IsErrorThrottle methods to +// determine if the request is retried. type Retryer interface { // RetryRules return the retry delay that should be used by the SDK before // making another request attempt for the failed request. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go b/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go index 4601f883c..992ed0464 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/waiter.go @@ -256,8 +256,17 @@ func (a *WaiterAcceptor) match(name string, l aws.Logger, req *Request, err erro s := a.Expected.(int) result = s == req.HTTPResponse.StatusCode case ErrorWaiterMatch: - if aerr, ok := err.(awserr.Error); ok { - result = aerr.Code() == a.Expected.(string) + switch ex := a.Expected.(type) { + case string: + if aerr, ok := err.(awserr.Error); ok { + result = aerr.Code() == ex + } + case bool: + if ex { + result = err != nil + } else { + result = err == nil + } } default: waiterLogf(l, "WARNING: Waiter %s encountered unexpected matcher: %s", diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go index fe6dac1f4..ea8e35376 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -9,12 +9,27 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials/processcreds" + "github.com/aws/aws-sdk-go/aws/credentials/ssocreds" "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/defaults" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/internal/shareddefaults" + "github.com/aws/aws-sdk-go/service/ssooidc" + "github.com/aws/aws-sdk-go/service/sts" ) +// CredentialsProviderOptions specifies additional options for configuring +// credentials providers. +type CredentialsProviderOptions struct { + // WebIdentityRoleProviderOptions configures a WebIdentityRoleProvider, + // such as setting its ExpiryWindow. + WebIdentityRoleProviderOptions func(*stscreds.WebIdentityRoleProvider) + + // ProcessProviderOptions configures a ProcessProvider, + // such as setting its Timeout. + ProcessProviderOptions func(*processcreds.ProcessProvider) +} + func resolveCredentials(cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, @@ -23,7 +38,7 @@ func resolveCredentials(cfg *aws.Config, switch { case len(sessOpts.Profile) != 0: - // User explicitly provided an Profile in the session's configuration + // User explicitly provided a Profile in the session's configuration // so load that profile from shared config first. // Github(aws/aws-sdk-go#2727) return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) @@ -39,6 +54,7 @@ func resolveCredentials(cfg *aws.Config, envCfg.WebIdentityTokenFilePath, envCfg.RoleARN, envCfg.RoleSessionName, + sessOpts.CredentialsProviderOptions, ) default: @@ -58,6 +74,7 @@ var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, " func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers, filepath string, roleARN, sessionName string, + credOptions *CredentialsProviderOptions, ) (*credentials.Credentials, error) { if len(filepath) == 0 { @@ -68,17 +85,18 @@ func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers, return nil, WebIdentityEmptyRoleARNErr } - creds := stscreds.NewWebIdentityCredentials( - &Session{ - Config: cfg, - Handlers: handlers.Copy(), - }, - roleARN, - sessionName, - filepath, - ) + svc := sts.New(&Session{ + Config: cfg, + Handlers: handlers.Copy(), + }) - return creds, nil + var optFns []func(*stscreds.WebIdentityRoleProvider) + if credOptions != nil && credOptions.WebIdentityRoleProviderOptions != nil { + optFns = append(optFns, credOptions.WebIdentityRoleProviderOptions) + } + + p := stscreds.NewWebIdentityRoleProviderWithOptions(svc, roleARN, sessionName, stscreds.FetchTokenPath(filepath), optFns...) + return credentials.NewCredentials(p), nil } func resolveCredsFromProfile(cfg *aws.Config, @@ -100,10 +118,6 @@ func resolveCredsFromProfile(cfg *aws.Config, sharedCfg.Creds, ) - case len(sharedCfg.CredentialProcess) != 0: - // Get credentials from CredentialProcess - creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) - case len(sharedCfg.CredentialSource) != 0: creds, err = resolveCredsFromSource(cfg, envCfg, sharedCfg, handlers, sessOpts, @@ -117,8 +131,20 @@ func resolveCredsFromProfile(cfg *aws.Config, sharedCfg.WebIdentityTokenFile, sharedCfg.RoleARN, sharedCfg.RoleSessionName, + sessOpts.CredentialsProviderOptions, ) + case sharedCfg.hasSSOConfiguration(): + creds, err = resolveSSOCredentials(cfg, sharedCfg, handlers) + + case len(sharedCfg.CredentialProcess) != 0: + // Get credentials from CredentialProcess + var optFns []func(*processcreds.ProcessProvider) + if sessOpts.CredentialsProviderOptions != nil && sessOpts.CredentialsProviderOptions.ProcessProviderOptions != nil { + optFns = append(optFns, sessOpts.CredentialsProviderOptions.ProcessProviderOptions) + } + creds = processcreds.NewCredentials(sharedCfg.CredentialProcess, optFns...) + default: // Fallback to default credentials provider, include mock errors for // the credential chain so user can identify why credentials failed to @@ -151,6 +177,46 @@ func resolveCredsFromProfile(cfg *aws.Config, return creds, nil } +func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers request.Handlers) (*credentials.Credentials, error) { + if err := sharedCfg.validateSSOConfiguration(); err != nil { + return nil, err + } + + var optFns []func(provider *ssocreds.Provider) + cfgCopy := cfg.Copy() + + if sharedCfg.SSOSession != nil { + cfgCopy.Region = &sharedCfg.SSOSession.SSORegion + cachedPath, err := ssocreds.StandardCachedTokenFilepath(sharedCfg.SSOSession.Name) + if err != nil { + return nil, err + } + // create oidcClient with AnonymousCredentials to avoid recursively resolving credentials + mySession := Must(NewSession(&aws.Config{ + Credentials: credentials.AnonymousCredentials, + })) + oidcClient := ssooidc.New(mySession, cfgCopy) + tokenProvider := ssocreds.NewSSOTokenProvider(oidcClient, cachedPath) + optFns = append(optFns, func(p *ssocreds.Provider) { + p.TokenProvider = tokenProvider + p.CachedTokenFilepath = cachedPath + }) + } else { + cfgCopy.Region = &sharedCfg.SSORegion + } + + return ssocreds.NewCredentials( + &Session{ + Config: cfgCopy, + Handlers: handlers.Copy(), + }, + sharedCfg.SSOAccountID, + sharedCfg.SSORoleName, + sharedCfg.SSOStartURL, + optFns..., + ), nil +} + // valid credential source values const ( credSourceEc2Metadata = "Ec2InstanceMetadata" diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go index 593aedc42..4390ad52f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go @@ -1,3 +1,4 @@ +//go:build go1.13 // +build go1.13 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go index 1bf31cf8e..668565bea 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go @@ -1,3 +1,4 @@ +//go:build !go1.13 && go1.7 // +build !go1.13,go1.7 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go index 253d7bc9d..e101aa6b6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.6 && go1.5 // +build !go1.6,go1.5 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go index db2406054..b5fcbe0d1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go @@ -1,3 +1,4 @@ +//go:build !go1.7 && go1.6 // +build !go1.7,go1.6 package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go index 9419b518d..ff3cc012a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go @@ -283,7 +283,85 @@ component must be enclosed in square brackets. The custom EC2 IMDS endpoint can also be specified via the Session options. sess, err := session.NewSessionWithOptions(session.Options{ - EC2IMDSEndpoint: "http://[::1]", + EC2MetadataEndpoint: "http://[::1]", + }) + +FIPS and DualStack Endpoints + +The SDK can be configured to resolve an endpoint with certain capabilities such as FIPS and DualStack. + +You can configure a FIPS endpoint using an environment variable, shared config ($HOME/.aws/config), +or programmatically. + +To configure a FIPS endpoint set the environment variable set the AWS_USE_FIPS_ENDPOINT to true or false to enable +or disable FIPS endpoint resolution. + + AWS_USE_FIPS_ENDPOINT=true + +To configure a FIPS endpoint using shared config, set use_fips_endpoint to true or false to enable +or disable FIPS endpoint resolution. + + [profile myprofile] + region=us-west-2 + use_fips_endpoint=true + +To configure a FIPS endpoint programmatically + + // Option 1: Configure it on a session for all clients + sess, err := session.NewSessionWithOptions(session.Options{ + UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled, + }) + if err != nil { + // handle error + } + + client := s3.New(sess) + + // Option 2: Configure it per client + sess, err := session.NewSession() + if err != nil { + // handle error + } + + client := s3.New(sess, &aws.Config{ + UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled, + }) + +You can configure a DualStack endpoint using an environment variable, shared config ($HOME/.aws/config), +or programmatically. + +To configure a DualStack endpoint set the environment variable set the AWS_USE_DUALSTACK_ENDPOINT to true or false to +enable or disable DualStack endpoint resolution. + + AWS_USE_DUALSTACK_ENDPOINT=true + +To configure a DualStack endpoint using shared config, set use_dualstack_endpoint to true or false to enable +or disable DualStack endpoint resolution. + + [profile myprofile] + region=us-west-2 + use_dualstack_endpoint=true + +To configure a DualStack endpoint programmatically + + // Option 1: Configure it on a session for all clients + sess, err := session.NewSessionWithOptions(session.Options{ + UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled, + }) + if err != nil { + // handle error + } + + client := s3.New(sess) + + // Option 2: Configure it per client + sess, err := session.NewSession() + if err != nil { + // handle error + } + + client := s3.New(sess, &aws.Config{ + UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled, }) */ package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index 3cd5d4b5a..93bb5de64 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -161,10 +161,33 @@ type envConfig struct { // AWS_S3_USE_ARN_REGION=true S3UseARNRegion bool - // Specifies the alternative endpoint to use for EC2 IMDS. + // Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode. // // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] EC2IMDSEndpoint string + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // AWS_EC2_METADATA_V1_DISABLED=true + EC2IMDSv1Disabled *bool + + // Specifies that SDK clients must resolve a dual-stack endpoint for + // services. + // + // AWS_USE_DUALSTACK_ENDPOINT=true + UseDualStackEndpoint endpoints.DualStackEndpointState + + // Specifies that SDK clients must resolve a FIPS endpoint for + // services. + // + // AWS_USE_FIPS_ENDPOINT=true + UseFIPSEndpoint endpoints.FIPSEndpointState } var ( @@ -231,6 +254,12 @@ var ( ec2IMDSEndpointEnvKey = []string{ "AWS_EC2_METADATA_SERVICE_ENDPOINT", } + ec2IMDSEndpointModeEnvKey = []string{ + "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE", + } + ec2MetadataV1DisabledEnvKey = []string{ + "AWS_EC2_METADATA_V1_DISABLED", + } useCABundleKey = []string{ "AWS_CA_BUNDLE", } @@ -240,6 +269,12 @@ var ( useClientTLSKey = []string{ "AWS_SDK_GO_CLIENT_TLS_KEY", } + awsUseDualStackEndpoint = []string{ + "AWS_USE_DUALSTACK_ENDPOINT", + } + awsUseFIPSEndpoint = []string{ + "AWS_USE_FIPS_ENDPOINT", + } ) // loadEnvConfig retrieves the SDK's environment configuration. @@ -364,6 +399,18 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { } setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey) + if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil { + return envConfig{}, err + } + setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey) + + if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil { + return cfg, err + } + + if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, awsUseFIPSEndpoint); err != nil { + return cfg, err + } return cfg, nil } @@ -376,3 +423,77 @@ func setFromEnvVal(dst *string, keys []string) { } } } + +func setBoolPtrFromEnvVal(dst **bool, keys []string) { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch { + case strings.EqualFold(value, "false"): + *dst = new(bool) + **dst = false + case strings.EqualFold(value, "true"): + *dst = new(bool) + **dst = true + } + } +} + +func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + if err := mode.SetFromString(value); err != nil { + return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err) + } + return nil + } + return nil +} + +func setUseDualStackEndpointFromEnvVal(dst *endpoints.DualStackEndpointState, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue // skip if empty + } + + switch { + case strings.EqualFold(value, "true"): + *dst = endpoints.DualStackEndpointStateEnabled + case strings.EqualFold(value, "false"): + *dst = endpoints.DualStackEndpointStateDisabled + default: + return fmt.Errorf( + "invalid value for environment variable, %s=%s, need true, false", + k, value) + } + } + return nil +} + +func setUseFIPSEndpointFromEnvVal(dst *endpoints.FIPSEndpointState, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue // skip if empty + } + + switch { + case strings.EqualFold(value, "true"): + *dst = endpoints.FIPSEndpointStateEnabled + case strings.EqualFold(value, "false"): + *dst = endpoints.FIPSEndpointStateDisabled + default: + return fmt.Errorf( + "invalid value for environment variable, %s=%s, need true, false", + k, value) + } + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 08713cc34..3c88dee52 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -8,6 +8,7 @@ import ( "io/ioutil" "net/http" "os" + "strings" "time" "github.com/aws/aws-sdk-go/aws" @@ -36,7 +37,7 @@ const ( // ErrSharedConfigSourceCollision will be returned if a section contains both // source_profile and credential_source -var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only source profile or credential source can be specified, not both", nil) +var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only one credential type may be specified per profile: source profile, credential source, credential process, web identity token", nil) // ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment // variables are empty and Environment was set as the credential source @@ -173,7 +174,6 @@ const ( // Options provides the means to control how a Session is created and what // configuration values will be loaded. -// type Options struct { // Provides config values for the SDK to use when creating service clients // and making API requests to services. Any value set in with this field @@ -223,7 +223,7 @@ type Options struct { // from stdin for the MFA token code. // // This field is only used if the shared configuration is enabled, and - // the config enables assume role wit MFA via the mfa_serial field. + // the config enables assume role with MFA via the mfa_serial field. AssumeRoleTokenProvider func() (string, error) // When the SDK's shared config is configured to assume a role this option @@ -283,8 +283,8 @@ type Options struct { Handlers request.Handlers // Allows specifying a custom endpoint to be used by the EC2 IMDS client - // when making requests to the EC2 IMDS API. The must endpoint value must - // include protocol prefix. + // when making requests to the EC2 IMDS API. The endpoint value should + // include the URI scheme. If the scheme is not present it will be defaulted to http. // // If unset, will the EC2 IMDS client will use its default endpoint. // @@ -298,6 +298,16 @@ type Options struct { // // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] EC2IMDSEndpoint string + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + + // Specifies options for creating credential providers. + // These are only used if the aws.Config does not already + // include credentials. + CredentialsProviderOptions *CredentialsProviderOptions } // NewSessionWithOptions returns a new Session created from SDK defaults, config files, @@ -311,24 +321,24 @@ type Options struct { // credentials file. Enabling the Shared Config will also allow the Session // to be built with retrieving credentials with AssumeRole set in the config. // -// // Equivalent to session.New -// sess := session.Must(session.NewSessionWithOptions(session.Options{})) +// // Equivalent to session.New +// sess := session.Must(session.NewSessionWithOptions(session.Options{})) // -// // Specify profile to load for the session's config -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// Profile: "profile_name", -// })) +// // Specify profile to load for the session's config +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// Profile: "profile_name", +// })) // -// // Specify profile for config and region for requests -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// Config: aws.Config{Region: aws.String("us-east-1")}, -// Profile: "profile_name", -// })) +// // Specify profile for config and region for requests +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// Config: aws.Config{Region: aws.String("us-east-1")}, +// Profile: "profile_name", +// })) // -// // Force enable Shared Config support -// sess := session.Must(session.NewSessionWithOptions(session.Options{ -// SharedConfigState: session.SharedConfigEnable, -// })) +// // Force enable Shared Config support +// sess := session.Must(session.NewSessionWithOptions(session.Options{ +// SharedConfigState: session.SharedConfigEnable, +// })) func NewSessionWithOptions(opts Options) (*Session, error) { var envCfg envConfig var err error @@ -364,7 +374,7 @@ func NewSessionWithOptions(opts Options) (*Session, error) { // This helper is intended to be used in variable initialization to load the // Session and configuration at startup. Such as: // -// var sess = session.Must(session.NewSession()) +// var sess = session.Must(session.NewSession()) func Must(sess *Session, err error) *Session { if err != nil { panic(err) @@ -375,19 +385,23 @@ func Must(sess *Session, err error) *Session { // Wraps the endpoint resolver with a resolver that will return a custom // endpoint for EC2 IMDS. -func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string) endpoints.Resolver { +func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string, mode endpoints.EC2IMDSEndpointModeState) endpoints.Resolver { return endpoints.ResolverFunc( func(service, region string, opts ...func(*endpoints.Options)) ( endpoints.ResolvedEndpoint, error, ) { - if service == ec2MetadataServiceID { + if service == ec2MetadataServiceID && len(endpoint) > 0 { return endpoints.ResolvedEndpoint{ URL: endpoint, SigningName: ec2MetadataServiceID, SigningRegion: region, }, nil + } else if service == ec2MetadataServiceID { + opts = append(opts, func(o *endpoints.Options) { + o.EC2MetadataEndpointMode = mode + }) } - return resolver.EndpointFor(service, region) + return resolver.EndpointFor(service, region, opts...) }) } @@ -404,8 +418,8 @@ func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session { cfg.EndpointResolver = endpoints.DefaultResolver() } - if len(envCfg.EC2IMDSEndpoint) != 0 { - cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint) + if !(len(envCfg.EC2IMDSEndpoint) == 0 && envCfg.EC2IMDSEndpointMode == endpoints.EC2IMDSEndpointModeStateUnset) { + cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint, envCfg.EC2IMDSEndpointMode) } cfg.Credentials = defaults.CredChain(cfg, handlers) @@ -737,22 +751,40 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, endpoints.LegacyS3UsEast1Endpoint, }) - ec2IMDSEndpoint := sessOpts.EC2IMDSEndpoint - if len(ec2IMDSEndpoint) == 0 { - ec2IMDSEndpoint = envCfg.EC2IMDSEndpoint - } - if len(ec2IMDSEndpoint) != 0 { - cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint) + var ec2IMDSEndpoint string + for _, v := range []string{ + sessOpts.EC2IMDSEndpoint, + envCfg.EC2IMDSEndpoint, + sharedCfg.EC2IMDSEndpoint, + } { + if len(v) != 0 { + ec2IMDSEndpoint = v + break + } } - // Configure credentials if not already set by the user when creating the - // Session. - if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { - creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) - if err != nil { - return err + var endpointMode endpoints.EC2IMDSEndpointModeState + for _, v := range []endpoints.EC2IMDSEndpointModeState{ + sessOpts.EC2IMDSEndpointMode, + envCfg.EC2IMDSEndpointMode, + sharedCfg.EC2IMDSEndpointMode, + } { + if v != endpoints.EC2IMDSEndpointModeStateUnset { + endpointMode = v + break } - cfg.Credentials = creds + } + + if len(ec2IMDSEndpoint) != 0 || endpointMode != endpoints.EC2IMDSEndpointModeStateUnset { + cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) + } + + cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback + if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled) + } + if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled) } cfg.S3UseARNRegion = userCfg.S3UseARNRegion @@ -763,6 +795,31 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion } + for _, v := range []endpoints.DualStackEndpointState{userCfg.UseDualStackEndpoint, envCfg.UseDualStackEndpoint, sharedCfg.UseDualStackEndpoint} { + if v != endpoints.DualStackEndpointStateUnset { + cfg.UseDualStackEndpoint = v + break + } + } + + for _, v := range []endpoints.FIPSEndpointState{userCfg.UseFIPSEndpoint, envCfg.UseFIPSEndpoint, sharedCfg.UseFIPSEndpoint} { + if v != endpoints.FIPSEndpointStateUnset { + cfg.UseFIPSEndpoint = v + break + } + } + + // Configure credentials if not already set by the user when creating the Session. + // Credentials are resolved last such that all _resolved_ config values are propagated to credential providers. + // ticket: P83606045 + if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { + creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) + if err != nil { + return err + } + cfg.Credentials = creds + } + return nil } @@ -796,8 +853,8 @@ func initHandlers(s *Session) { // and handlers. If any additional configs are provided they will be merged // on top of the Session's copied config. // -// // Create a copy of the current Session, configured for the us-west-2 region. -// sess.Copy(&aws.Config{Region: aws.String("us-west-2")}) +// // Create a copy of the current Session, configured for the us-west-2 region. +// sess.Copy(&aws.Config{Region: aws.String("us-west-2")}) func (s *Session) Copy(cfgs ...*aws.Config) *Session { newSession := &Session{ Config: s.Config.Copy(cfgs...), @@ -816,8 +873,10 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session { func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config { s = s.Copy(cfgs...) + resolvedRegion := normalizeRegion(s.Config) + region := aws.StringValue(s.Config.Region) - resolved, err := s.resolveEndpoint(service, region, s.Config) + resolved, err := s.resolveEndpoint(service, region, resolvedRegion, s.Config) if err != nil { s.Handlers.Validate.PushBack(func(r *request.Request) { if len(r.ClientInfo.Endpoint) != 0 { @@ -838,12 +897,13 @@ func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Confi SigningRegion: resolved.SigningRegion, SigningNameDerived: resolved.SigningNameDerived, SigningName: resolved.SigningName, + ResolvedRegion: resolvedRegion, } } const ec2MetadataServiceID = "ec2metadata" -func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) { +func (s *Session) resolveEndpoint(service, region, resolvedRegion string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) { if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 { return endpoints.ResolvedEndpoint{ @@ -855,7 +915,12 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp resolved, err := cfg.EndpointResolver.EndpointFor(service, region, func(opt *endpoints.Options) { opt.DisableSSL = aws.BoolValue(cfg.DisableSSL) + opt.UseDualStack = aws.BoolValue(cfg.UseDualStack) + opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint + + opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint + // Support for STSRegionalEndpoint where the STSRegionalEndpoint is // provided in envConfig or sharedConfig with envConfig getting // precedence. @@ -869,6 +934,11 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp // Support the condition where the service is modeled but its // endpoint metadata is not available. opt.ResolveUnknownService = true + + opt.ResolvedRegion = resolvedRegion + + opt.Logger = cfg.Logger + opt.LogDeprecated = cfg.LogLevel.Matches(aws.LogDebugWithDeprecated) }, ) if err != nil { @@ -884,6 +954,8 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config { s = s.Copy(cfgs...) + resolvedRegion := normalizeRegion(s.Config) + var resolved endpoints.ResolvedEndpoint if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 { resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL)) @@ -897,6 +969,7 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf SigningRegion: resolved.SigningRegion, SigningNameDerived: resolved.SigningNameDerived, SigningName: resolved.SigningName, + ResolvedRegion: resolvedRegion, } } @@ -910,3 +983,23 @@ func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aw r.Error = err }) } + +// normalizeRegion resolves / normalizes the configured region (converts pseudo fips regions), and modifies the provided +// config to have the equivalent options for resolution and returns the resolved region name. +func normalizeRegion(cfg *aws.Config) (resolved string) { + const fipsInfix = "-fips-" + const fipsPrefix = "-fips" + const fipsSuffix = "fips-" + + region := aws.StringValue(cfg.Region) + + if strings.Contains(region, fipsInfix) || + strings.Contains(region, fipsPrefix) || + strings.Contains(region, fipsSuffix) { + resolved = strings.Replace(strings.Replace(strings.Replace( + region, fipsInfix, "-", -1), fipsPrefix, "", -1), fipsSuffix, "", -1) + cfg.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled + } + + return resolved +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index be7daacf3..f3ce8183d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -2,6 +2,7 @@ package session import ( "fmt" + "strings" "time" "github.com/aws/aws-sdk-go/aws/awserr" @@ -25,6 +26,19 @@ const ( roleSessionNameKey = `role_session_name` // optional roleDurationSecondsKey = "duration_seconds" // optional + // Prefix to be used for SSO sections. These are supposed to only exist in + // the shared config file, not the credentials file. + ssoSectionPrefix = `sso-session ` + + // AWS Single Sign-On (AWS SSO) group + ssoSessionNameKey = "sso_session" + + // AWS Single Sign-On (AWS SSO) group + ssoAccountIDKey = "sso_account_id" + ssoRegionKey = "sso_region" + ssoRoleNameKey = "sso_role_name" + ssoStartURL = "sso_start_url" + // CSM options csmEnabledKey = `csm_enabled` csmHostKey = `csm_host` @@ -59,10 +73,27 @@ const ( // S3 ARN Region Usage s3UseARNRegionKey = "s3_use_arn_region" + + // EC2 IMDS Endpoint Mode + ec2MetadataServiceEndpointModeKey = "ec2_metadata_service_endpoint_mode" + + // EC2 IMDS Endpoint + ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint" + + // ECS IMDSv1 disable fallback + ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled" + + // Use DualStack Endpoint Resolution + useDualStackEndpoint = "use_dualstack_endpoint" + + // Use FIPS Endpoint Resolution + useFIPSEndpointKey = "use_fips_endpoint" ) // sharedConfig represents the configuration fields of the SDK config files. type sharedConfig struct { + Profile string + // Credentials values from the config file. Both aws_access_key_id and // aws_secret_access_key must be provided together in the same file to be // considered valid. The values will be ignored if not a complete group. @@ -78,6 +109,15 @@ type sharedConfig struct { CredentialProcess string WebIdentityTokenFile string + // SSO session options + SSOSessionName string + SSOSession *ssoSession + + SSOAccountID string + SSORegion string + SSORoleName string + SSOStartURL string + RoleARN string RoleSessionName string ExternalID string @@ -131,6 +171,34 @@ type sharedConfig struct { // // s3_use_arn_region=true S3UseARNRegion bool + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // ec2_metadata_service_endpoint_mode=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + + // Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode. + // + // ec2_metadata_service_endpoint=http://fd00:ec2::254 + EC2IMDSEndpoint string + + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // ec2_metadata_v1_disabled=true + EC2IMDSv1Disabled *bool + + // Specifies that SDK clients must resolve a dual-stack endpoint for + // services. + // + // use_dualstack_endpoint=true + UseDualStackEndpoint endpoints.DualStackEndpointState + + // Specifies that SDK clients must resolve a FIPS endpoint for + // services. + // + // use_fips_endpoint=true + UseFIPSEndpoint endpoints.FIPSEndpointState } type sharedConfigFile struct { @@ -138,6 +206,20 @@ type sharedConfigFile struct { IniData ini.Sections } +// SSOSession provides the shared configuration parameters of the sso-session +// section. +type ssoSession struct { + Name string + SSORegion string + SSOStartURL string +} + +func (s *ssoSession) setFromIniSection(section ini.Section) { + updateString(&s.Name, section, ssoSessionNameKey) + updateString(&s.SSORegion, section, ssoRegionKey) + updateString(&s.SSOStartURL, section, ssoStartURL) +} + // loadSharedConfig retrieves the configuration from the list of files using // the profile provided. The order the files are listed will determine // precedence. Values in subsequent files will overwrite values defined in @@ -189,6 +271,8 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) { } func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error { + cfg.Profile = profile + // Trim files from the list that don't exist. var skippedFiles int var profileNotFoundErr error @@ -216,13 +300,13 @@ func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile s // profile only have credential provider options. cfg.clearAssumeRoleOptions() } else { - // First time a profile has been seen, It must either be a assume role - // or credentials. Assert if the credential type requires a role ARN, - // the ARN is also set. - if err := cfg.validateCredentialsRequireARN(profile); err != nil { + // First time a profile has been seen. Assert if the credential type + // requires a role ARN, the ARN is also set + if err := cfg.validateCredentialsConfig(profile); err != nil { return err } } + profiles[profile] = struct{}{} if err := cfg.validateCredentialType(); err != nil { @@ -258,6 +342,30 @@ func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile s cfg.SourceProfile = srcCfg } + // If the profile contains an SSO session parameter, the session MUST exist + // as a section in the config file. Load the SSO session using the name + // provided. If the session section is not found or incomplete an error + // will be returned. + if cfg.hasSSOTokenProviderConfiguration() { + skippedFiles = 0 + for _, f := range files { + section, ok := f.IniData.GetSection(fmt.Sprintf(ssoSectionPrefix + strings.TrimSpace(cfg.SSOSessionName))) + if ok { + var ssoSession ssoSession + ssoSession.setFromIniSection(section) + ssoSession.Name = cfg.SSOSessionName + cfg.SSOSession = &ssoSession + break + } + skippedFiles++ + } + if skippedFiles == len(files) { + // If all files were skipped because the sso session section is not found, return + // the sso section not found error. + return fmt.Errorf("failed to find SSO session section, %v", cfg.SSOSessionName) + } + } + return nil } @@ -290,8 +398,15 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.Region, section, regionKey) updateString(&cfg.CustomCABundle, section, customCABundleKey) + // we're retaining a behavioral quirk with this field that existed before + // the removal of literal parsing for (aws-sdk-go-v2/#2276): + // - if the key is missing, the config field will not be set + // - if the key is set to a non-numeric, the config field will be set to 0 if section.Has(roleDurationSecondsKey) { - d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second + var d time.Duration + if v, ok := section.Int(roleDurationSecondsKey); ok { + d = time.Duration(v) * time.Second + } cfg.AssumeRoleDuration = &d } @@ -312,6 +427,27 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e } cfg.S3UsEast1RegionalEndpoint = sre } + + // AWS Single Sign-On (AWS SSO) + // SSO session options + updateString(&cfg.SSOSessionName, section, ssoSessionNameKey) + + // AWS Single Sign-On (AWS SSO) + updateString(&cfg.SSOAccountID, section, ssoAccountIDKey) + updateString(&cfg.SSORegion, section, ssoRegionKey) + updateString(&cfg.SSORoleName, section, ssoRoleNameKey) + updateString(&cfg.SSOStartURL, section, ssoStartURL) + + if err := updateEC2MetadataServiceEndpointMode(&cfg.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil { + return fmt.Errorf("failed to load %s from shared config, %s, %v", + ec2MetadataServiceEndpointModeKey, file.Filename, err) + } + updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey) + updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey) + + updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint) + + updateUseFIPSEndpoint(&cfg.UseFIPSEndpoint, section, useFIPSEndpointKey) } updateString(&cfg.CredentialProcess, section, credentialProcessKey) @@ -342,6 +478,22 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e return nil } +func updateEC2MetadataServiceEndpointMode(endpointMode *endpoints.EC2IMDSEndpointModeState, section ini.Section, key string) error { + if !section.Has(key) { + return nil + } + value := section.String(key) + return endpointMode.SetFromString(value) +} + +func (cfg *sharedConfig) validateCredentialsConfig(profile string) error { + if err := cfg.validateCredentialsRequireARN(profile); err != nil { + return err + } + + return nil +} + func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error { var credSource string @@ -378,12 +530,31 @@ func (cfg *sharedConfig) validateCredentialType() error { return nil } +func (cfg *sharedConfig) validateSSOConfiguration() error { + if cfg.hasSSOTokenProviderConfiguration() { + err := cfg.validateSSOTokenProviderConfiguration() + if err != nil { + return err + } + return nil + } + + if cfg.hasLegacySSOConfiguration() { + err := cfg.validateLegacySSOConfiguration() + if err != nil { + return err + } + } + return nil +} + func (cfg *sharedConfig) hasCredentials() bool { switch { case len(cfg.SourceProfileName) != 0: case len(cfg.CredentialSource) != 0: case len(cfg.CredentialProcess) != 0: case len(cfg.WebIdentityTokenFile) != 0: + case cfg.hasSSOConfiguration(): case cfg.Creds.HasKeys(): default: return false @@ -397,6 +568,10 @@ func (cfg *sharedConfig) clearCredentialOptions() { cfg.CredentialProcess = "" cfg.WebIdentityTokenFile = "" cfg.Creds = credentials.Value{} + cfg.SSOAccountID = "" + cfg.SSORegion = "" + cfg.SSORoleName = "" + cfg.SSOStartURL = "" } func (cfg *sharedConfig) clearAssumeRoleOptions() { @@ -407,6 +582,79 @@ func (cfg *sharedConfig) clearAssumeRoleOptions() { cfg.SourceProfileName = "" } +func (cfg *sharedConfig) hasSSOConfiguration() bool { + return cfg.hasSSOTokenProviderConfiguration() || cfg.hasLegacySSOConfiguration() +} + +func (c *sharedConfig) hasSSOTokenProviderConfiguration() bool { + return len(c.SSOSessionName) > 0 +} + +func (c *sharedConfig) hasLegacySSOConfiguration() bool { + return len(c.SSORegion) > 0 || len(c.SSOAccountID) > 0 || len(c.SSOStartURL) > 0 || len(c.SSORoleName) > 0 +} + +func (c *sharedConfig) validateSSOTokenProviderConfiguration() error { + var missing []string + + if len(c.SSOSessionName) == 0 { + missing = append(missing, ssoSessionNameKey) + } + + if c.SSOSession == nil { + missing = append(missing, ssoSectionPrefix) + } else { + if len(c.SSOSession.SSORegion) == 0 { + missing = append(missing, ssoRegionKey) + } + + if len(c.SSOSession.SSOStartURL) == 0 { + missing = append(missing, ssoStartURL) + } + } + + if len(missing) > 0 { + return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s", + c.Profile, strings.Join(missing, ", ")) + } + + if len(c.SSORegion) > 0 && c.SSORegion != c.SSOSession.SSORegion { + return fmt.Errorf("%s in profile %q must match %s in %s", ssoRegionKey, c.Profile, ssoRegionKey, ssoSectionPrefix) + } + + if len(c.SSOStartURL) > 0 && c.SSOStartURL != c.SSOSession.SSOStartURL { + return fmt.Errorf("%s in profile %q must match %s in %s", ssoStartURL, c.Profile, ssoStartURL, ssoSectionPrefix) + } + + return nil +} + +func (c *sharedConfig) validateLegacySSOConfiguration() error { + var missing []string + + if len(c.SSORegion) == 0 { + missing = append(missing, ssoRegionKey) + } + + if len(c.SSOStartURL) == 0 { + missing = append(missing, ssoStartURL) + } + + if len(c.SSOAccountID) == 0 { + missing = append(missing, ssoAccountIDKey) + } + + if len(c.SSORoleName) == 0 { + missing = append(missing, ssoRoleNameKey) + } + + if len(missing) > 0 { + return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s", + c.Profile, strings.Join(missing, ", ")) + } + return nil +} + func oneOrNone(bs ...bool) bool { var count int @@ -437,7 +685,10 @@ func updateBool(dst *bool, section ini.Section, key string) { if !section.Has(key) { return } - *dst = section.Bool(key) + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) + *dst = v } // updateBoolPtr will only update the dst with the value in the section key, @@ -446,8 +697,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) { if !section.Has(key) { return } + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) *dst = new(bool) - **dst = section.Bool(key) + **dst = v } // SharedConfigLoadError is an error for the shared config file failed to load. @@ -566,3 +820,37 @@ func (e CredentialRequiresARNError) OrigErr() error { func (e CredentialRequiresARNError) Error() string { return awserr.SprintError(e.Code(), e.Message(), "", nil) } + +// updateEndpointDiscoveryType will only update the dst with the value in the section, if +// a valid key and corresponding EndpointDiscoveryType is found. +func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section ini.Section, key string) { + if !section.Has(key) { + return + } + + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { + *dst = endpoints.DualStackEndpointStateEnabled + } else { + *dst = endpoints.DualStackEndpointStateDisabled + } + + return +} + +// updateEndpointDiscoveryType will only update the dst with the value in the section, if +// a valid key and corresponding EndpointDiscoveryType is found. +func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section, key string) { + if !section.Has(key) { + return + } + + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { + *dst = endpoints.FIPSEndpointStateEnabled + } else { + *dst = endpoints.FIPSEndpointStateDisabled + } + + return +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go index 07ea799fb..993753831 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go @@ -34,23 +34,23 @@ func (m mapRule) IsValid(value string) bool { return ok } -// whitelist is a generic rule for whitelisting -type whitelist struct { +// allowList is a generic rule for allow listing +type allowList struct { rule } -// IsValid for whitelist checks if the value is within the whitelist -func (w whitelist) IsValid(value string) bool { +// IsValid for allow list checks if the value is within the allow list +func (w allowList) IsValid(value string) bool { return w.rule.IsValid(value) } -// blacklist is a generic rule for blacklisting -type blacklist struct { +// excludeList is a generic rule for exclude listing +type excludeList struct { rule } -// IsValid for whitelist checks if the value is within the whitelist -func (b blacklist) IsValid(value string) bool { +// IsValid for exclude list checks if the value is within the exclude list +func (b excludeList) IsValid(value string) bool { return !b.rule.IsValid(value) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go index f35fc860b..cf672b6ac 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package v4 diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go index fed5c859c..21fe74e6f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package v4 diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go index bd082e9d1..7711ec737 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go @@ -1,3 +1,4 @@ +//go:build go1.5 // +build go1.5 package v4 diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index d71f7b3f4..b542df931 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -3,21 +3,21 @@ // Provides request signing for request that need to be signed with // AWS V4 Signatures. // -// Standalone Signer +// # Standalone Signer // // Generally using the signer outside of the SDK should not require any additional // logic when using Go v1.5 or higher. The signer does this by taking advantage // of the URL.EscapedPath method. If your request URI requires additional escaping -// you many need to use the URL.Opaque to define what the raw URI should be sent +// you may need to use the URL.Opaque to define what the raw URI should be sent // to the service as. // // The signer will first check the URL.Opaque field, and use its value if set. // The signer does require the URL.Opaque field to be set in the form of: // -// "///" +// "///" // -// // e.g. -// "//example.com/some/path" +// // e.g. +// "//example.com/some/path" // // The leading "//" and hostname are required or the URL.Opaque escaping will // not work correctly. @@ -90,7 +90,7 @@ const ( ) var ignoredHeaders = rules{ - blacklist{ + excludeList{ mapRule{ authorizationHeader: struct{}{}, "User-Agent": struct{}{}, @@ -99,9 +99,9 @@ var ignoredHeaders = rules{ }, } -// requiredSignedHeaders is a whitelist for build canonical headers. +// requiredSignedHeaders is a allow list for build canonical headers. var requiredSignedHeaders = rules{ - whitelist{ + allowList{ mapRule{ "Cache-Control": struct{}{}, "Content-Disposition": struct{}{}, @@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Expected-Bucket-Owner": struct{}{}, "X-Amz-Grant-Full-control": struct{}{}, "X-Amz-Grant-Read": struct{}{}, "X-Amz-Grant-Read-Acp": struct{}{}, @@ -135,6 +136,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Request-Payer": struct{}{}, "X-Amz-Server-Side-Encryption": struct{}{}, "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, + "X-Amz-Server-Side-Encryption-Context": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, @@ -145,12 +147,13 @@ var requiredSignedHeaders = rules{ }, }, patterns{"X-Amz-Meta-"}, + patterns{"X-Amz-Object-Lock-"}, } -// allowedHoisting is a whitelist for build query headers. The boolean value +// allowedHoisting is a allow list for build query headers. The boolean value // represents whether or not it is a pattern. var allowedQueryHoisting = inclusiveRules{ - blacklist{requiredSignedHeaders}, + excludeList{requiredSignedHeaders}, patterns{"X-Amz-"}, } @@ -417,7 +420,7 @@ var SignRequestHandler = request.NamedHandler{ // request handler should only be used with the SDK's built in service client's // API operation requests. // -// This function should not be used on its on its own, but in conjunction with +// This function should not be used on its own, but in conjunction with // an AWS service client's API operation call. To sign a standalone request // not created by a service client's API operation method use the "Sign" or // "Presign" functions of the "Signer" type. @@ -633,21 +636,25 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) { ctx.Query.Set("X-Amz-SignedHeaders", ctx.signedHeaders) } - headerValues := make([]string, len(headers)) + headerItems := make([]string, len(headers)) for i, k := range headers { if k == "host" { if ctx.Request.Host != "" { - headerValues[i] = "host:" + ctx.Request.Host + headerItems[i] = "host:" + ctx.Request.Host } else { - headerValues[i] = "host:" + ctx.Request.URL.Host + headerItems[i] = "host:" + ctx.Request.URL.Host } } else { - headerValues[i] = k + ":" + - strings.Join(ctx.SignedHeaderVals[k], ",") + headerValues := make([]string, len(ctx.SignedHeaderVals[k])) + for i, v := range ctx.SignedHeaderVals[k] { + headerValues[i] = strings.TrimSpace(v) + } + headerItems[i] = k + ":" + + strings.Join(headerValues, ",") } } - stripExcessSpaces(headerValues) - ctx.canonicalHeaders = strings.Join(headerValues, "\n") + stripExcessSpaces(headerItems) + ctx.canonicalHeaders = strings.Join(headerItems, "\n") } func (ctx *signingCtx) buildCanonicalString() { @@ -689,9 +696,13 @@ func (ctx *signingCtx) buildBodyDigest() error { if hash == "" { includeSHA256Header := ctx.unsignedPayload || ctx.ServiceName == "s3" || - ctx.ServiceName == "glacier" + ctx.ServiceName == "s3-object-lambda" || + ctx.ServiceName == "glacier" || + ctx.ServiceName == "s3-outposts" - s3Presign := ctx.isPresign && ctx.ServiceName == "s3" + s3Presign := ctx.isPresign && + (ctx.ServiceName == "s3" || + ctx.ServiceName == "s3-object-lambda") if ctx.unsignedPayload || s3Presign { hash = "UNSIGNED-PAYLOAD" diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url.go b/vendor/github.com/aws/aws-sdk-go/aws/url.go index 6192b2455..fed561bd5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/url.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/url.go @@ -1,3 +1,4 @@ +//go:build go1.8 // +build go1.8 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go b/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go index 0210d2720..95282db03 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go @@ -1,3 +1,4 @@ +//go:build !go1.8 // +build !go1.8 package aws diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 70486b685..514bf3ade 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.36.10" +const SDKVersion = "1.55.3" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go index 876dcb3fd..365345353 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package context diff --git a/vendor/github.com/aws/aws-sdk-go/internal/encoding/gzip/handler.go b/vendor/github.com/aws/aws-sdk-go/internal/encoding/gzip/handler.go new file mode 100644 index 000000000..ea0d4bc24 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/encoding/gzip/handler.go @@ -0,0 +1,59 @@ +package gzip + +import ( + "bytes" + "compress/gzip" + "fmt" + "io" + "io/ioutil" + "strconv" + + "github.com/aws/aws-sdk-go/aws/request" +) + +// NewGzipRequestHandler provides a named request handler that compresses the +// request payload. Add this to enable GZIP compression for a client. +// +// Known to work with Amazon CloudWatch's PutMetricData operation. +// https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html +func NewGzipRequestHandler() request.NamedHandler { + return request.NamedHandler{ + Name: "GzipRequestHandler", + Fn: gzipRequestHandler, + } +} + +func gzipRequestHandler(req *request.Request) { + compressedBytes, err := compress(req.Body) + if err != nil { + req.Error = fmt.Errorf("failed to compress request payload, %v", err) + return + } + + req.HTTPRequest.Header.Set("Content-Encoding", "gzip") + req.HTTPRequest.Header.Set("Content-Length", strconv.Itoa(len(compressedBytes))) + + req.SetBufferBody(compressedBytes) +} + +func compress(input io.Reader) ([]byte, error) { + var b bytes.Buffer + w, err := gzip.NewWriterLevel(&b, gzip.BestCompression) + if err != nil { + return nil, fmt.Errorf("failed to create gzip writer, %v", err) + } + + inBytes, err := ioutil.ReadAll(input) + if err != nil { + return nil, fmt.Errorf("failed read payload to compress, %v", err) + } + + if _, err = w.Write(inBytes); err != nil { + return nil, fmt.Errorf("failed to write payload to be compressed, %v", err) + } + if err = w.Close(); err != nil { + return nil, fmt.Errorf("failed to flush payload being compressed, %v", err) + } + + return b.Bytes(), nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go index 25ce0fe13..1e55bbd07 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go @@ -13,17 +13,30 @@ // } // // Below is the BNF that describes this parser -// Grammar: -// stmt -> value stmt' -// stmt' -> epsilon | op stmt -// value -> number | string | boolean | quoted_string +// Grammar: +// stmt -> section | stmt' +// stmt' -> epsilon | expr +// expr -> value (stmt)* | equal_expr (stmt)* +// equal_expr -> value ( ':' | '=' ) equal_expr' +// equal_expr' -> number | string | quoted_string +// quoted_string -> " quoted_string' +// quoted_string' -> string quoted_string_end +// quoted_string_end -> " // -// section -> [ section' -// section' -> value section_close -// section_close -> ] +// section -> [ section' +// section' -> section_value section_close +// section_value -> number | string_subset | boolean | quoted_string_subset +// quoted_string_subset -> " quoted_string_subset' +// quoted_string_subset' -> string_subset quoted_string_end +// quoted_string_subset -> " +// section_close -> ] // -// SkipState will skip (NL WS)+ +// value -> number | string_subset | boolean +// string -> ? UTF-8 Code-Points except '\n' (U+000A) and '\r\n' (U+000D U+000A) ? +// string_subset -> ? Code-points excepted by grammar except ':' (U+003A), '=' (U+003D), '[' (U+005B), and ']' (U+005D) ? // -// comment -> # comment' | ; comment' -// comment' -> epsilon | value +// SkipState will skip (NL WS)+ +// +// comment -> # comment' | ; comment' +// comment' -> epsilon | value package ini diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go index 8d462f77e..6e545b63b 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go @@ -1,3 +1,4 @@ +//go:build gofuzz // +build gofuzz package ini diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go index 55fa73ebc..0ba319491 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go @@ -5,9 +5,12 @@ import ( "io" ) +// ParseState represents the current state of the parser. +type ParseState uint + // State enums for the parse table const ( - InvalidState = iota + InvalidState ParseState = iota // stmt -> value stmt' StatementState // stmt' -> MarkComplete | op stmt @@ -36,8 +39,8 @@ const ( ) // parseTable is a state machine to dictate the grammar above. -var parseTable = map[ASTKind]map[TokenType]int{ - ASTKindStart: map[TokenType]int{ +var parseTable = map[ASTKind]map[TokenType]ParseState{ + ASTKindStart: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -45,7 +48,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: TerminalState, }, - ASTKindCommentStatement: map[TokenType]int{ + ASTKindCommentStatement: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -53,7 +56,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindExpr: map[TokenType]int{ + ASTKindExpr: { TokenOp: StatementPrimeState, TokenLit: ValueState, TokenSep: OpenScopeState, @@ -62,13 +65,15 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindEqualExpr: map[TokenType]int{ - TokenLit: ValueState, - TokenWS: SkipTokenState, - TokenNL: SkipState, - TokenNone: SkipState, + ASTKindEqualExpr: { + TokenLit: ValueState, + TokenSep: ValueState, + TokenOp: ValueState, + TokenWS: SkipTokenState, + TokenNL: SkipState, + TokenNone: SkipState, }, - ASTKindStatement: map[TokenType]int{ + ASTKindStatement: { TokenLit: SectionState, TokenSep: CloseScopeState, TokenWS: SkipTokenState, @@ -76,9 +81,9 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindExprStatement: map[TokenType]int{ + ASTKindExprStatement: { TokenLit: ValueState, - TokenSep: OpenScopeState, + TokenSep: ValueState, TokenOp: ValueState, TokenWS: ValueState, TokenNL: MarkCompleteState, @@ -86,14 +91,14 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenNone: TerminalState, TokenComma: SkipState, }, - ASTKindSectionStatement: map[TokenType]int{ + ASTKindSectionStatement: { TokenLit: SectionState, TokenOp: SectionState, TokenSep: CloseScopeState, TokenWS: SectionState, TokenNL: SkipTokenState, }, - ASTKindCompletedSectionStatement: map[TokenType]int{ + ASTKindCompletedSectionStatement: { TokenWS: SkipTokenState, TokenNL: SkipTokenState, TokenLit: StatementState, @@ -101,7 +106,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindSkipStatement: map[TokenType]int{ + ASTKindSkipStatement: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -205,18 +210,6 @@ loop: case ValueState: // ValueState requires the previous state to either be an equal expression // or an expression statement. - // - // This grammar occurs when the RHS is a number, word, or quoted string. - // equal_expr -> lit op equal_expr' - // equal_expr' -> number | string | quoted_string - // quoted_string -> " quoted_string' - // quoted_string' -> string quoted_string_end - // quoted_string_end -> " - // - // otherwise - // expr_stmt -> equal_expr (expr_stmt')* - // expr_stmt' -> ws S | op S | MarkComplete - // S -> equal_expr' expr_stmt' switch k.Kind { case ASTKindEqualExpr: // assigning a value to some key @@ -243,7 +236,7 @@ loop: } children[len(children)-1] = rhs - k.SetChildren(children) + root.SetChildren(children) stack.Push(k) } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go index 24df543d3..b1b686086 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go @@ -4,6 +4,7 @@ import ( "fmt" "strconv" "strings" + "unicode" ) var ( @@ -18,7 +19,7 @@ var literalValues = [][]rune{ func isBoolValue(b []rune) bool { for _, lv := range literalValues { - if isLitValue(lv, b) { + if isCaselessLitValue(lv, b) { return true } } @@ -39,6 +40,21 @@ func isLitValue(want, have []rune) bool { return true } +// isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency. +func isCaselessLitValue(want, have []rune) bool { + if len(have) < len(want) { + return false + } + + for i := 0; i < len(want); i++ { + if want[i] != unicode.ToLower(have[i]) { + return false + } + } + + return true +} + // isNumberValue will return whether not the leading characters in // a byte slice is a number. A number is delimited by whitespace or // the newline token. @@ -138,11 +154,11 @@ func (v ValueType) String() string { // ValueType enums const ( NoneType = ValueType(iota) - DecimalType - IntegerType + DecimalType // deprecated + IntegerType // deprecated StringType QuotedStringType - BoolType + BoolType // deprecated ) // Value is a union container @@ -150,9 +166,9 @@ type Value struct { Type ValueType raw []rune - integer int64 - decimal float64 - boolean bool + integer int64 // deprecated + decimal float64 // deprecated + boolean bool // deprecated str string } @@ -177,7 +193,7 @@ func newValue(t ValueType, base int, raw []rune) (Value, error) { case QuotedStringType: v.str = string(raw[1 : len(raw)-1]) case BoolType: - v.boolean = runeCompare(v.raw, runesTrue) + v.boolean = isCaselessLitValue(runesTrue, v.raw) } // issue 2253 @@ -237,24 +253,6 @@ func newLitToken(b []rune) (Token, int, error) { } token = newToken(TokenLit, b[:n], QuotedStringType) - } else if isNumberValue(b) { - var base int - base, n, err = getNumericalValue(b) - if err != nil { - return token, 0, err - } - - value := b[:n] - vType := IntegerType - if contains(value, '.') || hasExponent(value) { - vType = DecimalType - } - token = newToken(TokenLit, value, vType) - token.base = base - } else if isBoolValue(b) { - n, err = getBoolValue(b) - - token = newToken(TokenLit, b[:n], BoolType) } else { n, err = getValue(b) token = newToken(TokenLit, b[:n], StringType) @@ -264,18 +262,33 @@ func newLitToken(b []rune) (Token, int, error) { } // IntValue returns an integer value -func (v Value) IntValue() int64 { - return v.integer +func (v Value) IntValue() (int64, bool) { + i, err := strconv.ParseInt(string(v.raw), 0, 64) + if err != nil { + return 0, false + } + return i, true } // FloatValue returns a float value -func (v Value) FloatValue() float64 { - return v.decimal +func (v Value) FloatValue() (float64, bool) { + f, err := strconv.ParseFloat(string(v.raw), 64) + if err != nil { + return 0, false + } + return f, true } // BoolValue returns a bool value -func (v Value) BoolValue() bool { - return v.boolean +func (v Value) BoolValue() (bool, bool) { + // we don't use ParseBool as it recognizes more than what we've + // historically supported + if isCaselessLitValue(runesTrue, v.raw) { + return true, true + } else if isCaselessLitValue(runesFalse, v.raw) { + return false, true + } + return false, false } func isTrimmable(r rune) bool { diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go index 305999d29..b5480fdeb 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go @@ -57,7 +57,7 @@ func getBoolValue(b []rune) (int, error) { continue } - if isLitValue(lv, b) { + if isCaselessLitValue(lv, b) { n = len(lv) } } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go index 94841c324..1d08e138a 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go @@ -50,7 +50,10 @@ func (v *DefaultVisitor) VisitExpr(expr AST) error { rhs := children[1] - if rhs.Root.Type() != TokenLit { + // The right-hand value side the equality expression is allowed to contain '[', ']', ':', '=' in the values. + // If the token is not either a literal or one of the token types that identifies those four additional + // tokens then error. + if !(rhs.Root.Type() == TokenLit || rhs.Root.Type() == TokenOp || rhs.Root.Type() == TokenSep) { return NewParseError("unexpected token type") } @@ -142,17 +145,17 @@ func (t Section) ValueType(k string) (ValueType, bool) { } // Bool returns a bool value at k -func (t Section) Bool(k string) bool { +func (t Section) Bool(k string) (bool, bool) { return t.values[k].BoolValue() } // Int returns an integer value at k -func (t Section) Int(k string) int64 { +func (t Section) Int(k string) (int64, bool) { return t.values[k].IntValue() } // Float64 returns a float value at k -func (t Section) Float64(k string) float64 { +func (t Section) Float64(k string) (float64, bool) { return t.values[k].FloatValue() } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go index 7a8e46fbd..216c4baab 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go @@ -7,6 +7,21 @@ import ( "github.com/aws/aws-sdk-go/aws/arn" ) +var supportedServiceARN = []string{ + "s3", + "s3-outposts", + "s3-object-lambda", +} + +func isSupportedServiceARN(service string) bool { + for _, name := range supportedServiceARN { + if name == service { + return true + } + } + return false +} + // Resource provides the interfaces abstracting ARNs of specific resource // types. type Resource interface { @@ -29,9 +44,14 @@ func ParseResource(s string, resParser ResourceParser) (resARN Resource, err err return nil, InvalidARNError{ARN: a, Reason: "partition not set"} } - if a.Service != "s3" && a.Service != "s3-outposts" { + if !isSupportedServiceARN(a.Service) { return nil, InvalidARNError{ARN: a, Reason: "service is not supported"} } + + if strings.HasPrefix(a.Region, "fips-") || strings.HasSuffix(a.Region, "-fips") { + return nil, InvalidARNError{ARN: a, Reason: "FIPS region not allowed in ARN"} + } + if len(a.Resource) == 0 { return nil, InvalidARNError{ARN: a, Reason: "resource not set"} } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go new file mode 100644 index 000000000..513154cc0 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go @@ -0,0 +1,15 @@ +package arn + +// S3ObjectLambdaARN represents an ARN for the s3-object-lambda service +type S3ObjectLambdaARN interface { + Resource + + isS3ObjectLambdasARN() +} + +// S3ObjectLambdaAccessPointARN is an S3ObjectLambdaARN for the Access Point resource type +type S3ObjectLambdaAccessPointARN struct { + AccessPointARN +} + +func (s S3ObjectLambdaAccessPointARN) isS3ObjectLambdasARN() {} diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go index e756b2f87..4290ff676 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go @@ -71,6 +71,8 @@ func NewInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error } // NewInvalidARNWithFIPSError ARN not supported for FIPS region +// +// Deprecated: FIPS will not appear in the ARN region component. func NewInvalidARNWithFIPSError(resource arn.Resource, err error) InvalidARNError { return InvalidARNError{ message: "resource ARN not supported for FIPS region", @@ -155,6 +157,17 @@ func NewClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, c } } +// NewFIPSConfigurationError denotes a configuration error when a client or request is configured for FIPS +func NewFIPSConfigurationError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError { + return ConfigurationError{ + message: "use of ARN is not supported when client or request is configured for FIPS", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} + // NewClientConfiguredForAccelerateError denotes client config error for unsupported S3 accelerate func NewClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError { return ConfigurationError{ diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go index 9f70a64ec..ef43d6c58 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go @@ -1,8 +1,6 @@ package s3shared import ( - "strings" - "github.com/aws/aws-sdk-go/aws" awsarn "github.com/aws/aws-sdk-go/aws/arn" "github.com/aws/aws-sdk-go/aws/request" @@ -25,16 +23,6 @@ func (r ResourceRequest) AllowCrossRegion() bool { return aws.BoolValue(r.Request.Config.S3UseARNRegion) } -// UseFIPS returns true if request config region is FIPS -func (r ResourceRequest) UseFIPS() bool { - return IsFIPS(aws.StringValue(r.Request.Config.Region)) -} - -// ResourceConfiguredForFIPS returns true if resource ARNs region is FIPS -func (r ResourceRequest) ResourceConfiguredForFIPS() bool { - return IsFIPS(r.ARN().Region) -} - // IsCrossPartition returns true if client is configured for another partition, than // the partition that resource ARN region resolves to. func (r ResourceRequest) IsCrossPartition() bool { @@ -51,11 +39,6 @@ func (r ResourceRequest) HasCustomEndpoint() bool { return len(aws.StringValue(r.Request.Config.Endpoint)) > 0 } -// IsFIPS returns true if region is a fips region -func IsFIPS(clientRegion string) bool { - return strings.HasPrefix(clientRegion, "fips-") || strings.HasSuffix(clientRegion, "-fips") -} - // IsCrossRegion returns true if request signing region is not same as configured region func IsCrossRegion(req *request.Request, otherRegion string) bool { return req.ClientInfo.SigningRegion != otherRegion diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go index 5aa9137e0..037a998c4 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go @@ -1,3 +1,4 @@ +//go:build !go1.7 // +build !go1.7 package sdkio diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go index e5f005613..65e7c60c4 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go @@ -1,3 +1,4 @@ +//go:build go1.7 // +build go1.7 package sdkio diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go index 44898eed0..a84528783 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go @@ -1,3 +1,4 @@ +//go:build go1.10 // +build go1.10 package sdkmath diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go index 810ec7f08..a3ae3e5db 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go @@ -1,3 +1,4 @@ +//go:build !go1.10 // +build !go1.10 package sdkmath diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go index f4651da2d..4bae66cee 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go @@ -1,3 +1,4 @@ +//go:build go1.6 // +build go1.6 package sdkrand diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go index b1d93a33d..3a6ab8825 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go @@ -1,3 +1,4 @@ +//go:build !go1.6 // +build !go1.6 package sdkrand diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go index ebcbc2b40..34fea49ca 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config.go @@ -1,9 +1,8 @@ package shareddefaults import ( - "os" + "os/user" "path/filepath" - "runtime" ) // SharedCredentialsFilename returns the SDK's default file path @@ -31,10 +30,17 @@ func SharedConfigFilename() string { // UserHomeDir returns the home directory for the user the process is // running under. func UserHomeDir() string { - if runtime.GOOS == "windows" { // Windows - return os.Getenv("USERPROFILE") + var home string + + home = userHomeDir() + if len(home) > 0 { + return home + } + + currUser, _ := user.Current() + if currUser != nil { + home = currUser.HomeDir } - // *nix - return os.Getenv("HOME") + return home } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go new file mode 100644 index 000000000..eb298ae0f --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home.go @@ -0,0 +1,18 @@ +//go:build !go1.12 +// +build !go1.12 + +package shareddefaults + +import ( + "os" + "runtime" +) + +func userHomeDir() string { + if runtime.GOOS == "windows" { // Windows + return os.Getenv("USERPROFILE") + } + + // *nix + return os.Getenv("HOME") +} diff --git a/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go new file mode 100644 index 000000000..51541b508 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/shareddefaults/shared_config_resolve_home_go1.12.go @@ -0,0 +1,13 @@ +//go:build go1.12 +// +build go1.12 + +package shareddefaults + +import ( + "os" +) + +func userHomeDir() string { + home, _ := os.UserHomeDir() + return home +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go index 34c2e89d5..0a63340e4 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go @@ -5,6 +5,10 @@ import ( "sync" ) +// InputWriterCloseErrorCode is used to denote an error occurred +// while closing the event stream input writer. +const InputWriterCloseErrorCode = "EventStreamInputWriterCloseError" + type messageError struct { code string msg string diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go new file mode 100644 index 000000000..4bf2b27b2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go @@ -0,0 +1,10 @@ +//go:build go1.18 +// +build go1.18 + +package eventstreamapi + +import "github.com/aws/aws-sdk-go/aws/request" + +// ApplyHTTPTransportFixes is a no-op for Go 1.18 and above. +func ApplyHTTPTransportFixes(r *request.Request) { +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go new file mode 100644 index 000000000..2ee2c36fd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport_go1.17.go @@ -0,0 +1,19 @@ +//go:build !go1.18 +// +build !go1.18 + +package eventstreamapi + +import "github.com/aws/aws-sdk-go/aws/request" + +// ApplyHTTPTransportFixes applies fixes to the HTTP request for proper event +// stream functionality. Go 1.15 through 1.17 HTTP client could hang forever +// when an HTTP/2 connection failed with an non-200 status code and err. Using +// Expect 100-Continue, allows the HTTP client to gracefully handle the non-200 +// status code, and close the connection. +// +// This is a no-op for Go 1.18 and above. +func ApplyHTTPTransportFixes(r *request.Request) { + r.Handlers.Sign.PushBack(func(r *request.Request) { + r.HTTPRequest.Header.Set("Expect", "100-Continue") + }) +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go index 10a3823df..7d7a79352 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go @@ -61,49 +61,3 @@ func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) { msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType)) return msg, nil } - -//type EventEncoder struct { -// encoder Encoder -// ppayloadMarshaler protocol.PayloadMarshaler -// eventTypeFor func(Marshaler) (string, error) -//} -// -//func (e EventEncoder) Encode(event Marshaler) error { -// msg, err := e.marshal(event) -// if err != nil { -// return err -// } -// -// return w.encoder.Encode(msg) -//} -// -//func (e EventEncoder) marshal(event Marshaler) (eventstream.Message, error) { -// eventType, err := w.eventTypeFor(event) -// if err != nil { -// return eventstream.Message{}, err -// } -// -// msg, err := event.MarshalEvent(w.payloadMarshaler) -// if err != nil { -// return eventstream.Message{}, err -// } -// -// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType)) -// return msg, nil -//} -// -//func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) { -// eventType, err := w.eventTypeFor(event) -// if err != nil { -// return eventstream.Message{}, err -// } -// -// msg, err := event.MarshalEvent(w.payloadMarshaler) -// if err != nil { -// return eventstream.Message{}, err -// } -// -// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType)) -// return msg, nil -//} -// diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go index d7d42db0a..1f1d27aea 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go @@ -1,9 +1,10 @@ package protocol import ( - "strings" - "github.com/aws/aws-sdk-go/aws/request" + "net" + "strconv" + "strings" ) // ValidateEndpointHostHandler is a request handler that will validate the @@ -22,8 +23,26 @@ var ValidateEndpointHostHandler = request.NamedHandler{ // 3986 host. Returns error if the host is not valid. func ValidateEndpointHost(opName, host string) error { paramErrs := request.ErrInvalidParams{Context: opName} - labels := strings.Split(host, ".") + var hostname string + var port string + var err error + + if strings.Contains(host, ":") { + hostname, port, err = net.SplitHostPort(host) + + if err != nil { + paramErrs.Add(request.NewErrParamFormat("endpoint", err.Error(), host)) + } + + if !ValidPortNumber(port) { + paramErrs.Add(request.NewErrParamFormat("endpoint port number", "[0-65535]", port)) + } + } else { + hostname = host + } + + labels := strings.Split(hostname, ".") for i, label := range labels { if i == len(labels)-1 && len(label) == 0 { // Allow trailing dot for FQDN hosts. @@ -36,7 +55,11 @@ func ValidateEndpointHost(opName, host string) error { } } - if len(host) > 255 { + if len(hostname) == 0 { + paramErrs.Add(request.NewErrParamMinLen("endpoint host", 1)) + } + + if len(hostname) > 255 { paramErrs.Add(request.NewErrParamMaxLen( "endpoint host", 255, host, )) @@ -66,3 +89,16 @@ func ValidHostLabel(label string) bool { return true } + +// ValidPortNumber return if the port is valid RFC 3986 port +func ValidPortNumber(port string) bool { + i, err := strconv.Atoi(port) + if err != nil { + return false + } + + if i < 0 || i > 65535 { + return false + } + return true +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go index 864fb6704..12e814ddf 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go @@ -4,7 +4,6 @@ package jsonutil import ( "bytes" "encoding/base64" - "encoding/json" "fmt" "math" "reflect" @@ -16,6 +15,12 @@ import ( "github.com/aws/aws-sdk-go/private/protocol" ) +const ( + floatNaN = "NaN" + floatInf = "Infinity" + floatNegInf = "-Infinity" +) + var timeType = reflect.ValueOf(time.Time{}).Type() var byteSliceType = reflect.ValueOf([]byte{}).Type() @@ -82,13 +87,17 @@ func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) field, _ := value.Type().FieldByName(payload) tag = field.Tag value = elemOf(value.FieldByName(payload)) - - if !value.IsValid() { + if !value.IsValid() && tag.Get("type") != "structure" { return nil } } buf.WriteByte('{') + defer buf.WriteString("}") + + if !value.IsValid() { + return nil + } t := value.Type() first := true @@ -144,8 +153,6 @@ func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) } - buf.WriteString("}") - return nil } @@ -209,10 +216,16 @@ func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) erro buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10)) case reflect.Float64: f := value.Float() - if math.IsInf(f, 0) || math.IsNaN(f) { - return &json.UnsupportedValueError{Value: v, Str: strconv.FormatFloat(f, 'f', -1, 64)} + switch { + case math.IsNaN(f): + writeString(floatNaN, buf) + case math.IsInf(f, 1): + writeString(floatInf, buf) + case math.IsInf(f, -1): + writeString(floatNegInf, buf) + default: + buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64)) } - buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64)) default: switch converted := value.Interface().(type) { case time.Time: diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go index 8b2c9bbeb..f9334879b 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "io" + "math" "math/big" "reflect" "strings" @@ -258,6 +259,18 @@ func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag return err } value.Set(reflect.ValueOf(v)) + case *float64: + // These are regular strings when parsed by encoding/json's unmarshaler. + switch { + case strings.EqualFold(d, floatNaN): + value.Set(reflect.ValueOf(aws.Float64(math.NaN()))) + case strings.EqualFold(d, floatInf): + value.Set(reflect.ValueOf(aws.Float64(math.Inf(1)))) + case strings.EqualFold(d, floatNegInf): + value.Set(reflect.ValueOf(aws.Float64(math.Inf(-1)))) + default: + return fmt.Errorf("unknown JSON number value: %s", d) + } default: return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type()) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go index a029217e4..d9aa27114 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go @@ -49,9 +49,8 @@ func Build(req *request.Request) { buf = emptyJSON } - if req.ClientInfo.TargetPrefix != "" || string(buf) != "{}" { - req.SetBufferBody(buf) - } + // Always serialize the body, don't suppress it. + req.SetBufferBody(buf) if req.ClientInfo.TargetPrefix != "" { target := req.ClientInfo.TargetPrefix + "." + req.Operation.Name diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go index c0c52e2db..9c1ccde54 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go @@ -13,17 +13,46 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" ) +const ( + awsQueryError = "x-amzn-query-error" + // A valid header example - "x-amzn-query-error": ";" + awsQueryErrorPartsCount = 2 +) + // UnmarshalTypedError provides unmarshaling errors API response errors // for both typed and untyped errors. type UnmarshalTypedError struct { - exceptions map[string]func(protocol.ResponseMetadata) error + exceptions map[string]func(protocol.ResponseMetadata) error + queryExceptions map[string]func(protocol.ResponseMetadata, string) error } // NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the // set of exception names to the error unmarshalers func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError { return &UnmarshalTypedError{ - exceptions: exceptions, + exceptions: exceptions, + queryExceptions: map[string]func(protocol.ResponseMetadata, string) error{}, + } +} + +// NewUnmarshalTypedErrorWithOptions works similar to NewUnmarshalTypedError applying options to the UnmarshalTypedError +// before returning it +func NewUnmarshalTypedErrorWithOptions(exceptions map[string]func(protocol.ResponseMetadata) error, optFns ...func(*UnmarshalTypedError)) *UnmarshalTypedError { + unmarshaledError := NewUnmarshalTypedError(exceptions) + for _, fn := range optFns { + fn(unmarshaledError) + } + return unmarshaledError +} + +// WithQueryCompatibility is a helper function to construct a functional option for use with NewUnmarshalTypedErrorWithOptions. +// The queryExceptions given act as an override for unmarshalling errors when query compatible error codes are found. +// See also [awsQueryCompatible trait] +// +// [awsQueryCompatible trait]: https://smithy.io/2.0/aws/protocols/aws-query-protocol.html#aws-protocols-awsquerycompatible-trait +func WithQueryCompatibility(queryExceptions map[string]func(protocol.ResponseMetadata, string) error) func(*UnmarshalTypedError) { + return func(typedError *UnmarshalTypedError) { + typedError.queryExceptions = queryExceptions } } @@ -50,18 +79,32 @@ func (u *UnmarshalTypedError) UnmarshalError( code := codeParts[len(codeParts)-1] msg := jsonErr.Message + queryCodeParts := queryCodeParts(resp, u) + if fn, ok := u.exceptions[code]; ok { - // If exception code is know, use associated constructor to get a value + // If query-compatible exceptions are found and query-error-header is found, + // then use associated constructor to get exception with query error code. + // + // If exception code is known, use associated constructor to get a value // for the exception that the JSON body can be unmarshaled into. - v := fn(respMeta) + var v error + queryErrFn, queryExceptionsFound := u.queryExceptions[code] + if len(queryCodeParts) == awsQueryErrorPartsCount && queryExceptionsFound { + v = queryErrFn(respMeta, queryCodeParts[0]) + } else { + v = fn(respMeta) + } err := jsonutil.UnmarshalJSONCaseInsensitive(v, body) if err != nil { return nil, err } - return v, nil } + if len(queryCodeParts) == awsQueryErrorPartsCount && len(u.queryExceptions) > 0 { + code = queryCodeParts[0] + } + // fallback to unmodeled generic exceptions return awserr.NewRequestFailure( awserr.New(code, msg, nil), @@ -70,6 +113,16 @@ func (u *UnmarshalTypedError) UnmarshalError( ), nil } +// A valid header example - "x-amzn-query-error": ";" +func queryCodeParts(resp *http.Response, u *UnmarshalTypedError) []string { + queryCodeHeader := resp.Header.Get(awsQueryError) + var queryCodeParts []string + if queryCodeHeader != "" && len(u.queryExceptions) > 0 { + queryCodeParts = strings.Split(queryCodeHeader, ";") + } + return queryCodeParts +} + // UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc // protocol request errors var UnmarshalErrorHandler = request.NamedHandler{ diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go index 75866d012..2ca0b19db 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/queryutil/queryutil.go @@ -3,6 +3,7 @@ package queryutil import ( "encoding/base64" "fmt" + "math" "net/url" "reflect" "sort" @@ -13,6 +14,12 @@ import ( "github.com/aws/aws-sdk-go/private/protocol" ) +const ( + floatNaN = "NaN" + floatInf = "Infinity" + floatNegInf = "-Infinity" +) + // Parse parses an object i and fills a url.Values object. The isEC2 flag // indicates if this is the EC2 Query sub-protocol. func Parse(body url.Values, i interface{}, isEC2 bool) error { @@ -115,8 +122,8 @@ func (q *queryParser) parseStruct(v url.Values, value reflect.Value, prefix stri } func (q *queryParser) parseList(v url.Values, value reflect.Value, prefix string, tag reflect.StructTag) error { - // If it's empty, generate an empty value - if !value.IsNil() && value.Len() == 0 { + // If it's empty, and not ec2, generate an empty value + if !value.IsNil() && value.Len() == 0 && !q.isEC2 { v.Set(prefix, "") return nil } @@ -228,9 +235,32 @@ func (q *queryParser) parseScalar(v url.Values, r reflect.Value, name string, ta case int: v.Set(name, strconv.Itoa(value)) case float64: - v.Set(name, strconv.FormatFloat(value, 'f', -1, 64)) + var str string + switch { + case math.IsNaN(value): + str = floatNaN + case math.IsInf(value, 1): + str = floatInf + case math.IsInf(value, -1): + str = floatNegInf + default: + str = strconv.FormatFloat(value, 'f', -1, 64) + } + v.Set(name, str) case float32: - v.Set(name, strconv.FormatFloat(float64(value), 'f', -1, 32)) + asFloat64 := float64(value) + var str string + switch { + case math.IsNaN(asFloat64): + str = floatNaN + case math.IsInf(asFloat64, 1): + str = floatInf + case math.IsInf(asFloat64, -1): + str = floatNegInf + default: + str = strconv.FormatFloat(asFloat64, 'f', -1, 32) + } + v.Set(name, str) case time.Time: const ISO8601UTC = "2006-01-02T15:04:05Z" format := tag.Get("timestampFormat") diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go index 831b0110c..2c0cbba90 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go @@ -3,6 +3,7 @@ package query import ( "encoding/xml" "fmt" + "strings" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/request" @@ -62,7 +63,7 @@ func UnmarshalError(r *request.Request) { } r.Error = awserr.NewRequestFailure( - awserr.New(respErr.Code, respErr.Message, nil), + awserr.New(strings.TrimSpace(respErr.Code), strings.TrimSpace(respErr.Message), nil), r.HTTPResponse.StatusCode, reqID, ) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go index 1301b149d..ecc521f88 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go @@ -6,6 +6,7 @@ import ( "encoding/base64" "fmt" "io" + "math" "net/http" "net/url" "path" @@ -20,6 +21,12 @@ import ( "github.com/aws/aws-sdk-go/private/protocol" ) +const ( + floatNaN = "NaN" + floatInf = "Infinity" + floatNegInf = "-Infinity" +) + // Whether the byte value can be sent without escaping in AWS URLs var noEscape [256]bool @@ -98,7 +105,7 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo // Support the ability to customize values to be marshaled as a // blob even though they were modeled as a string. Required for S3 - // API operations like SSECustomerKey is modeled as stirng but + // API operations like SSECustomerKey is modeled as string but // required to be base64 encoded in request. if field.Tag.Get("marshal-as") == "blob" { m = m.Convert(byteSliceType) @@ -272,7 +279,33 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error) switch value := v.Interface().(type) { case string: + if tag.Get("suppressedJSONValue") == "true" && tag.Get("location") == "header" { + value = base64.StdEncoding.EncodeToString([]byte(value)) + } str = value + case []*string: + if tag.Get("location") != "header" || tag.Get("enum") == "" { + return "", fmt.Errorf("%T is only supported with location header and enum shapes", value) + } + if len(value) == 0 { + return "", errValueNotSet + } + + buff := &bytes.Buffer{} + for i, sv := range value { + if sv == nil || len(*sv) == 0 { + continue + } + if i != 0 { + buff.WriteRune(',') + } + item := *sv + if strings.Index(item, `,`) != -1 || strings.Index(item, `"`) != -1 { + item = strconv.Quote(item) + } + buff.WriteString(item) + } + str = string(buff.Bytes()) case []byte: str = base64.StdEncoding.EncodeToString(value) case bool: @@ -280,7 +313,16 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error) case int64: str = strconv.FormatInt(value, 10) case float64: - str = strconv.FormatFloat(value, 'f', -1, 64) + switch { + case math.IsNaN(value): + str = floatNaN + case math.IsInf(value, 1): + str = floatInf + case math.IsInf(value, -1): + str = floatNegInf + default: + str = strconv.FormatFloat(value, 'f', -1, 64) + } case time.Time: format := tag.Get("timestampFormat") if len(format) == 0 { @@ -306,5 +348,6 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error) err := fmt.Errorf("unsupported value for param %v (%s)", v.Interface(), v.Type()) return "", err } + return str, nil } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go index 4366de2e1..b54c99eda 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go @@ -28,18 +28,27 @@ func PayloadMember(i interface{}) interface{} { return nil } -// PayloadType returns the type of a payload field member of i if there is one, or "". +const nopayloadPayloadType = "nopayload" + +// PayloadType returns the type of a payload field member of i if there is one, +// or "". func PayloadType(i interface{}) string { v := reflect.Indirect(reflect.ValueOf(i)) if !v.IsValid() { return "" } + if field, ok := v.Type().FieldByName("_"); ok { + if noPayload := field.Tag.Get(nopayloadPayloadType); noPayload != "" { + return nopayloadPayloadType + } + if payloadName := field.Tag.Get("payload"); payloadName != "" { if member, ok := v.Type().FieldByName(payloadName); ok { return member.Tag.Get("type") } } } + return "" } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go index 92f8b4d9a..79fcf1699 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "io/ioutil" + "math" "net/http" "reflect" "strconv" @@ -140,7 +141,7 @@ func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHe prefix := field.Tag.Get("locationName") err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps) if err != nil { - awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) + return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) } } } @@ -204,6 +205,13 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro switch v.Interface().(type) { case *string: + if tag.Get("suppressedJSONValue") == "true" && tag.Get("location") == "header" { + b, err := base64.StdEncoding.DecodeString(header) + if err != nil { + return fmt.Errorf("failed to decode JSONValue, %v", err) + } + header = string(b) + } v.Set(reflect.ValueOf(&header)) case []byte: b, err := base64.StdEncoding.DecodeString(header) @@ -224,9 +232,20 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro } v.Set(reflect.ValueOf(&i)) case *float64: - f, err := strconv.ParseFloat(header, 64) - if err != nil { - return err + var f float64 + switch { + case strings.EqualFold(header, floatNaN): + f = math.NaN() + case strings.EqualFold(header, floatInf): + f = math.Inf(1) + case strings.EqualFold(header, floatNegInf): + f = math.Inf(-1) + default: + var err error + f, err = strconv.ParseFloat(header, 64) + if err != nil { + return err + } } v.Set(reflect.ValueOf(&f)) case *time.Time: diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go new file mode 100644 index 000000000..2e0e205af --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go @@ -0,0 +1,59 @@ +// Package restjson provides RESTful JSON serialization of AWS +// requests and responses. +package restjson + +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-json.json build_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-json.json unmarshal_test.go + +import ( + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" + "github.com/aws/aws-sdk-go/private/protocol/rest" +) + +// BuildHandler is a named request handler for building restjson protocol +// requests +var BuildHandler = request.NamedHandler{ + Name: "awssdk.restjson.Build", + Fn: Build, +} + +// UnmarshalHandler is a named request handler for unmarshaling restjson +// protocol requests +var UnmarshalHandler = request.NamedHandler{ + Name: "awssdk.restjson.Unmarshal", + Fn: Unmarshal, +} + +// UnmarshalMetaHandler is a named request handler for unmarshaling restjson +// protocol request metadata +var UnmarshalMetaHandler = request.NamedHandler{ + Name: "awssdk.restjson.UnmarshalMeta", + Fn: UnmarshalMeta, +} + +// Build builds a request for the REST JSON protocol. +func Build(r *request.Request) { + rest.Build(r) + + if t := rest.PayloadType(r.Params); t == "structure" || t == "" { + if v := r.HTTPRequest.Header.Get("Content-Type"); len(v) == 0 { + r.HTTPRequest.Header.Set("Content-Type", "application/json") + } + jsonrpc.Build(r) + } +} + +// Unmarshal unmarshals a response body for the REST JSON protocol. +func Unmarshal(r *request.Request) { + if t := rest.PayloadType(r.Data); t == "structure" || t == "" { + jsonrpc.Unmarshal(r) + } else { + rest.Unmarshal(r) + } +} + +// UnmarshalMeta unmarshals response headers for the REST JSON protocol. +func UnmarshalMeta(r *request.Request) { + rest.UnmarshalMeta(r) +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go new file mode 100644 index 000000000..5366a646d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go @@ -0,0 +1,157 @@ +package restjson + +import ( + "bytes" + "encoding/json" + "io" + "io/ioutil" + "net/http" + "strings" + + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" + "github.com/aws/aws-sdk-go/private/protocol/rest" +) + +const ( + errorTypeHeader = "X-Amzn-Errortype" + errorMessageHeader = "X-Amzn-Errormessage" +) + +// UnmarshalTypedError provides unmarshaling errors API response errors +// for both typed and untyped errors. +type UnmarshalTypedError struct { + exceptions map[string]func(protocol.ResponseMetadata) error +} + +// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the +// set of exception names to the error unmarshalers +func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError { + return &UnmarshalTypedError{ + exceptions: exceptions, + } +} + +// UnmarshalError attempts to unmarshal the HTTP response error as a known +// error type. If unable to unmarshal the error type, the generic SDK error +// type will be used. +func (u *UnmarshalTypedError) UnmarshalError( + resp *http.Response, + respMeta protocol.ResponseMetadata, +) (error, error) { + code, msg, err := unmarshalErrorInfo(resp) + if err != nil { + return nil, err + } + + fn, ok := u.exceptions[code] + if !ok { + return awserr.NewRequestFailure( + awserr.New(code, msg, nil), + respMeta.StatusCode, + respMeta.RequestID, + ), nil + } + + v := fn(respMeta) + if err := jsonutil.UnmarshalJSONCaseInsensitive(v, resp.Body); err != nil { + return nil, err + } + + if err := rest.UnmarshalResponse(resp, v, true); err != nil { + return nil, err + } + + return v, nil +} + +// UnmarshalErrorHandler is a named request handler for unmarshaling restjson +// protocol request errors +var UnmarshalErrorHandler = request.NamedHandler{ + Name: "awssdk.restjson.UnmarshalError", + Fn: UnmarshalError, +} + +// UnmarshalError unmarshals a response error for the REST JSON protocol. +func UnmarshalError(r *request.Request) { + defer r.HTTPResponse.Body.Close() + + code, msg, err := unmarshalErrorInfo(r.HTTPResponse) + if err != nil { + r.Error = awserr.NewRequestFailure( + awserr.New(request.ErrCodeSerialization, "failed to unmarshal response error", err), + r.HTTPResponse.StatusCode, + r.RequestID, + ) + return + } + + r.Error = awserr.NewRequestFailure( + awserr.New(code, msg, nil), + r.HTTPResponse.StatusCode, + r.RequestID, + ) +} + +type jsonErrorResponse struct { + Type string `json:"__type"` + Code string `json:"code"` + Message string `json:"message"` +} + +func (j *jsonErrorResponse) SanitizedCode() string { + code := j.Code + if len(j.Type) > 0 { + code = j.Type + } + return sanitizeCode(code) +} + +// Remove superfluous components from a restJson error code. +// - If a : character is present, then take only the contents before the +// first : character in the value. +// - If a # character is present, then take only the contents after the first +// # character in the value. +// +// All of the following error values resolve to FooError: +// - FooError +// - FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/ +// - aws.protocoltests.restjson#FooError +// - aws.protocoltests.restjson#FooError:http://internal.amazon.com/coral/com.amazon.coral.validate/ +func sanitizeCode(code string) string { + noColon := strings.SplitN(code, ":", 2)[0] + hashSplit := strings.SplitN(noColon, "#", 2) + return hashSplit[len(hashSplit)-1] +} + +// attempt to garner error details from the response, preferring header values +// when present +func unmarshalErrorInfo(resp *http.Response) (code string, msg string, err error) { + code = sanitizeCode(resp.Header.Get(errorTypeHeader)) + msg = resp.Header.Get(errorMessageHeader) + if len(code) > 0 && len(msg) > 0 { + return + } + + // a modeled error will have to be re-deserialized later, so the body must + // be preserved + var buf bytes.Buffer + tee := io.TeeReader(resp.Body, &buf) + defer func() { resp.Body = ioutil.NopCloser(&buf) }() + + var jsonErr jsonErrorResponse + if decodeErr := json.NewDecoder(tee).Decode(&jsonErr); decodeErr != nil && decodeErr != io.EOF { + err = awserr.NewUnmarshalError(decodeErr, "failed to decode response body", buf.Bytes()) + return + } + + if len(code) == 0 { + code = jsonErr.SanitizedCode() + } + if len(msg) == 0 { + msg = jsonErr.Message + } + return +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go index 98f4caed9..d9a4e7649 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go @@ -1,6 +1,8 @@ package protocol import ( + "bytes" + "fmt" "math" "strconv" "time" @@ -19,13 +21,16 @@ const ( // Output time is intended to not contain decimals const ( // RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT - RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" + RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" + rfc822TimeFormatSingleDigitDay = "Mon, _2 Jan 2006 15:04:05 GMT" + rfc822TimeFormatSingleDigitDayTwoDigitYear = "Mon, _2 Jan 06 15:04:05 GMT" // This format is used for output time without seconds precision RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT" // RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z - ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z" + ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z" + iso8601TimeFormatNoZ = "2006-01-02T15:04:05.999999999" // This format is used for output time with fractional second precision up to milliseconds ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z" @@ -67,10 +72,21 @@ func FormatTime(name string, t time.Time) string { // the time if it was able to be parsed, and fails otherwise. func ParseTime(formatName, value string) (time.Time, error) { switch formatName { - case RFC822TimeFormatName: - return time.Parse(RFC822TimeFormat, value) - case ISO8601TimeFormatName: - return time.Parse(ISO8601TimeFormat, value) + case RFC822TimeFormatName: // Smithy HTTPDate format + return tryParse(value, + RFC822TimeFormat, + rfc822TimeFormatSingleDigitDay, + rfc822TimeFormatSingleDigitDayTwoDigitYear, + time.RFC850, + time.ANSIC, + ) + case ISO8601TimeFormatName: // Smithy DateTime format + return tryParse(value, + ISO8601TimeFormat, + iso8601TimeFormatNoZ, + time.RFC3339Nano, + time.RFC3339, + ) case UnixTimeFormatName: v, err := strconv.ParseFloat(value, 64) _, dec := math.Modf(v) @@ -83,3 +99,36 @@ func ParseTime(formatName, value string) (time.Time, error) { panic("unknown timestamp format name, " + formatName) } } + +func tryParse(v string, formats ...string) (time.Time, error) { + var errs parseErrors + for _, f := range formats { + t, err := time.Parse(f, v) + if err != nil { + errs = append(errs, parseError{ + Format: f, + Err: err, + }) + continue + } + return t, nil + } + + return time.Time{}, fmt.Errorf("unable to parse time string, %v", errs) +} + +type parseErrors []parseError + +func (es parseErrors) Error() string { + var s bytes.Buffer + for _, e := range es { + fmt.Fprintf(&s, "\n * %q: %v", e.Format, e.Err) + } + + return "parse errors:" + s.String() +} + +type parseError struct { + Format string + Err error +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go index 09ad95159..58c12bd8c 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go @@ -5,6 +5,7 @@ import ( "encoding/base64" "encoding/xml" "fmt" + "math" "reflect" "sort" "strconv" @@ -14,6 +15,12 @@ import ( "github.com/aws/aws-sdk-go/private/protocol" ) +const ( + floatNaN = "NaN" + floatInf = "Infinity" + floatNegInf = "-Infinity" +) + // BuildXML will serialize params into an xml.Encoder. Error will be returned // if the serialization of any of the params or nested values fails. func BuildXML(params interface{}, e *xml.Encoder) error { @@ -275,6 +282,7 @@ func (b *xmlBuilder) buildMap(value reflect.Value, current *XMLNode, tag reflect // Error will be returned if the value type is unsupported. func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag reflect.StructTag) error { var str string + switch converted := value.Interface().(type) { case string: str = converted @@ -289,9 +297,29 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl case int: str = strconv.Itoa(converted) case float64: - str = strconv.FormatFloat(converted, 'f', -1, 64) + switch { + case math.IsNaN(converted): + str = floatNaN + case math.IsInf(converted, 1): + str = floatInf + case math.IsInf(converted, -1): + str = floatNegInf + default: + str = strconv.FormatFloat(converted, 'f', -1, 64) + } case float32: - str = strconv.FormatFloat(float64(converted), 'f', -1, 32) + // The SDK doesn't render float32 values in types, only float64. This case would never be hit currently. + asFloat64 := float64(converted) + switch { + case math.IsNaN(asFloat64): + str = floatNaN + case math.IsInf(asFloat64, 1): + str = floatInf + case math.IsInf(asFloat64, -1): + str = floatNegInf + default: + str = strconv.FormatFloat(asFloat64, 'f', -1, 32) + } case time.Time: format := tag.Get("timestampFormat") if len(format) == 0 { @@ -308,6 +336,8 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl if tag.Get("xmlAttribute") != "" { // put into current node's attribute list attr := xml.Attr{Name: xname, Value: str} current.Attr = append(current.Attr, attr) + } else if len(xname.Local) == 0 { + current.Text = str } else { // regular text node current.AddChild(&XMLNode{Name: xname, Text: str}) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go index 107c053f8..44a580a94 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go @@ -6,6 +6,7 @@ import ( "encoding/xml" "fmt" "io" + "math" "reflect" "strconv" "strings" @@ -276,9 +277,20 @@ func parseScalar(r reflect.Value, node *XMLNode, tag reflect.StructTag) error { } r.Set(reflect.ValueOf(&v)) case *float64: - v, err := strconv.ParseFloat(node.Text, 64) - if err != nil { - return err + var v float64 + switch { + case strings.EqualFold(node.Text, floatNaN): + v = math.NaN() + case strings.EqualFold(node.Text, floatInf): + v = math.Inf(1) + case strings.EqualFold(node.Text, floatNegInf): + v = math.Inf(-1) + default: + var err error + v, err = strconv.ParseFloat(node.Text, 64) + if err != nil { + return err + } } r.Set(reflect.ValueOf(&v)) case *time.Time: diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go index 42f71648e..c85b79fdd 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go @@ -18,6 +18,14 @@ type XMLNode struct { parent *XMLNode } +// textEncoder is a string type alias that implemnts the TextMarshaler interface. +// This alias type is used to ensure that the line feed (\n) (U+000A) is escaped. +type textEncoder string + +func (t textEncoder) MarshalText() ([]byte, error) { + return []byte(t), nil +} + // NewXMLElement returns a pointer to a new XMLNode initialized to default values. func NewXMLElement(name xml.Name) *XMLNode { return &XMLNode{ @@ -130,11 +138,16 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error { attrs = sortedAttrs } - e.EncodeToken(xml.StartElement{Name: node.Name, Attr: attrs}) + startElement := xml.StartElement{Name: node.Name, Attr: attrs} if node.Text != "" { - e.EncodeToken(xml.CharData([]byte(node.Text))) - } else if sorted { + e.EncodeElement(textEncoder(node.Text), startElement) + return e.Flush() + } + + e.EncodeToken(startElement) + + if sorted { sortedNames := []string{} for k := range node.Children { sortedNames = append(sortedNames, k) @@ -154,6 +167,7 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error { } } - e.EncodeToken(xml.EndElement{Name: node.Name}) + e.EncodeToken(startElement.End()) + return e.Flush() } diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/api.go index b13b59c8d..21eef0595 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/api.go @@ -29,14 +29,13 @@ const opDeleteAlarms = "DeleteAlarms" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteAlarmsRequest method. +// req, resp := client.DeleteAlarmsRequest(params) // -// // Example sending a request using the DeleteAlarmsRequest method. -// req, resp := client.DeleteAlarmsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteAlarms func (c *CloudWatch) DeleteAlarmsRequest(input *DeleteAlarmsInput) (req *request.Request, output *DeleteAlarmsOutput) { @@ -63,7 +62,10 @@ func (c *CloudWatch) DeleteAlarmsRequest(input *DeleteAlarmsInput) (req *request // you could delete 99 metric alarms and one composite alarms with one operation, // but you can't delete two composite alarms with one operation. // -// In the event of an error, no alarms are deleted. +// If you specify an incorrect alarm name or make any other error in the operation, +// no alarms are deleted. To confirm that alarms were deleted successfully, +// you can use the DescribeAlarms (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarms.html) +// operation after using DeleteAlarms. // // It is possible to create a loop or cycle of composite alarms, where composite // alarm A depends on composite alarm B, and composite alarm B also depends @@ -74,7 +76,7 @@ func (c *CloudWatch) DeleteAlarmsRequest(input *DeleteAlarmsInput) (req *request // To get out of such a situation, you must break the cycle by changing the // rule of one of the composite alarms in the cycle to remove a dependency that // creates the cycle. The simplest change to make to break a cycle is to change -// the AlarmRule of one of the alarms to False. +// the AlarmRule of one of the alarms to false. // // Additionally, the evaluation of composite alarms stops if CloudWatch detects // a cycle in the evaluation path. @@ -87,8 +89,8 @@ func (c *CloudWatch) DeleteAlarmsRequest(input *DeleteAlarmsInput) (req *request // API operation DeleteAlarms for usage and error information. // // Returned Error Codes: -// * ErrCodeResourceNotFound "ResourceNotFound" -// The named resource does not exist. +// - ErrCodeResourceNotFound "ResourceNotFound" +// The named resource does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteAlarms func (c *CloudWatch) DeleteAlarms(input *DeleteAlarmsInput) (*DeleteAlarmsOutput, error) { @@ -128,14 +130,13 @@ const opDeleteAnomalyDetector = "DeleteAnomalyDetector" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteAnomalyDetectorRequest method. +// req, resp := client.DeleteAnomalyDetectorRequest(params) // -// // Example sending a request using the DeleteAnomalyDetectorRequest method. -// req, resp := client.DeleteAnomalyDetectorRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteAnomalyDetector func (c *CloudWatch) DeleteAnomalyDetectorRequest(input *DeleteAnomalyDetectorInput) (req *request.Request, output *DeleteAnomalyDetectorOutput) { @@ -157,7 +158,10 @@ func (c *CloudWatch) DeleteAnomalyDetectorRequest(input *DeleteAnomalyDetectorIn // DeleteAnomalyDetector API operation for Amazon CloudWatch. // -// Deletes the specified anomaly detection model from your account. +// Deletes the specified anomaly detection model from your account. For more +// information about how to delete an anomaly detection model, see Deleting +// an anomaly detection model (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Anomaly_Detection_Alarm.html#Delete_Anomaly_Detection_Model) +// in the CloudWatch User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -167,17 +171,21 @@ func (c *CloudWatch) DeleteAnomalyDetectorRequest(input *DeleteAnomalyDetectorIn // API operation DeleteAnomalyDetector for usage and error information. // // Returned Error Codes: -// * ErrCodeResourceNotFoundException "ResourceNotFoundException" -// The named resource does not exist. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// The named resource does not exist. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" +// Parameters were used together that cannot be used together. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteAnomalyDetector func (c *CloudWatch) DeleteAnomalyDetector(input *DeleteAnomalyDetectorInput) (*DeleteAnomalyDetectorOutput, error) { @@ -217,14 +225,13 @@ const opDeleteDashboards = "DeleteDashboards" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDashboardsRequest method. +// req, resp := client.DeleteDashboardsRequest(params) // -// // Example sending a request using the DeleteDashboardsRequest method. -// req, resp := client.DeleteDashboardsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteDashboards func (c *CloudWatch) DeleteDashboardsRequest(input *DeleteDashboardsInput) (req *request.Request, output *DeleteDashboardsOutput) { @@ -257,14 +264,15 @@ func (c *CloudWatch) DeleteDashboardsRequest(input *DeleteDashboardsInput) (req // API operation DeleteDashboards for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeDashboardNotFoundError "ResourceNotFound" -// The specified dashboard does not exist. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeDashboardNotFoundError "ResourceNotFound" +// The specified dashboard does not exist. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteDashboards func (c *CloudWatch) DeleteDashboards(input *DeleteDashboardsInput) (*DeleteDashboardsOutput, error) { @@ -304,14 +312,13 @@ const opDeleteInsightRules = "DeleteInsightRules" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteInsightRulesRequest method. +// req, resp := client.DeleteInsightRulesRequest(params) // -// // Example sending a request using the DeleteInsightRulesRequest method. -// req, resp := client.DeleteInsightRulesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteInsightRules func (c *CloudWatch) DeleteInsightRulesRequest(input *DeleteInsightRulesInput) (req *request.Request, output *DeleteInsightRulesOutput) { @@ -345,11 +352,12 @@ func (c *CloudWatch) DeleteInsightRulesRequest(input *DeleteInsightRulesInput) ( // API operation DeleteInsightRules for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteInsightRules func (c *CloudWatch) DeleteInsightRules(input *DeleteInsightRulesInput) (*DeleteInsightRulesOutput, error) { @@ -373,6 +381,92 @@ func (c *CloudWatch) DeleteInsightRulesWithContext(ctx aws.Context, input *Delet return out, req.Send() } +const opDeleteMetricStream = "DeleteMetricStream" + +// DeleteMetricStreamRequest generates a "aws/request.Request" representing the +// client's request for the DeleteMetricStream operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteMetricStream for more information on using the DeleteMetricStream +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteMetricStreamRequest method. +// req, resp := client.DeleteMetricStreamRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteMetricStream +func (c *CloudWatch) DeleteMetricStreamRequest(input *DeleteMetricStreamInput) (req *request.Request, output *DeleteMetricStreamOutput) { + op := &request.Operation{ + Name: opDeleteMetricStream, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteMetricStreamInput{} + } + + output = &DeleteMetricStreamOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteMetricStream API operation for Amazon CloudWatch. +// +// Permanently deletes the metric stream that you specify. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation DeleteMetricStream for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DeleteMetricStream +func (c *CloudWatch) DeleteMetricStream(input *DeleteMetricStreamInput) (*DeleteMetricStreamOutput, error) { + req, out := c.DeleteMetricStreamRequest(input) + return out, req.Send() +} + +// DeleteMetricStreamWithContext is the same as DeleteMetricStream with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteMetricStream for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) DeleteMetricStreamWithContext(ctx aws.Context, input *DeleteMetricStreamInput, opts ...request.Option) (*DeleteMetricStreamOutput, error) { + req, out := c.DeleteMetricStreamRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeAlarmHistory = "DescribeAlarmHistory" // DescribeAlarmHistoryRequest generates a "aws/request.Request" representing the @@ -389,14 +483,13 @@ const opDescribeAlarmHistory = "DescribeAlarmHistory" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeAlarmHistoryRequest method. +// req, resp := client.DescribeAlarmHistoryRequest(params) // -// // Example sending a request using the DescribeAlarmHistoryRequest method. -// req, resp := client.DescribeAlarmHistoryRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAlarmHistory func (c *CloudWatch) DescribeAlarmHistoryRequest(input *DescribeAlarmHistoryInput) (req *request.Request, output *DescribeAlarmHistoryOutput) { @@ -429,6 +522,11 @@ func (c *CloudWatch) DescribeAlarmHistoryRequest(input *DescribeAlarmHistoryInpu // // CloudWatch retains the history of an alarm even if you delete the alarm. // +// To use this operation and return information about a composite alarm, you +// must be signed on with the cloudwatch:DescribeAlarmHistory permission that +// is scoped to *. You can't return information about composite alarms if your +// cloudwatch:DescribeAlarmHistory permission has a narrower scope. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -437,8 +535,8 @@ func (c *CloudWatch) DescribeAlarmHistoryRequest(input *DescribeAlarmHistoryInpu // API operation DescribeAlarmHistory for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidNextToken "InvalidNextToken" -// The next token specified is invalid. +// - ErrCodeInvalidNextToken "InvalidNextToken" +// The next token specified is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAlarmHistory func (c *CloudWatch) DescribeAlarmHistory(input *DescribeAlarmHistoryInput) (*DescribeAlarmHistoryOutput, error) { @@ -470,15 +568,14 @@ func (c *CloudWatch) DescribeAlarmHistoryWithContext(ctx aws.Context, input *Des // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeAlarmHistory operation. -// pageNum := 0 -// err := client.DescribeAlarmHistoryPages(params, -// func(page *cloudwatch.DescribeAlarmHistoryOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeAlarmHistory operation. +// pageNum := 0 +// err := client.DescribeAlarmHistoryPages(params, +// func(page *cloudwatch.DescribeAlarmHistoryOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *CloudWatch) DescribeAlarmHistoryPages(input *DescribeAlarmHistoryInput, fn func(*DescribeAlarmHistoryOutput, bool) bool) error { return c.DescribeAlarmHistoryPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -530,14 +627,13 @@ const opDescribeAlarms = "DescribeAlarms" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeAlarmsRequest method. +// req, resp := client.DescribeAlarmsRequest(params) // -// // Example sending a request using the DescribeAlarmsRequest method. -// req, resp := client.DescribeAlarmsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAlarms func (c *CloudWatch) DescribeAlarmsRequest(input *DescribeAlarmsInput) (req *request.Request, output *DescribeAlarmsOutput) { @@ -567,6 +663,11 @@ func (c *CloudWatch) DescribeAlarmsRequest(input *DescribeAlarmsInput) (req *req // Retrieves the specified alarms. You can filter the results by specifying // a prefix for the alarm name, the alarm state, or a prefix for any action. // +// To use this operation and return information about composite alarms, you +// must be signed on with the cloudwatch:DescribeAlarms permission that is scoped +// to *. You can't return information about composite alarms if your cloudwatch:DescribeAlarms +// permission has a narrower scope. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -575,8 +676,8 @@ func (c *CloudWatch) DescribeAlarmsRequest(input *DescribeAlarmsInput) (req *req // API operation DescribeAlarms for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidNextToken "InvalidNextToken" -// The next token specified is invalid. +// - ErrCodeInvalidNextToken "InvalidNextToken" +// The next token specified is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAlarms func (c *CloudWatch) DescribeAlarms(input *DescribeAlarmsInput) (*DescribeAlarmsOutput, error) { @@ -608,15 +709,14 @@ func (c *CloudWatch) DescribeAlarmsWithContext(ctx aws.Context, input *DescribeA // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeAlarms operation. -// pageNum := 0 -// err := client.DescribeAlarmsPages(params, -// func(page *cloudwatch.DescribeAlarmsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeAlarms operation. +// pageNum := 0 +// err := client.DescribeAlarmsPages(params, +// func(page *cloudwatch.DescribeAlarmsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *CloudWatch) DescribeAlarmsPages(input *DescribeAlarmsInput, fn func(*DescribeAlarmsOutput, bool) bool) error { return c.DescribeAlarmsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -668,14 +768,13 @@ const opDescribeAlarmsForMetric = "DescribeAlarmsForMetric" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeAlarmsForMetricRequest method. +// req, resp := client.DescribeAlarmsForMetricRequest(params) // -// // Example sending a request using the DescribeAlarmsForMetricRequest method. -// req, resp := client.DescribeAlarmsForMetricRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAlarmsForMetric func (c *CloudWatch) DescribeAlarmsForMetricRequest(input *DescribeAlarmsForMetricInput) (req *request.Request, output *DescribeAlarmsForMetricOutput) { @@ -747,14 +846,13 @@ const opDescribeAnomalyDetectors = "DescribeAnomalyDetectors" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeAnomalyDetectorsRequest method. +// req, resp := client.DescribeAnomalyDetectorsRequest(params) // -// // Example sending a request using the DescribeAnomalyDetectorsRequest method. -// req, resp := client.DescribeAnomalyDetectorsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAnomalyDetectors func (c *CloudWatch) DescribeAnomalyDetectorsRequest(input *DescribeAnomalyDetectorsInput) (req *request.Request, output *DescribeAnomalyDetectorsOutput) { @@ -762,6 +860,12 @@ func (c *CloudWatch) DescribeAnomalyDetectorsRequest(input *DescribeAnomalyDetec Name: opDescribeAnomalyDetectors, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -776,8 +880,11 @@ func (c *CloudWatch) DescribeAnomalyDetectorsRequest(input *DescribeAnomalyDetec // DescribeAnomalyDetectors API operation for Amazon CloudWatch. // // Lists the anomaly detection models that you have created in your account. -// You can list all models in your account or filter the results to only the -// models that are related to a certain namespace, metric name, or metric dimension. +// For single metric anomaly detectors, you can list all of the models in your +// account or filter the results to only the models that are related to a certain +// namespace, metric name, or metric dimension. For metric math anomaly detectors, +// you can list them by adding METRIC_MATH to the AnomalyDetectorTypes array. +// This will return all metric math anomaly detectors in your account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -787,14 +894,18 @@ func (c *CloudWatch) DescribeAnomalyDetectorsRequest(input *DescribeAnomalyDetec // API operation DescribeAnomalyDetectors for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidNextToken "InvalidNextToken" -// The next token specified is invalid. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeInvalidNextToken "InvalidNextToken" +// The next token specified is invalid. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" +// Parameters were used together that cannot be used together. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAnomalyDetectors func (c *CloudWatch) DescribeAnomalyDetectors(input *DescribeAnomalyDetectorsInput) (*DescribeAnomalyDetectorsOutput, error) { @@ -818,6 +929,57 @@ func (c *CloudWatch) DescribeAnomalyDetectorsWithContext(ctx aws.Context, input return out, req.Send() } +// DescribeAnomalyDetectorsPages iterates over the pages of a DescribeAnomalyDetectors operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeAnomalyDetectors method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeAnomalyDetectors operation. +// pageNum := 0 +// err := client.DescribeAnomalyDetectorsPages(params, +// func(page *cloudwatch.DescribeAnomalyDetectorsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatch) DescribeAnomalyDetectorsPages(input *DescribeAnomalyDetectorsInput, fn func(*DescribeAnomalyDetectorsOutput, bool) bool) error { + return c.DescribeAnomalyDetectorsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeAnomalyDetectorsPagesWithContext same as DescribeAnomalyDetectorsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) DescribeAnomalyDetectorsPagesWithContext(ctx aws.Context, input *DescribeAnomalyDetectorsInput, fn func(*DescribeAnomalyDetectorsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeAnomalyDetectorsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeAnomalyDetectorsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeAnomalyDetectorsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeInsightRules = "DescribeInsightRules" // DescribeInsightRulesRequest generates a "aws/request.Request" representing the @@ -834,14 +996,13 @@ const opDescribeInsightRules = "DescribeInsightRules" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeInsightRulesRequest method. +// req, resp := client.DescribeInsightRulesRequest(params) // -// // Example sending a request using the DescribeInsightRulesRequest method. -// req, resp := client.DescribeInsightRulesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeInsightRules func (c *CloudWatch) DescribeInsightRulesRequest(input *DescribeInsightRulesInput) (req *request.Request, output *DescribeInsightRulesOutput) { @@ -881,8 +1042,8 @@ func (c *CloudWatch) DescribeInsightRulesRequest(input *DescribeInsightRulesInpu // API operation DescribeInsightRules for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidNextToken "InvalidNextToken" -// The next token specified is invalid. +// - ErrCodeInvalidNextToken "InvalidNextToken" +// The next token specified is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeInsightRules func (c *CloudWatch) DescribeInsightRules(input *DescribeInsightRulesInput) (*DescribeInsightRulesOutput, error) { @@ -914,15 +1075,14 @@ func (c *CloudWatch) DescribeInsightRulesWithContext(ctx aws.Context, input *Des // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeInsightRules operation. -// pageNum := 0 -// err := client.DescribeInsightRulesPages(params, -// func(page *cloudwatch.DescribeInsightRulesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeInsightRules operation. +// pageNum := 0 +// err := client.DescribeInsightRulesPages(params, +// func(page *cloudwatch.DescribeInsightRulesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *CloudWatch) DescribeInsightRulesPages(input *DescribeInsightRulesInput, fn func(*DescribeInsightRulesOutput, bool) bool) error { return c.DescribeInsightRulesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -974,14 +1134,13 @@ const opDisableAlarmActions = "DisableAlarmActions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DisableAlarmActionsRequest method. +// req, resp := client.DisableAlarmActionsRequest(params) // -// // Example sending a request using the DisableAlarmActionsRequest method. -// req, resp := client.DisableAlarmActionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DisableAlarmActions func (c *CloudWatch) DisableAlarmActionsRequest(input *DisableAlarmActionsInput) (req *request.Request, output *DisableAlarmActionsOutput) { @@ -1050,14 +1209,13 @@ const opDisableInsightRules = "DisableInsightRules" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DisableInsightRulesRequest method. +// req, resp := client.DisableInsightRulesRequest(params) // -// // Example sending a request using the DisableInsightRulesRequest method. -// req, resp := client.DisableInsightRulesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DisableInsightRules func (c *CloudWatch) DisableInsightRulesRequest(input *DisableInsightRulesInput) (req *request.Request, output *DisableInsightRulesOutput) { @@ -1089,11 +1247,12 @@ func (c *CloudWatch) DisableInsightRulesRequest(input *DisableInsightRulesInput) // API operation DisableInsightRules for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DisableInsightRules func (c *CloudWatch) DisableInsightRules(input *DisableInsightRulesInput) (*DisableInsightRulesOutput, error) { @@ -1133,14 +1292,13 @@ const opEnableAlarmActions = "EnableAlarmActions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the EnableAlarmActionsRequest method. +// req, resp := client.EnableAlarmActionsRequest(params) // -// // Example sending a request using the EnableAlarmActionsRequest method. -// req, resp := client.EnableAlarmActionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/EnableAlarmActions func (c *CloudWatch) EnableAlarmActionsRequest(input *EnableAlarmActionsInput) (req *request.Request, output *EnableAlarmActionsOutput) { @@ -1208,14 +1366,13 @@ const opEnableInsightRules = "EnableInsightRules" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the EnableInsightRulesRequest method. +// req, resp := client.EnableInsightRulesRequest(params) // -// // Example sending a request using the EnableInsightRulesRequest method. -// req, resp := client.EnableInsightRulesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/EnableInsightRules func (c *CloudWatch) EnableInsightRulesRequest(input *EnableInsightRulesInput) (req *request.Request, output *EnableInsightRulesOutput) { @@ -1247,14 +1404,15 @@ func (c *CloudWatch) EnableInsightRulesRequest(input *EnableInsightRulesInput) ( // API operation EnableInsightRules for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The operation exceeded one or more limits. +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// - ErrCodeLimitExceededException "LimitExceededException" +// The operation exceeded one or more limits. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/EnableInsightRules func (c *CloudWatch) EnableInsightRules(input *EnableInsightRulesInput) (*EnableInsightRulesOutput, error) { @@ -1294,14 +1452,13 @@ const opGetDashboard = "GetDashboard" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetDashboardRequest method. +// req, resp := client.GetDashboardRequest(params) // -// // Example sending a request using the GetDashboardRequest method. -// req, resp := client.GetDashboardRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetDashboard func (c *CloudWatch) GetDashboardRequest(input *GetDashboardInput) (req *request.Request, output *GetDashboardOutput) { @@ -1336,14 +1493,15 @@ func (c *CloudWatch) GetDashboardRequest(input *GetDashboardInput) (req *request // API operation GetDashboard for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeDashboardNotFoundError "ResourceNotFound" -// The specified dashboard does not exist. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeDashboardNotFoundError "ResourceNotFound" +// The specified dashboard does not exist. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetDashboard func (c *CloudWatch) GetDashboard(input *GetDashboardInput) (*GetDashboardOutput, error) { @@ -1383,14 +1541,13 @@ const opGetInsightRuleReport = "GetInsightRuleReport" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetInsightRuleReportRequest method. +// req, resp := client.GetInsightRuleReportRequest(params) // -// // Example sending a request using the GetInsightRuleReportRequest method. -// req, resp := client.GetInsightRuleReportRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetInsightRuleReport func (c *CloudWatch) GetInsightRuleReportRequest(input *GetInsightRuleReportInput) (req *request.Request, output *GetInsightRuleReportOutput) { @@ -1418,30 +1575,30 @@ func (c *CloudWatch) GetInsightRuleReportRequest(input *GetInsightRuleReportInpu // You can also optionally return one or more statistics about each data point // in the time series. These statistics can include the following: // -// * UniqueContributors -- the number of unique contributors for each data -// point. +// - UniqueContributors -- the number of unique contributors for each data +// point. // -// * MaxContributorValue -- the value of the top contributor for each data -// point. The identity of the contributor might change for each data point -// in the graph. If this rule aggregates by COUNT, the top contributor for -// each data point is the contributor with the most occurrences in that period. -// If the rule aggregates by SUM, the top contributor is the contributor -// with the highest sum in the log field specified by the rule's Value, during -// that period. +// - MaxContributorValue -- the value of the top contributor for each data +// point. The identity of the contributor might change for each data point +// in the graph. If this rule aggregates by COUNT, the top contributor for +// each data point is the contributor with the most occurrences in that period. +// If the rule aggregates by SUM, the top contributor is the contributor +// with the highest sum in the log field specified by the rule's Value, during +// that period. // -// * SampleCount -- the number of data points matched by the rule. +// - SampleCount -- the number of data points matched by the rule. // -// * Sum -- the sum of the values from all contributors during the time period -// represented by that data point. +// - Sum -- the sum of the values from all contributors during the time period +// represented by that data point. // -// * Minimum -- the minimum value from a single observation during the time -// period represented by that data point. +// - Minimum -- the minimum value from a single observation during the time +// period represented by that data point. // -// * Maximum -- the maximum value from a single observation during the time -// period represented by that data point. +// - Maximum -- the maximum value from a single observation during the time +// period represented by that data point. // -// * Average -- the average value from all contributors during the time period -// represented by that data point. +// - Average -- the average value from all contributors during the time period +// represented by that data point. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1451,14 +1608,15 @@ func (c *CloudWatch) GetInsightRuleReportRequest(input *GetInsightRuleReportInpu // API operation GetInsightRuleReport for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeResourceNotFoundException "ResourceNotFoundException" -// The named resource does not exist. +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// The named resource does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetInsightRuleReport func (c *CloudWatch) GetInsightRuleReport(input *GetInsightRuleReportInput) (*GetInsightRuleReportOutput, error) { @@ -1498,14 +1656,13 @@ const opGetMetricData = "GetMetricData" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetMetricDataRequest method. +// req, resp := client.GetMetricDataRequest(params) // -// // Example sending a request using the GetMetricDataRequest method. -// req, resp := client.GetMetricDataRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetMetricData func (c *CloudWatch) GetMetricDataRequest(input *GetMetricDataInput) (req *request.Request, output *GetMetricDataOutput) { @@ -1532,34 +1689,45 @@ func (c *CloudWatch) GetMetricDataRequest(input *GetMetricDataInput) (req *reque // GetMetricData API operation for Amazon CloudWatch. // -// You can use the GetMetricData API to retrieve as many as 500 different metrics -// in a single request, with a total of as many as 100,800 data points. You -// can also optionally perform math expressions on the values of the returned -// statistics, to create new time series that represent new insights into your -// data. For example, using Lambda metrics, you could divide the Errors metric -// by the Invocations metric to get an error rate time series. For more information -// about metric math expressions, see Metric Math Syntax and Functions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) +// You can use the GetMetricData API to retrieve CloudWatch metric values. The +// operation can also include a CloudWatch Metrics Insights query, and one or +// more metric math functions. +// +// A GetMetricData operation that does not include a query can retrieve as many +// as 500 different metrics in a single request, with a total of as many as +// 100,800 data points. You can also optionally perform metric math expressions +// on the values of the returned statistics, to create new time series that +// represent new insights into your data. For example, using Lambda metrics, +// you could divide the Errors metric by the Invocations metric to get an error +// rate time series. For more information about metric math expressions, see +// Metric Math Syntax and Functions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) // in the Amazon CloudWatch User Guide. // +// If you include a Metrics Insights query, each GetMetricData operation can +// include only one query. But the same GetMetricData operation can also retrieve +// other metrics. Metrics Insights queries can query only the most recent three +// hours of metric data. For more information about Metrics Insights, see Query +// your metrics with CloudWatch Metrics Insights (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/query_with_cloudwatch-metrics-insights.html). +// // Calls to the GetMetricData API have a different pricing structure than calls // to GetMetricStatistics. For more information about pricing, see Amazon CloudWatch // Pricing (https://aws.amazon.com/cloudwatch/pricing/). // // Amazon CloudWatch retains metric data as follows: // -// * Data points with a period of less than 60 seconds are available for -// 3 hours. These data points are high-resolution metrics and are available -// only for custom metrics that have been defined with a StorageResolution -// of 1. +// - Data points with a period of less than 60 seconds are available for +// 3 hours. These data points are high-resolution metrics and are available +// only for custom metrics that have been defined with a StorageResolution +// of 1. // -// * Data points with a period of 60 seconds (1-minute) are available for -// 15 days. +// - Data points with a period of 60 seconds (1-minute) are available for +// 15 days. // -// * Data points with a period of 300 seconds (5-minute) are available for -// 63 days. +// - Data points with a period of 300 seconds (5-minute) are available for +// 63 days. // -// * Data points with a period of 3600 seconds (1 hour) are available for -// 455 days (15 months). +// - Data points with a period of 3600 seconds (1 hour) are available for +// 455 days (15 months). // // Data points that are initially published with a shorter period are aggregated // together for long-term storage. For example, if you collect data using a @@ -1575,6 +1743,17 @@ func (c *CloudWatch) GetMetricDataRequest(input *GetMetricDataInput) (req *reque // a unit that does not match the data collected, the results of the operation // are null. CloudWatch does not perform unit conversions. // +// # Using Metrics Insights queries with metric math +// +// You can't mix a Metric Insights query and metric math syntax in the same +// expression, but you can reference results from a Metrics Insights query within +// other Metric math expressions. A Metrics Insights query without a GROUP BY +// clause returns a single time-series (TS), and can be used as input for a +// metric math expression that expects a single time series. A Metrics Insights +// query with a GROUP BY clause returns an array of time-series (TS[]), and +// can be used as input for a metric math expression that expects an array of +// time series. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1583,8 +1762,8 @@ func (c *CloudWatch) GetMetricDataRequest(input *GetMetricDataInput) (req *reque // API operation GetMetricData for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidNextToken "InvalidNextToken" -// The next token specified is invalid. +// - ErrCodeInvalidNextToken "InvalidNextToken" +// The next token specified is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetMetricData func (c *CloudWatch) GetMetricData(input *GetMetricDataInput) (*GetMetricDataOutput, error) { @@ -1616,15 +1795,14 @@ func (c *CloudWatch) GetMetricDataWithContext(ctx aws.Context, input *GetMetricD // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a GetMetricData operation. -// pageNum := 0 -// err := client.GetMetricDataPages(params, -// func(page *cloudwatch.GetMetricDataOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a GetMetricData operation. +// pageNum := 0 +// err := client.GetMetricDataPages(params, +// func(page *cloudwatch.GetMetricDataOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *CloudWatch) GetMetricDataPages(input *GetMetricDataInput, fn func(*GetMetricDataOutput, bool) bool) error { return c.GetMetricDataPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -1676,14 +1854,13 @@ const opGetMetricStatistics = "GetMetricStatistics" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetMetricStatisticsRequest method. +// req, resp := client.GetMetricStatisticsRequest(params) // -// // Example sending a request using the GetMetricStatisticsRequest method. -// req, resp := client.GetMetricStatisticsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetMetricStatistics func (c *CloudWatch) GetMetricStatisticsRequest(input *GetMetricStatisticsInput) (req *request.Request, output *GetMetricStatisticsOutput) { @@ -1722,28 +1899,28 @@ func (c *CloudWatch) GetMetricStatisticsRequest(input *GetMetricStatisticsInput) // publish data using a statistic set instead, you can only retrieve percentile // statistics for this data if one of the following conditions is true: // -// * The SampleCount value of the statistic set is 1. +// - The SampleCount value of the statistic set is 1. // -// * The Min and the Max values of the statistic set are equal. +// - The Min and the Max values of the statistic set are equal. // // Percentile statistics are not available for metrics when any of the metric // values are negative numbers. // // Amazon CloudWatch retains metric data as follows: // -// * Data points with a period of less than 60 seconds are available for -// 3 hours. These data points are high-resolution metrics and are available -// only for custom metrics that have been defined with a StorageResolution -// of 1. +// - Data points with a period of less than 60 seconds are available for +// 3 hours. These data points are high-resolution metrics and are available +// only for custom metrics that have been defined with a StorageResolution +// of 1. // -// * Data points with a period of 60 seconds (1-minute) are available for -// 15 days. +// - Data points with a period of 60 seconds (1-minute) are available for +// 15 days. // -// * Data points with a period of 300 seconds (5-minute) are available for -// 63 days. +// - Data points with a period of 300 seconds (5-minute) are available for +// 63 days. // -// * Data points with a period of 3600 seconds (1 hour) are available for -// 455 days (15 months). +// - Data points with a period of 3600 seconds (1 hour) are available for +// 455 days (15 months). // // Data points that are initially published with a shorter period are aggregated // together for long-term storage. For example, if you collect data using a @@ -1755,8 +1932,8 @@ func (c *CloudWatch) GetMetricStatisticsRequest(input *GetMetricStatisticsInput) // CloudWatch started retaining 5-minute and 1-hour metric data as of July 9, // 2016. // -// For information about metrics and dimensions supported by AWS services, see -// the Amazon CloudWatch Metrics and Dimensions Reference (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CW_Support_For_AWS.html) +// For information about metrics and dimensions supported by Amazon Web Services +// services, see the Amazon CloudWatch Metrics and Dimensions Reference (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CW_Support_For_AWS.html) // in the Amazon CloudWatch User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1767,17 +1944,18 @@ func (c *CloudWatch) GetMetricStatisticsRequest(input *GetMetricStatisticsInput) // API operation GetMetricStatistics for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. // -// * ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" -// Parameters were used together that cannot be used together. +// - ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" +// Parameters were used together that cannot be used together. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetMetricStatistics func (c *CloudWatch) GetMetricStatistics(input *GetMetricStatisticsInput) (*GetMetricStatisticsOutput, error) { @@ -1801,6 +1979,97 @@ func (c *CloudWatch) GetMetricStatisticsWithContext(ctx aws.Context, input *GetM return out, req.Send() } +const opGetMetricStream = "GetMetricStream" + +// GetMetricStreamRequest generates a "aws/request.Request" representing the +// client's request for the GetMetricStream operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetMetricStream for more information on using the GetMetricStream +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetMetricStreamRequest method. +// req, resp := client.GetMetricStreamRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetMetricStream +func (c *CloudWatch) GetMetricStreamRequest(input *GetMetricStreamInput) (req *request.Request, output *GetMetricStreamOutput) { + op := &request.Operation{ + Name: opGetMetricStream, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetMetricStreamInput{} + } + + output = &GetMetricStreamOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetMetricStream API operation for Amazon CloudWatch. +// +// Returns information about the metric stream that you specify. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation GetMetricStream for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// The named resource does not exist. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// - ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" +// Parameters were used together that cannot be used together. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetMetricStream +func (c *CloudWatch) GetMetricStream(input *GetMetricStreamInput) (*GetMetricStreamOutput, error) { + req, out := c.GetMetricStreamRequest(input) + return out, req.Send() +} + +// GetMetricStreamWithContext is the same as GetMetricStream with the addition of +// the ability to pass a context and additional request options. +// +// See GetMetricStream for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) GetMetricStreamWithContext(ctx aws.Context, input *GetMetricStreamInput, opts ...request.Option) (*GetMetricStreamOutput, error) { + req, out := c.GetMetricStreamRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetMetricWidgetImage = "GetMetricWidgetImage" // GetMetricWidgetImageRequest generates a "aws/request.Request" representing the @@ -1817,14 +2086,13 @@ const opGetMetricWidgetImage = "GetMetricWidgetImage" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetMetricWidgetImageRequest method. +// req, resp := client.GetMetricWidgetImageRequest(params) // -// // Example sending a request using the GetMetricWidgetImageRequest method. -// req, resp := client.GetMetricWidgetImageRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetMetricWidgetImage func (c *CloudWatch) GetMetricWidgetImageRequest(input *GetMetricWidgetImageInput) (req *request.Request, output *GetMetricWidgetImageOutput) { @@ -1857,9 +2125,9 @@ func (c *CloudWatch) GetMetricWidgetImageRequest(input *GetMetricWidgetImageInpu // There is a limit of 20 transactions per second for this API. Each GetMetricWidgetImage // action has the following limits: // -// * As many as 100 metrics in the graph. +// - As many as 100 metrics in the graph. // -// * Up to 100 KB uncompressed payload. +// - Up to 100 KB uncompressed payload. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1905,14 +2173,13 @@ const opListDashboards = "ListDashboards" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListDashboardsRequest method. +// req, resp := client.ListDashboardsRequest(params) // -// // Example sending a request using the ListDashboardsRequest method. -// req, resp := client.ListDashboardsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListDashboards func (c *CloudWatch) ListDashboardsRequest(input *ListDashboardsInput) (req *request.Request, output *ListDashboardsOutput) { @@ -1955,11 +2222,12 @@ func (c *CloudWatch) ListDashboardsRequest(input *ListDashboardsInput) (req *req // API operation ListDashboards for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListDashboards func (c *CloudWatch) ListDashboards(input *ListDashboardsInput) (*ListDashboardsOutput, error) { @@ -1991,15 +2259,14 @@ func (c *CloudWatch) ListDashboardsWithContext(ctx aws.Context, input *ListDashb // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListDashboards operation. -// pageNum := 0 -// err := client.ListDashboardsPages(params, -// func(page *cloudwatch.ListDashboardsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListDashboards operation. +// pageNum := 0 +// err := client.ListDashboardsPages(params, +// func(page *cloudwatch.ListDashboardsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *CloudWatch) ListDashboardsPages(input *ListDashboardsInput, fn func(*ListDashboardsOutput, bool) bool) error { return c.ListDashboardsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -2035,146 +2302,134 @@ func (c *CloudWatch) ListDashboardsPagesWithContext(ctx aws.Context, input *List return p.Err() } -const opListMetrics = "ListMetrics" +const opListManagedInsightRules = "ListManagedInsightRules" -// ListMetricsRequest generates a "aws/request.Request" representing the -// client's request for the ListMetrics operation. The "output" return +// ListManagedInsightRulesRequest generates a "aws/request.Request" representing the +// client's request for the ListManagedInsightRules operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListMetrics for more information on using the ListMetrics +// See ListManagedInsightRules for more information on using the ListManagedInsightRules // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListManagedInsightRulesRequest method. +// req, resp := client.ListManagedInsightRulesRequest(params) // -// // Example sending a request using the ListMetricsRequest method. -// req, resp := client.ListMetricsRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListMetrics -func (c *CloudWatch) ListMetricsRequest(input *ListMetricsInput) (req *request.Request, output *ListMetricsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListManagedInsightRules +func (c *CloudWatch) ListManagedInsightRulesRequest(input *ListManagedInsightRulesInput) (req *request.Request, output *ListManagedInsightRulesOutput) { op := &request.Operation{ - Name: opListMetrics, + Name: opListManagedInsightRules, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"NextToken"}, OutputTokens: []string{"NextToken"}, - LimitToken: "", + LimitToken: "MaxResults", TruncationToken: "", }, } if input == nil { - input = &ListMetricsInput{} + input = &ListManagedInsightRulesInput{} } - output = &ListMetricsOutput{} + output = &ListManagedInsightRulesOutput{} req = c.newRequest(op, input, output) return } -// ListMetrics API operation for Amazon CloudWatch. -// -// List the specified metrics. You can use the returned metrics with GetMetricData -// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) -// or GetMetricStatistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html) -// to obtain statistical data. -// -// Up to 500 results are returned for any one call. To retrieve additional results, -// use the returned token with subsequent calls. +// ListManagedInsightRules API operation for Amazon CloudWatch. // -// After you create a metric, allow up to 15 minutes before the metric appears. -// You can see statistics about the metric sooner by using GetMetricData (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) -// or GetMetricStatistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html). -// -// ListMetrics doesn't return information about metrics if those metrics haven't -// reported data in the past two weeks. To retrieve those metrics, use GetMetricData -// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) -// or GetMetricStatistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html). +// Returns a list that contains the number of managed Contributor Insights rules +// in your account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch's -// API operation ListMetrics for usage and error information. +// API operation ListManagedInsightRules for usage and error information. // // Returned Error Codes: -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. // -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListMetrics -func (c *CloudWatch) ListMetrics(input *ListMetricsInput) (*ListMetricsOutput, error) { - req, out := c.ListMetricsRequest(input) +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// - ErrCodeInvalidNextToken "InvalidNextToken" +// The next token specified is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListManagedInsightRules +func (c *CloudWatch) ListManagedInsightRules(input *ListManagedInsightRulesInput) (*ListManagedInsightRulesOutput, error) { + req, out := c.ListManagedInsightRulesRequest(input) return out, req.Send() } -// ListMetricsWithContext is the same as ListMetrics with the addition of +// ListManagedInsightRulesWithContext is the same as ListManagedInsightRules with the addition of // the ability to pass a context and additional request options. // -// See ListMetrics for details on how to use this API operation. +// See ListManagedInsightRules for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatch) ListMetricsWithContext(ctx aws.Context, input *ListMetricsInput, opts ...request.Option) (*ListMetricsOutput, error) { - req, out := c.ListMetricsRequest(input) +func (c *CloudWatch) ListManagedInsightRulesWithContext(ctx aws.Context, input *ListManagedInsightRulesInput, opts ...request.Option) (*ListManagedInsightRulesOutput, error) { + req, out := c.ListManagedInsightRulesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListMetricsPages iterates over the pages of a ListMetrics operation, +// ListManagedInsightRulesPages iterates over the pages of a ListManagedInsightRules operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListMetrics method for more information on how to use this operation. +// See ListManagedInsightRules method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListMetrics operation. -// pageNum := 0 -// err := client.ListMetricsPages(params, -// func(page *cloudwatch.ListMetricsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatch) ListMetricsPages(input *ListMetricsInput, fn func(*ListMetricsOutput, bool) bool) error { - return c.ListMetricsPagesWithContext(aws.BackgroundContext(), input, fn) +// // Example iterating over at most 3 pages of a ListManagedInsightRules operation. +// pageNum := 0 +// err := client.ListManagedInsightRulesPages(params, +// func(page *cloudwatch.ListManagedInsightRulesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatch) ListManagedInsightRulesPages(input *ListManagedInsightRulesInput, fn func(*ListManagedInsightRulesOutput, bool) bool) error { + return c.ListManagedInsightRulesPagesWithContext(aws.BackgroundContext(), input, fn) } -// ListMetricsPagesWithContext same as ListMetricsPages except +// ListManagedInsightRulesPagesWithContext same as ListManagedInsightRulesPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatch) ListMetricsPagesWithContext(ctx aws.Context, input *ListMetricsInput, fn func(*ListMetricsOutput, bool) bool, opts ...request.Option) error { +func (c *CloudWatch) ListManagedInsightRulesPagesWithContext(ctx aws.Context, input *ListManagedInsightRulesInput, fn func(*ListManagedInsightRulesOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *ListMetricsInput + var inCpy *ListManagedInsightRulesInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.ListMetricsRequest(inCpy) + req, _ := c.ListManagedInsightRulesRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -2182,7 +2437,7 @@ func (c *CloudWatch) ListMetricsPagesWithContext(ctx aws.Context, input *ListMet } for p.Next() { - if !fn(p.Page().(*ListMetricsOutput), !p.HasNextPage()) { + if !fn(p.Page().(*ListManagedInsightRulesOutput), !p.HasNextPage()) { break } } @@ -2190,51 +2445,354 @@ func (c *CloudWatch) ListMetricsPagesWithContext(ctx aws.Context, input *ListMet return p.Err() } -const opListTagsForResource = "ListTagsForResource" +const opListMetricStreams = "ListMetricStreams" -// ListTagsForResourceRequest generates a "aws/request.Request" representing the -// client's request for the ListTagsForResource operation. The "output" return +// ListMetricStreamsRequest generates a "aws/request.Request" representing the +// client's request for the ListMetricStreams operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListTagsForResource for more information on using the ListTagsForResource +// See ListMetricStreams for more information on using the ListMetricStreams // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListMetricStreamsRequest method. +// req, resp := client.ListMetricStreamsRequest(params) // -// // Example sending a request using the ListTagsForResourceRequest method. -// req, resp := client.ListTagsForResourceRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListTagsForResource -func (c *CloudWatch) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListMetricStreams +func (c *CloudWatch) ListMetricStreamsRequest(input *ListMetricStreamsInput) (req *request.Request, output *ListMetricStreamsOutput) { op := &request.Operation{ - Name: opListTagsForResource, + Name: opListMetricStreams, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { - input = &ListTagsForResourceInput{} + input = &ListMetricStreamsInput{} } - output = &ListTagsForResourceOutput{} + output = &ListMetricStreamsOutput{} req = c.newRequest(op, input, output) return } -// ListTagsForResource API operation for Amazon CloudWatch. +// ListMetricStreams API operation for Amazon CloudWatch. // -// Displays the tags associated with a CloudWatch resource. Currently, alarms +// Returns a list of metric streams in this account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation ListMetricStreams for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidNextToken "InvalidNextToken" +// The next token specified is invalid. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListMetricStreams +func (c *CloudWatch) ListMetricStreams(input *ListMetricStreamsInput) (*ListMetricStreamsOutput, error) { + req, out := c.ListMetricStreamsRequest(input) + return out, req.Send() +} + +// ListMetricStreamsWithContext is the same as ListMetricStreams with the addition of +// the ability to pass a context and additional request options. +// +// See ListMetricStreams for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) ListMetricStreamsWithContext(ctx aws.Context, input *ListMetricStreamsInput, opts ...request.Option) (*ListMetricStreamsOutput, error) { + req, out := c.ListMetricStreamsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListMetricStreamsPages iterates over the pages of a ListMetricStreams operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListMetricStreams method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListMetricStreams operation. +// pageNum := 0 +// err := client.ListMetricStreamsPages(params, +// func(page *cloudwatch.ListMetricStreamsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatch) ListMetricStreamsPages(input *ListMetricStreamsInput, fn func(*ListMetricStreamsOutput, bool) bool) error { + return c.ListMetricStreamsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListMetricStreamsPagesWithContext same as ListMetricStreamsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) ListMetricStreamsPagesWithContext(ctx aws.Context, input *ListMetricStreamsInput, fn func(*ListMetricStreamsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListMetricStreamsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListMetricStreamsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListMetricStreamsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListMetrics = "ListMetrics" + +// ListMetricsRequest generates a "aws/request.Request" representing the +// client's request for the ListMetrics operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListMetrics for more information on using the ListMetrics +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListMetricsRequest method. +// req, resp := client.ListMetricsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListMetrics +func (c *CloudWatch) ListMetricsRequest(input *ListMetricsInput) (req *request.Request, output *ListMetricsOutput) { + op := &request.Operation{ + Name: opListMetrics, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListMetricsInput{} + } + + output = &ListMetricsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListMetrics API operation for Amazon CloudWatch. +// +// List the specified metrics. You can use the returned metrics with GetMetricData +// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) +// or GetMetricStatistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html) +// to get statistical data. +// +// Up to 500 results are returned for any one call. To retrieve additional results, +// use the returned token with subsequent calls. +// +// After you create a metric, allow up to 15 minutes for the metric to appear. +// To see metric statistics sooner, use GetMetricData (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) +// or GetMetricStatistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html). +// +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account and view metrics from the linked source +// accounts. For more information, see CloudWatch cross-account observability +// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). +// +// ListMetrics doesn't return information about metrics if those metrics haven't +// reported data in the past two weeks. To retrieve those metrics, use GetMetricData +// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricData.html) +// or GetMetricStatistics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation ListMetrics for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListMetrics +func (c *CloudWatch) ListMetrics(input *ListMetricsInput) (*ListMetricsOutput, error) { + req, out := c.ListMetricsRequest(input) + return out, req.Send() +} + +// ListMetricsWithContext is the same as ListMetrics with the addition of +// the ability to pass a context and additional request options. +// +// See ListMetrics for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) ListMetricsWithContext(ctx aws.Context, input *ListMetricsInput, opts ...request.Option) (*ListMetricsOutput, error) { + req, out := c.ListMetricsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListMetricsPages iterates over the pages of a ListMetrics operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListMetrics method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListMetrics operation. +// pageNum := 0 +// err := client.ListMetricsPages(params, +// func(page *cloudwatch.ListMetricsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatch) ListMetricsPages(input *ListMetricsInput, fn func(*ListMetricsOutput, bool) bool) error { + return c.ListMetricsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListMetricsPagesWithContext same as ListMetricsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) ListMetricsPagesWithContext(ctx aws.Context, input *ListMetricsInput, fn func(*ListMetricsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListMetricsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListMetricsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListMetricsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListTagsForResource = "ListTagsForResource" + +// ListTagsForResourceRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsForResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsForResource for more information on using the ListTagsForResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListTagsForResource +func (c *CloudWatch) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { + op := &request.Operation{ + Name: opListTagsForResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ListTagsForResourceInput{} + } + + output = &ListTagsForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsForResource API operation for Amazon CloudWatch. +// +// Displays the tags associated with a CloudWatch resource. Currently, alarms // and Contributor Insights rules support tagging. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2245,14 +2803,15 @@ func (c *CloudWatch) ListTagsForResourceRequest(input *ListTagsForResourceInput) // API operation ListTagsForResource for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeResourceNotFoundException "ResourceNotFoundException" -// The named resource does not exist. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// The named resource does not exist. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/ListTagsForResource func (c *CloudWatch) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { @@ -2292,14 +2851,13 @@ const opPutAnomalyDetector = "PutAnomalyDetector" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutAnomalyDetectorRequest method. +// req, resp := client.PutAnomalyDetectorRequest(params) // -// // Example sending a request using the PutAnomalyDetectorRequest method. -// req, resp := client.PutAnomalyDetectorRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutAnomalyDetector func (c *CloudWatch) PutAnomalyDetectorRequest(input *PutAnomalyDetectorInput) (req *request.Request, output *PutAnomalyDetectorOutput) { @@ -2324,6 +2882,11 @@ func (c *CloudWatch) PutAnomalyDetectorRequest(input *PutAnomalyDetectorInput) ( // Creates an anomaly detection model for a CloudWatch metric. You can use the // model to display a band of expected normal values when the metric is graphed. // +// If you have enabled unified cross-account observability, and this account +// is a monitoring account, the metric can be in the same account or a source +// account. You can specify the account ID in the object you specify in the +// SingleMetricAnomalyDetector parameter. +// // For more information, see CloudWatch Anomaly Detection (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Anomaly_Detection.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2334,17 +2897,21 @@ func (c *CloudWatch) PutAnomalyDetectorRequest(input *PutAnomalyDetectorInput) ( // API operation PutAnomalyDetector for usage and error information. // // Returned Error Codes: -// * ErrCodeLimitExceededException "LimitExceededException" -// The operation exceeded one or more limits. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeLimitExceededException "LimitExceededException" +// The operation exceeded one or more limits. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// - ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" +// Parameters were used together that cannot be used together. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutAnomalyDetector func (c *CloudWatch) PutAnomalyDetector(input *PutAnomalyDetectorInput) (*PutAnomalyDetectorOutput, error) { @@ -2384,14 +2951,13 @@ const opPutCompositeAlarm = "PutCompositeAlarm" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutCompositeAlarmRequest method. +// req, resp := client.PutCompositeAlarmRequest(params) // -// // Example sending a request using the PutCompositeAlarmRequest method. -// req, resp := client.PutCompositeAlarmRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutCompositeAlarm func (c *CloudWatch) PutCompositeAlarmRequest(input *PutCompositeAlarmInput) (req *request.Request, output *PutCompositeAlarmOutput) { @@ -2419,7 +2985,9 @@ func (c *CloudWatch) PutCompositeAlarmRequest(input *PutCompositeAlarmInput) (re // ALARM state only if all conditions of the rule are met. // // The alarms specified in a composite alarm's rule expression can include metric -// alarms and other composite alarms. +// alarms and other composite alarms. The rule expression of a composite alarm +// can include as many as 100 underlying alarms. Any single alarm can be included +// in the rule expressions of as many as 150 composite alarms. // // Using composite alarms can reduce alarm noise. You can create multiple metric // alarms, and also create a composite alarm and set up alerts only for the @@ -2427,8 +2995,15 @@ func (c *CloudWatch) PutCompositeAlarmRequest(input *PutCompositeAlarmInput) (re // into ALARM state only when more than one of the underlying metric alarms // are in ALARM state. // -// Currently, the only alarm actions that can be taken by composite alarms are -// notifying SNS topics. +// Composite alarms can take the following actions: +// +// - Notify Amazon SNS topics. +// +// - Invoke Lambda functions. +// +// - Create OpsItems in Systems Manager Ops Center. +// +// - Create incidents in Systems Manager Incident Manager. // // It is possible to create a loop or cycle of composite alarms, where composite // alarm A depends on composite alarm B, and composite alarm B also depends @@ -2439,7 +3014,7 @@ func (c *CloudWatch) PutCompositeAlarmRequest(input *PutCompositeAlarmInput) (re // To get out of such a situation, you must break the cycle by changing the // rule of one of the composite alarms in the cycle to remove a dependency that // creates the cycle. The simplest change to make to break a cycle is to change -// the AlarmRule of one of the alarms to False. +// the AlarmRule of one of the alarms to false. // // Additionally, the evaluation of composite alarms stops if CloudWatch detects // a cycle in the evaluation path. @@ -2453,6 +3028,10 @@ func (c *CloudWatch) PutCompositeAlarmRequest(input *PutCompositeAlarmInput) (re // When you update an existing alarm, its state is left unchanged, but the update // completely overwrites the previous configuration of the alarm. // +// To use this operation, you must be signed on with the cloudwatch:PutCompositeAlarm +// permission that is scoped to *. You can't create a composite alarms if your +// cloudwatch:PutCompositeAlarm permission has a narrower scope. +// // If you are an IAM user, you must have iam:CreateServiceLinkedRole to create // a composite alarm that has Systems Manager OpsItem actions. // @@ -2464,8 +3043,8 @@ func (c *CloudWatch) PutCompositeAlarmRequest(input *PutCompositeAlarmInput) (re // API operation PutCompositeAlarm for usage and error information. // // Returned Error Codes: -// * ErrCodeLimitExceededFault "LimitExceeded" -// The quota for alarms for this customer has already been reached. +// - ErrCodeLimitExceededFault "LimitExceeded" +// The quota for alarms for this customer has already been reached. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutCompositeAlarm func (c *CloudWatch) PutCompositeAlarm(input *PutCompositeAlarmInput) (*PutCompositeAlarmOutput, error) { @@ -2505,14 +3084,13 @@ const opPutDashboard = "PutDashboard" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutDashboardRequest method. +// req, resp := client.PutDashboardRequest(params) // -// // Example sending a request using the PutDashboardRequest method. -// req, resp := client.PutDashboardRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutDashboard func (c *CloudWatch) PutDashboardRequest(input *PutDashboardInput) (req *request.Request, output *PutDashboardOutput) { @@ -2560,11 +3138,12 @@ func (c *CloudWatch) PutDashboardRequest(input *PutDashboardInput) (req *request // API operation PutDashboard for usage and error information. // // Returned Error Codes: -// * ErrCodeDashboardInvalidInputError "InvalidParameterInput" -// Some part of the dashboard data is invalid. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeDashboardInvalidInputError "InvalidParameterInput" +// Some part of the dashboard data is invalid. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutDashboard func (c *CloudWatch) PutDashboard(input *PutDashboardInput) (*PutDashboardOutput, error) { @@ -2604,14 +3183,13 @@ const opPutInsightRule = "PutInsightRule" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutInsightRuleRequest method. +// req, resp := client.PutInsightRuleRequest(params) // -// // Example sending a request using the PutInsightRuleRequest method. -// req, resp := client.PutInsightRuleRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutInsightRule func (c *CloudWatch) PutInsightRuleRequest(input *PutInsightRuleInput) (req *request.Request, output *PutInsightRuleOutput) { @@ -2649,14 +3227,15 @@ func (c *CloudWatch) PutInsightRuleRequest(input *PutInsightRuleInput) (req *req // API operation PutInsightRule for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The operation exceeded one or more limits. +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// - ErrCodeLimitExceededException "LimitExceededException" +// The operation exceeded one or more limits. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutInsightRule func (c *CloudWatch) PutInsightRule(input *PutInsightRuleInput) (*PutInsightRuleOutput, error) { @@ -2680,33 +3259,121 @@ func (c *CloudWatch) PutInsightRuleWithContext(ctx aws.Context, input *PutInsigh return out, req.Send() } -const opPutMetricAlarm = "PutMetricAlarm" +const opPutManagedInsightRules = "PutManagedInsightRules" -// PutMetricAlarmRequest generates a "aws/request.Request" representing the -// client's request for the PutMetricAlarm operation. The "output" return +// PutManagedInsightRulesRequest generates a "aws/request.Request" representing the +// client's request for the PutManagedInsightRules operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutMetricAlarm for more information on using the PutMetricAlarm +// See PutManagedInsightRules for more information on using the PutManagedInsightRules // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutManagedInsightRulesRequest method. +// req, resp := client.PutManagedInsightRulesRequest(params) // -// // Example sending a request using the PutMetricAlarmRequest method. -// req, resp := client.PutMetricAlarmRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutMetricAlarm -func (c *CloudWatch) PutMetricAlarmRequest(input *PutMetricAlarmInput) (req *request.Request, output *PutMetricAlarmOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutManagedInsightRules +func (c *CloudWatch) PutManagedInsightRulesRequest(input *PutManagedInsightRulesInput) (req *request.Request, output *PutManagedInsightRulesOutput) { + op := &request.Operation{ + Name: opPutManagedInsightRules, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutManagedInsightRulesInput{} + } + + output = &PutManagedInsightRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutManagedInsightRules API operation for Amazon CloudWatch. +// +// Creates a managed Contributor Insights rule for a specified Amazon Web Services +// resource. When you enable a managed rule, you create a Contributor Insights +// rule that collects data from Amazon Web Services services. You cannot edit +// these rules with PutInsightRule. The rules can be enabled, disabled, and +// deleted using EnableInsightRules, DisableInsightRules, and DeleteInsightRules. +// If a previously created managed rule is currently disabled, a subsequent +// call to this API will re-enable it. Use ListManagedInsightRules to describe +// all available rules. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation PutManagedInsightRules for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutManagedInsightRules +func (c *CloudWatch) PutManagedInsightRules(input *PutManagedInsightRulesInput) (*PutManagedInsightRulesOutput, error) { + req, out := c.PutManagedInsightRulesRequest(input) + return out, req.Send() +} + +// PutManagedInsightRulesWithContext is the same as PutManagedInsightRules with the addition of +// the ability to pass a context and additional request options. +// +// See PutManagedInsightRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) PutManagedInsightRulesWithContext(ctx aws.Context, input *PutManagedInsightRulesInput, opts ...request.Option) (*PutManagedInsightRulesOutput, error) { + req, out := c.PutManagedInsightRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutMetricAlarm = "PutMetricAlarm" + +// PutMetricAlarmRequest generates a "aws/request.Request" representing the +// client's request for the PutMetricAlarm operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutMetricAlarm for more information on using the PutMetricAlarm +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutMetricAlarmRequest method. +// req, resp := client.PutMetricAlarmRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutMetricAlarm +func (c *CloudWatch) PutMetricAlarmRequest(input *PutMetricAlarmInput) (req *request.Request, output *PutMetricAlarmOutput) { op := &request.Operation{ Name: opPutMetricAlarm, HTTPMethod: "POST", @@ -2726,7 +3393,9 @@ func (c *CloudWatch) PutMetricAlarmRequest(input *PutMetricAlarmInput) (req *req // PutMetricAlarm API operation for Amazon CloudWatch. // // Creates or updates an alarm and associates it with the specified metric, -// metric math expression, or anomaly detection model. +// metric math expression, anomaly detection model, or Metrics Insights query. +// For more information about using a Metrics Insights query for an alarm, see +// Create alarms on Metrics Insights queries (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Metrics_Insights_Alarm.html). // // Alarms based on anomaly detection models cannot have Auto Scaling actions. // @@ -2740,16 +3409,39 @@ func (c *CloudWatch) PutMetricAlarmRequest(input *PutMetricAlarmInput) (req *req // If you are an IAM user, you must have Amazon EC2 permissions for some alarm // operations: // -// * The iam:CreateServiceLinkedRole for all alarms with EC2 actions +// - The iam:CreateServiceLinkedRole permission for all alarms with EC2 actions +// +// - The iam:CreateServiceLinkedRole permissions to create an alarm with +// Systems Manager OpsItem or response plan actions. +// +// The first time you create an alarm in the Amazon Web Services Management +// Console, the CLI, or by using the PutMetricAlarm API, CloudWatch creates +// the necessary service-linked role for you. The service-linked roles are called +// AWSServiceRoleForCloudWatchEvents and AWSServiceRoleForCloudWatchAlarms_ActionSSM. +// For more information, see Amazon Web Services service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role). +// +// Each PutMetricAlarm action has a maximum uncompressed payload of 120 KB. +// +// # Cross-account alarms +// +// You can set an alarm on metrics in the current account, or in another account. +// To create a cross-account alarm that watches a metric in a different account, +// you must have completed the following pre-requisites: // -// * The iam:CreateServiceLinkedRole to create an alarm with Systems Manager -// OpsItem actions. +// - The account where the metrics are located (the sharing account) must +// already have a sharing role named CloudWatch-CrossAccountSharingRole. +// If it does not already have this role, you must create it using the instructions +// in Set up a sharing account in Cross-account cross-Region CloudWatch console +// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region). +// The policy for that role must grant access to the ID of the account where +// you are creating the alarm. // -// The first time you create an alarm in the AWS Management Console, the CLI, -// or by using the PutMetricAlarm API, CloudWatch creates the necessary service-linked -// rolea for you. The service-linked roles are called AWSServiceRoleForCloudWatchEvents -// and AWSServiceRoleForCloudWatchAlarms_ActionSSM. For more information, see -// AWS service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role). +// - The account where you are creating the alarm (the monitoring account) +// must already have a service-linked role named AWSServiceRoleForCloudWatchCrossAccount +// to allow CloudWatch to assume the sharing role in the sharing account. +// If it does not, you must create it following the directions in Set up +// a monitoring account in Cross-account cross-Region CloudWatch console +// (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2759,8 +3451,8 @@ func (c *CloudWatch) PutMetricAlarmRequest(input *PutMetricAlarmInput) (req *req // API operation PutMetricAlarm for usage and error information. // // Returned Error Codes: -// * ErrCodeLimitExceededFault "LimitExceeded" -// The quota for alarms for this customer has already been reached. +// - ErrCodeLimitExceededFault "LimitExceeded" +// The quota for alarms for this customer has already been reached. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutMetricAlarm func (c *CloudWatch) PutMetricAlarm(input *PutMetricAlarmInput) (*PutMetricAlarmOutput, error) { @@ -2800,14 +3492,13 @@ const opPutMetricData = "PutMetricData" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutMetricDataRequest method. +// req, resp := client.PutMetricDataRequest(params) // -// // Example sending a request using the PutMetricDataRequest method. -// req, resp := client.PutMetricDataRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutMetricData func (c *CloudWatch) PutMetricDataRequest(input *PutMetricDataInput) (req *request.Request, output *PutMetricDataOutput) { @@ -2837,21 +3528,21 @@ func (c *CloudWatch) PutMetricDataRequest(input *PutMetricDataInput) (req *reque // // You can publish either individual data points in the Value field, or arrays // of values and the number of times each value occurred during the period by -// using the Values and Counts fields in the MetricDatum structure. Using the +// using the Values and Counts fields in the MetricData structure. Using the // Values and Counts method enables you to publish up to 150 values per metric // with one PutMetricData request, and supports retrieving percentile statistics // on this data. // -// Each PutMetricData request is limited to 40 KB in size for HTTP POST requests. +// Each PutMetricData request is limited to 1 MB in size for HTTP POST requests. // You can send a payload compressed by gzip. Each request is also limited to -// no more than 20 different metrics. +// no more than 1000 different metrics. // // Although the Value parameter accepts numbers of type Double, CloudWatch rejects // values that are either too small or too large. Values must be in the range // of -2^360 to 2^360. In addition, special values (for example, NaN, +Infinity, // -Infinity) are not supported. // -// You can use up to 10 dimensions per metric to further clarify what data the +// You can use up to 30 dimensions per metric to further clarify what data the // metric collects. Each dimension consists of a Name and Value pair. For more // information about specifying dimensions, see Publishing Metrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html) // in the Amazon CloudWatch User Guide. @@ -2872,10 +3563,10 @@ func (c *CloudWatch) PutMetricDataRequest(input *PutMetricDataInput) (req *reque // publish data using a statistic set instead, you can only retrieve percentile // statistics for this data if one of the following conditions is true: // -// * The SampleCount value of the statistic set is 1 and Min, Max, and Sum -// are all equal. +// - The SampleCount value of the statistic set is 1 and Min, Max, and Sum +// are all equal. // -// * The Min and Max are equal, and Sum is equal to Min multiplied by SampleCount. +// - The Min and Max are equal, and Sum is equal to Min multiplied by SampleCount. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2885,17 +3576,18 @@ func (c *CloudWatch) PutMetricDataRequest(input *PutMetricDataInput) (req *reque // API operation PutMetricData for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeMissingRequiredParameterException "MissingParameter" -// An input parameter that is required is missing. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. // -// * ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" -// Parameters were used together that cannot be used together. +// - ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" +// Parameters were used together that cannot be used together. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutMetricData func (c *CloudWatch) PutMetricData(input *PutMetricDataInput) (*PutMetricDataOutput, error) { @@ -2919,6 +3611,129 @@ func (c *CloudWatch) PutMetricDataWithContext(ctx aws.Context, input *PutMetricD return out, req.Send() } +const opPutMetricStream = "PutMetricStream" + +// PutMetricStreamRequest generates a "aws/request.Request" representing the +// client's request for the PutMetricStream operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutMetricStream for more information on using the PutMetricStream +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutMetricStreamRequest method. +// req, resp := client.PutMetricStreamRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutMetricStream +func (c *CloudWatch) PutMetricStreamRequest(input *PutMetricStreamInput) (req *request.Request, output *PutMetricStreamOutput) { + op := &request.Operation{ + Name: opPutMetricStream, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutMetricStreamInput{} + } + + output = &PutMetricStreamOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutMetricStream API operation for Amazon CloudWatch. +// +// Creates or updates a metric stream. Metric streams can automatically stream +// CloudWatch metrics to Amazon Web Services destinations, including Amazon +// S3, and to many third-party solutions. +// +// For more information, see Using Metric Streams (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Metric-Streams.html). +// +// To create a metric stream, you must be signed in to an account that has the +// iam:PassRole permission and either the CloudWatchFullAccess policy or the +// cloudwatch:PutMetricStream permission. +// +// When you create or update a metric stream, you choose one of the following: +// +// - Stream metrics from all metric namespaces in the account. +// +// - Stream metrics from all metric namespaces in the account, except for +// the namespaces that you list in ExcludeFilters. +// +// - Stream metrics from only the metric namespaces that you list in IncludeFilters. +// +// By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT +// statistics for each metric that is streamed. You can use the StatisticsConfigurations +// parameter to have the metric stream send additional statistics in the stream. +// Streaming additional statistics incurs additional costs. For more information, +// see Amazon CloudWatch Pricing (https://aws.amazon.com/cloudwatch/pricing/). +// +// When you use PutMetricStream to create a new metric stream, the stream is +// created in the running state. If you use it to update an existing stream, +// the state of the stream is not changed. +// +// If you are using CloudWatch cross-account observability and you create a +// metric stream in a monitoring account, you can choose whether to include +// metrics from source accounts in the stream. For more information, see CloudWatch +// cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation PutMetricStream for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeConcurrentModificationException "ConcurrentModificationException" +// More than one process tried to modify a resource at the same time. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// - ErrCodeInvalidParameterCombinationException "InvalidParameterCombination" +// Parameters were used together that cannot be used together. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutMetricStream +func (c *CloudWatch) PutMetricStream(input *PutMetricStreamInput) (*PutMetricStreamOutput, error) { + req, out := c.PutMetricStreamRequest(input) + return out, req.Send() +} + +// PutMetricStreamWithContext is the same as PutMetricStream with the addition of +// the ability to pass a context and additional request options. +// +// See PutMetricStream for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) PutMetricStreamWithContext(ctx aws.Context, input *PutMetricStreamInput, opts ...request.Option) (*PutMetricStreamOutput, error) { + req, out := c.PutMetricStreamRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opSetAlarmState = "SetAlarmState" // SetAlarmStateRequest generates a "aws/request.Request" representing the @@ -2935,14 +3750,13 @@ const opSetAlarmState = "SetAlarmState" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the SetAlarmStateRequest method. +// req, resp := client.SetAlarmStateRequest(params) // -// // Example sending a request using the SetAlarmStateRequest method. -// req, resp := client.SetAlarmStateRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/SetAlarmState func (c *CloudWatch) SetAlarmStateRequest(input *SetAlarmStateInput) (req *request.Request, output *SetAlarmStateOutput) { @@ -2992,11 +3806,12 @@ func (c *CloudWatch) SetAlarmStateRequest(input *SetAlarmStateInput) (req *reque // API operation SetAlarmState for usage and error information. // // Returned Error Codes: -// * ErrCodeResourceNotFound "ResourceNotFound" -// The named resource does not exist. // -// * ErrCodeInvalidFormatFault "InvalidFormat" -// Data was not syntactically valid JSON. +// - ErrCodeResourceNotFound "ResourceNotFound" +// The named resource does not exist. +// +// - ErrCodeInvalidFormatFault "InvalidFormat" +// Data was not syntactically valid JSON. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/SetAlarmState func (c *CloudWatch) SetAlarmState(input *SetAlarmStateInput) (*SetAlarmStateOutput, error) { @@ -3020,6 +3835,178 @@ func (c *CloudWatch) SetAlarmStateWithContext(ctx aws.Context, input *SetAlarmSt return out, req.Send() } +const opStartMetricStreams = "StartMetricStreams" + +// StartMetricStreamsRequest generates a "aws/request.Request" representing the +// client's request for the StartMetricStreams operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartMetricStreams for more information on using the StartMetricStreams +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StartMetricStreamsRequest method. +// req, resp := client.StartMetricStreamsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/StartMetricStreams +func (c *CloudWatch) StartMetricStreamsRequest(input *StartMetricStreamsInput) (req *request.Request, output *StartMetricStreamsOutput) { + op := &request.Operation{ + Name: opStartMetricStreams, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StartMetricStreamsInput{} + } + + output = &StartMetricStreamsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// StartMetricStreams API operation for Amazon CloudWatch. +// +// Starts the streaming of metrics for one or more of your metric streams. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation StartMetricStreams for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/StartMetricStreams +func (c *CloudWatch) StartMetricStreams(input *StartMetricStreamsInput) (*StartMetricStreamsOutput, error) { + req, out := c.StartMetricStreamsRequest(input) + return out, req.Send() +} + +// StartMetricStreamsWithContext is the same as StartMetricStreams with the addition of +// the ability to pass a context and additional request options. +// +// See StartMetricStreams for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) StartMetricStreamsWithContext(ctx aws.Context, input *StartMetricStreamsInput, opts ...request.Option) (*StartMetricStreamsOutput, error) { + req, out := c.StartMetricStreamsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStopMetricStreams = "StopMetricStreams" + +// StopMetricStreamsRequest generates a "aws/request.Request" representing the +// client's request for the StopMetricStreams operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StopMetricStreams for more information on using the StopMetricStreams +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StopMetricStreamsRequest method. +// req, resp := client.StopMetricStreamsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/StopMetricStreams +func (c *CloudWatch) StopMetricStreamsRequest(input *StopMetricStreamsInput) (req *request.Request, output *StopMetricStreamsOutput) { + op := &request.Operation{ + Name: opStopMetricStreams, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StopMetricStreamsInput{} + } + + output = &StopMetricStreamsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// StopMetricStreams API operation for Amazon CloudWatch. +// +// Stops the streaming of metrics for one or more of your metric streams. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch's +// API operation StopMetricStreams for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. +// +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. +// +// - ErrCodeMissingRequiredParameterException "MissingParameter" +// An input parameter that is required is missing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/StopMetricStreams +func (c *CloudWatch) StopMetricStreams(input *StopMetricStreamsInput) (*StopMetricStreamsOutput, error) { + req, out := c.StopMetricStreamsRequest(input) + return out, req.Send() +} + +// StopMetricStreamsWithContext is the same as StopMetricStreams with the addition of +// the ability to pass a context and additional request options. +// +// See StopMetricStreams for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatch) StopMetricStreamsWithContext(ctx aws.Context, input *StopMetricStreamsInput, opts ...request.Option) (*StopMetricStreamsOutput, error) { + req, out := c.StopMetricStreamsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opTagResource = "TagResource" // TagResourceRequest generates a "aws/request.Request" representing the @@ -3036,14 +4023,13 @@ const opTagResource = "TagResource" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) // -// // Example sending a request using the TagResourceRequest method. -// req, resp := client.TagResourceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/TagResource func (c *CloudWatch) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { @@ -3073,8 +4059,8 @@ func (c *CloudWatch) TagResourceRequest(input *TagResourceInput) (req *request.R // them to scope user permissions by granting a user permission to access or // change only resources with certain tag values. // -// Tags don't have any semantic meaning to AWS and are interpreted strictly -// as strings of characters. +// Tags don't have any semantic meaning to Amazon Web Services and are interpreted +// strictly as strings of characters. // // You can use the TagResource action with an alarm that already has tags. If // you specify a new tag key for the alarm, this tag is appended to the list @@ -3092,17 +4078,18 @@ func (c *CloudWatch) TagResourceRequest(input *TagResourceInput) (req *request.R // API operation TagResource for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeResourceNotFoundException "ResourceNotFoundException" -// The named resource does not exist. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeConcurrentModificationException "ConcurrentModificationException" -// More than one process tried to modify a resource at the same time. +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// The named resource does not exist. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeConcurrentModificationException "ConcurrentModificationException" +// More than one process tried to modify a resource at the same time. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/TagResource func (c *CloudWatch) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { @@ -3142,14 +4129,13 @@ const opUntagResource = "UntagResource" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) // -// // Example sending a request using the UntagResourceRequest method. -// req, resp := client.UntagResourceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/UntagResource func (c *CloudWatch) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { @@ -3181,17 +4167,18 @@ func (c *CloudWatch) UntagResourceRequest(input *UntagResourceInput) (req *reque // API operation UntagResource for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidParameterValueException "InvalidParameterValue" -// The value of an input parameter is bad or out-of-range. // -// * ErrCodeResourceNotFoundException "ResourceNotFoundException" -// The named resource does not exist. +// - ErrCodeInvalidParameterValueException "InvalidParameterValue" +// The value of an input parameter is bad or out-of-range. // -// * ErrCodeConcurrentModificationException "ConcurrentModificationException" -// More than one process tried to modify a resource at the same time. +// - ErrCodeResourceNotFoundException "ResourceNotFoundException" +// The named resource does not exist. // -// * ErrCodeInternalServiceFault "InternalServiceError" -// Request processing has failed due to some unknown error, exception, or failure. +// - ErrCodeConcurrentModificationException "ConcurrentModificationException" +// More than one process tried to modify a resource at the same time. +// +// - ErrCodeInternalServiceFault "InternalServiceError" +// Request processing has failed due to some unknown error, exception, or failure. // // See also, https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/UntagResource func (c *CloudWatch) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { @@ -3238,12 +4225,20 @@ type AlarmHistoryItem struct { Timestamp *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AlarmHistoryItem) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AlarmHistoryItem) GoString() string { return s.String() } @@ -3284,9 +4279,13 @@ func (s *AlarmHistoryItem) SetTimestamp(v time.Time) *AlarmHistoryItem { return s } -// An anomaly detection model associated with a particular CloudWatch metric -// and statistic. You can use the model to display a band of expected normal -// values when the metric is graphed. +// An anomaly detection model associated with a particular CloudWatch metric, +// statistic, or metric math expression. You can use the model to display a +// band of expected, normal values when the metric is graphed. +// +// If you have enabled unified cross-account observability, and this account +// is a monitoring account, the metric can be in the same account or a source +// account. type AnomalyDetector struct { _ struct{} `type:"structure"` @@ -3296,28 +4295,54 @@ type AnomalyDetector struct { Configuration *AnomalyDetectorConfiguration `type:"structure"` // The metric dimensions associated with the anomaly detection model. - Dimensions []*Dimension `type:"list"` + // + // Deprecated: Use SingleMetricAnomalyDetector.Dimensions property. + Dimensions []*Dimension `deprecated:"true" type:"list"` + + // This object includes parameters that you can use to provide information about + // your metric to CloudWatch to help it build more accurate anomaly detection + // models. Currently, it includes the PeriodicSpikes parameter. + MetricCharacteristics *MetricCharacteristics `type:"structure"` + + // The CloudWatch metric math expression for this anomaly detector. + MetricMathAnomalyDetector *MetricMathAnomalyDetector `type:"structure"` // The name of the metric associated with the anomaly detection model. - MetricName *string `min:"1" type:"string"` + // + // Deprecated: Use SingleMetricAnomalyDetector.MetricName property. + MetricName *string `min:"1" deprecated:"true" type:"string"` // The namespace of the metric associated with the anomaly detection model. - Namespace *string `min:"1" type:"string"` + // + // Deprecated: Use SingleMetricAnomalyDetector.Namespace property. + Namespace *string `min:"1" deprecated:"true" type:"string"` + + // The CloudWatch metric and statistic for this anomaly detector. + SingleMetricAnomalyDetector *SingleMetricAnomalyDetector `type:"structure"` // The statistic associated with the anomaly detection model. - Stat *string `type:"string"` + // + // Deprecated: Use SingleMetricAnomalyDetector.Stat property. + Stat *string `deprecated:"true" type:"string"` - // The current status of the anomaly detector's training. The possible values - // are TRAINED | PENDING_TRAINING | TRAINED_INSUFFICIENT_DATA + // The current status of the anomaly detector's training. StateValue *string `type:"string" enum:"AnomalyDetectorStateValue"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnomalyDetector) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnomalyDetector) GoString() string { return s.String() } @@ -3334,6 +4359,18 @@ func (s *AnomalyDetector) SetDimensions(v []*Dimension) *AnomalyDetector { return s } +// SetMetricCharacteristics sets the MetricCharacteristics field's value. +func (s *AnomalyDetector) SetMetricCharacteristics(v *MetricCharacteristics) *AnomalyDetector { + s.MetricCharacteristics = v + return s +} + +// SetMetricMathAnomalyDetector sets the MetricMathAnomalyDetector field's value. +func (s *AnomalyDetector) SetMetricMathAnomalyDetector(v *MetricMathAnomalyDetector) *AnomalyDetector { + s.MetricMathAnomalyDetector = v + return s +} + // SetMetricName sets the MetricName field's value. func (s *AnomalyDetector) SetMetricName(v string) *AnomalyDetector { s.MetricName = &v @@ -3346,6 +4383,12 @@ func (s *AnomalyDetector) SetNamespace(v string) *AnomalyDetector { return s } +// SetSingleMetricAnomalyDetector sets the SingleMetricAnomalyDetector field's value. +func (s *AnomalyDetector) SetSingleMetricAnomalyDetector(v *SingleMetricAnomalyDetector) *AnomalyDetector { + s.SingleMetricAnomalyDetector = v + return s +} + // SetStat sets the Stat field's value. func (s *AnomalyDetector) SetStat(v string) *AnomalyDetector { s.Stat = &v @@ -3379,12 +4422,20 @@ type AnomalyDetectorConfiguration struct { MetricTimezone *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnomalyDetectorConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnomalyDetectorConfiguration) GoString() string { return s.String() } @@ -3429,6 +4480,40 @@ type CompositeAlarm struct { // state. ActionsEnabled *bool `type:"boolean"` + // When the value is ALARM, it means that the actions are suppressed because + // the suppressor alarm is in ALARM When the value is WaitPeriod, it means that + // the actions are suppressed because the composite alarm is waiting for the + // suppressor alarm to go into into the ALARM state. The maximum waiting time + // is as specified in ActionsSuppressorWaitPeriod. After this time, the composite + // alarm performs its actions. When the value is ExtensionPeriod, it means that + // the actions are suppressed because the composite alarm is waiting after the + // suppressor alarm went out of the ALARM state. The maximum waiting time is + // as specified in ActionsSuppressorExtensionPeriod. After this time, the composite + // alarm performs its actions. + ActionsSuppressedBy *string `type:"string" enum:"ActionsSuppressedBy"` + + // Captures the reason for action suppression. + ActionsSuppressedReason *string `type:"string"` + + // Actions will be suppressed if the suppressor alarm is in the ALARM state. + // ActionsSuppressor can be an AlarmName or an Amazon Resource Name (ARN) from + // an existing alarm. + ActionsSuppressor *string `min:"1" type:"string"` + + // The maximum time in seconds that the composite alarm waits after suppressor + // alarm goes out of the ALARM state. After this time, the composite alarm performs + // its actions. + // + // ExtensionPeriod is required only when ActionsSuppressor is specified. + ActionsSuppressorExtensionPeriod *int64 `type:"integer"` + + // The maximum time in seconds that the composite alarm waits for the suppressor + // alarm to go into the ALARM state. After this time, the composite alarm performs + // its actions. + // + // WaitPeriod is required only when ActionsSuppressor is specified. + ActionsSuppressorWaitPeriod *int64 `type:"integer"` + // The actions to execute when this alarm transitions to the ALARM state from // any other state. Each action is specified as an Amazon Resource Name (ARN). AlarmActions []*string `type:"list"` @@ -3463,19 +4548,30 @@ type CompositeAlarm struct { // An explanation for the alarm state, in JSON format. StateReasonData *string `type:"string"` - // The time stamp of the last update to the alarm state. + // The timestamp of the last change to the alarm's StateValue. + StateTransitionedTimestamp *time.Time `type:"timestamp"` + + // Tracks the timestamp of any state update, even if StateValue doesn't change. StateUpdatedTimestamp *time.Time `type:"timestamp"` // The state value for the alarm. StateValue *string `type:"string" enum:"StateValue"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompositeAlarm) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompositeAlarm) GoString() string { return s.String() } @@ -3486,6 +4582,36 @@ func (s *CompositeAlarm) SetActionsEnabled(v bool) *CompositeAlarm { return s } +// SetActionsSuppressedBy sets the ActionsSuppressedBy field's value. +func (s *CompositeAlarm) SetActionsSuppressedBy(v string) *CompositeAlarm { + s.ActionsSuppressedBy = &v + return s +} + +// SetActionsSuppressedReason sets the ActionsSuppressedReason field's value. +func (s *CompositeAlarm) SetActionsSuppressedReason(v string) *CompositeAlarm { + s.ActionsSuppressedReason = &v + return s +} + +// SetActionsSuppressor sets the ActionsSuppressor field's value. +func (s *CompositeAlarm) SetActionsSuppressor(v string) *CompositeAlarm { + s.ActionsSuppressor = &v + return s +} + +// SetActionsSuppressorExtensionPeriod sets the ActionsSuppressorExtensionPeriod field's value. +func (s *CompositeAlarm) SetActionsSuppressorExtensionPeriod(v int64) *CompositeAlarm { + s.ActionsSuppressorExtensionPeriod = &v + return s +} + +// SetActionsSuppressorWaitPeriod sets the ActionsSuppressorWaitPeriod field's value. +func (s *CompositeAlarm) SetActionsSuppressorWaitPeriod(v int64) *CompositeAlarm { + s.ActionsSuppressorWaitPeriod = &v + return s +} + // SetAlarmActions sets the AlarmActions field's value. func (s *CompositeAlarm) SetAlarmActions(v []*string) *CompositeAlarm { s.AlarmActions = v @@ -3546,6 +4672,12 @@ func (s *CompositeAlarm) SetStateReasonData(v string) *CompositeAlarm { return s } +// SetStateTransitionedTimestamp sets the StateTransitionedTimestamp field's value. +func (s *CompositeAlarm) SetStateTransitionedTimestamp(v time.Time) *CompositeAlarm { + s.StateTransitionedTimestamp = &v + return s +} + // SetStateUpdatedTimestamp sets the StateUpdatedTimestamp field's value. func (s *CompositeAlarm) SetStateUpdatedTimestamp(v time.Time) *CompositeAlarm { s.StateUpdatedTimestamp = &v @@ -3577,12 +4709,20 @@ type DashboardEntry struct { Size *int64 `type:"long"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DashboardEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DashboardEntry) GoString() string { return s.String() } @@ -3622,12 +4762,20 @@ type DashboardValidationMessage struct { Message *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DashboardValidationMessage) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DashboardValidationMessage) GoString() string { return s.String() } @@ -3674,12 +4822,20 @@ type Datapoint struct { Unit *string `type:"string" enum:"StandardUnit"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Datapoint) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Datapoint) GoString() string { return s.String() } @@ -3735,18 +4891,26 @@ func (s *Datapoint) SetUnit(v string) *Datapoint { type DeleteAlarmsInput struct { _ struct{} `type:"structure"` - // The alarms to be deleted. + // The alarms to be deleted. Do not enclose the alarm names in quote marks. // // AlarmNames is a required field AlarmNames []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAlarmsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAlarmsInput) GoString() string { return s.String() } @@ -3774,12 +4938,20 @@ type DeleteAlarmsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAlarmsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAlarmsOutput) GoString() string { return s.String() } @@ -3788,30 +4960,78 @@ type DeleteAnomalyDetectorInput struct { _ struct{} `type:"structure"` // The metric dimensions associated with the anomaly detection model to delete. - Dimensions []*Dimension `type:"list"` + // + // Deprecated: Use SingleMetricAnomalyDetector. + Dimensions []*Dimension `deprecated:"true" type:"list"` + + // The metric math anomaly detector to be deleted. + // + // When using MetricMathAnomalyDetector, you cannot include following parameters + // in the same operation: + // + // * Dimensions, + // + // * MetricName + // + // * Namespace + // + // * Stat + // + // * the SingleMetricAnomalyDetector parameters of DeleteAnomalyDetectorInput + // + // Instead, specify the metric math anomaly detector attributes as part of the + // MetricMathAnomalyDetector property. + MetricMathAnomalyDetector *MetricMathAnomalyDetector `type:"structure"` // The metric name associated with the anomaly detection model to delete. // - // MetricName is a required field - MetricName *string `min:"1" type:"string" required:"true"` + // Deprecated: Use SingleMetricAnomalyDetector. + MetricName *string `min:"1" deprecated:"true" type:"string"` // The namespace associated with the anomaly detection model to delete. // - // Namespace is a required field - Namespace *string `min:"1" type:"string" required:"true"` + // Deprecated: Use SingleMetricAnomalyDetector. + Namespace *string `min:"1" deprecated:"true" type:"string"` + + // A single metric anomaly detector to be deleted. + // + // When using SingleMetricAnomalyDetector, you cannot include the following + // parameters in the same operation: + // + // * Dimensions, + // + // * MetricName + // + // * Namespace + // + // * Stat + // + // * the MetricMathAnomalyDetector parameters of DeleteAnomalyDetectorInput + // + // Instead, specify the single metric anomaly detector attributes as part of + // the SingleMetricAnomalyDetector property. + SingleMetricAnomalyDetector *SingleMetricAnomalyDetector `type:"structure"` // The statistic associated with the anomaly detection model to delete. // - // Stat is a required field - Stat *string `type:"string" required:"true"` + // Deprecated: Use SingleMetricAnomalyDetector. + Stat *string `deprecated:"true" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAnomalyDetectorInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAnomalyDetectorInput) GoString() string { return s.String() } @@ -3819,21 +5039,12 @@ func (s DeleteAnomalyDetectorInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteAnomalyDetectorInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteAnomalyDetectorInput"} - if s.MetricName == nil { - invalidParams.Add(request.NewErrParamRequired("MetricName")) - } if s.MetricName != nil && len(*s.MetricName) < 1 { invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) } - if s.Namespace == nil { - invalidParams.Add(request.NewErrParamRequired("Namespace")) - } if s.Namespace != nil && len(*s.Namespace) < 1 { invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) } - if s.Stat == nil { - invalidParams.Add(request.NewErrParamRequired("Stat")) - } if s.Dimensions != nil { for i, v := range s.Dimensions { if v == nil { @@ -3844,6 +5055,16 @@ func (s *DeleteAnomalyDetectorInput) Validate() error { } } } + if s.MetricMathAnomalyDetector != nil { + if err := s.MetricMathAnomalyDetector.Validate(); err != nil { + invalidParams.AddNested("MetricMathAnomalyDetector", err.(request.ErrInvalidParams)) + } + } + if s.SingleMetricAnomalyDetector != nil { + if err := s.SingleMetricAnomalyDetector.Validate(); err != nil { + invalidParams.AddNested("SingleMetricAnomalyDetector", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -3857,6 +5078,12 @@ func (s *DeleteAnomalyDetectorInput) SetDimensions(v []*Dimension) *DeleteAnomal return s } +// SetMetricMathAnomalyDetector sets the MetricMathAnomalyDetector field's value. +func (s *DeleteAnomalyDetectorInput) SetMetricMathAnomalyDetector(v *MetricMathAnomalyDetector) *DeleteAnomalyDetectorInput { + s.MetricMathAnomalyDetector = v + return s +} + // SetMetricName sets the MetricName field's value. func (s *DeleteAnomalyDetectorInput) SetMetricName(v string) *DeleteAnomalyDetectorInput { s.MetricName = &v @@ -3869,6 +5096,12 @@ func (s *DeleteAnomalyDetectorInput) SetNamespace(v string) *DeleteAnomalyDetect return s } +// SetSingleMetricAnomalyDetector sets the SingleMetricAnomalyDetector field's value. +func (s *DeleteAnomalyDetectorInput) SetSingleMetricAnomalyDetector(v *SingleMetricAnomalyDetector) *DeleteAnomalyDetectorInput { + s.SingleMetricAnomalyDetector = v + return s +} + // SetStat sets the Stat field's value. func (s *DeleteAnomalyDetectorInput) SetStat(v string) *DeleteAnomalyDetectorInput { s.Stat = &v @@ -3879,12 +5112,20 @@ type DeleteAnomalyDetectorOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAnomalyDetectorOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAnomalyDetectorOutput) GoString() string { return s.String() } @@ -3898,12 +5139,20 @@ type DeleteDashboardsInput struct { DashboardNames []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDashboardsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDashboardsInput) GoString() string { return s.String() } @@ -3931,12 +5180,20 @@ type DeleteDashboardsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDashboardsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDashboardsOutput) GoString() string { return s.String() } @@ -3951,12 +5208,20 @@ type DeleteInsightRulesInput struct { RuleNames []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteInsightRulesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteInsightRulesInput) GoString() string { return s.String() } @@ -3988,12 +5253,20 @@ type DeleteInsightRulesOutput struct { Failures []*PartialFailure `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteInsightRulesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteInsightRulesOutput) GoString() string { return s.String() } @@ -4004,6 +5277,77 @@ func (s *DeleteInsightRulesOutput) SetFailures(v []*PartialFailure) *DeleteInsig return s } +type DeleteMetricStreamInput struct { + _ struct{} `type:"structure"` + + // The name of the metric stream to delete. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricStreamInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricStreamInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteMetricStreamInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteMetricStreamInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *DeleteMetricStreamInput) SetName(v string) *DeleteMetricStreamInput { + s.Name = &v + return s +} + +type DeleteMetricStreamOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricStreamOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricStreamOutput) GoString() string { + return s.String() +} + type DescribeAlarmHistoryInput struct { _ struct{} `type:"structure"` @@ -4013,7 +5357,7 @@ type DescribeAlarmHistoryInput struct { // Use this parameter to specify whether you want the operation to return metric // alarms or composite alarms. If you omit this parameter, only metric alarms // are returned. - AlarmTypes []*string `type:"list"` + AlarmTypes []*string `type:"list" enum:"AlarmType"` // The ending date to retrieve alarm history. EndDate *time.Time `type:"timestamp"` @@ -4037,12 +5381,20 @@ type DescribeAlarmHistoryInput struct { StartDate *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmHistoryInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmHistoryInput) GoString() string { return s.String() } @@ -4121,12 +5473,20 @@ type DescribeAlarmHistoryOutput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmHistoryOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmHistoryOutput) GoString() string { return s.String() } @@ -4175,12 +5535,20 @@ type DescribeAlarmsForMetricInput struct { Unit *string `type:"string" enum:"StandardUnit"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsForMetricInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsForMetricInput) GoString() string { return s.String() } @@ -4269,12 +5637,20 @@ type DescribeAlarmsForMetricOutput struct { MetricAlarms []*MetricAlarm `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsForMetricOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsForMetricOutput) GoString() string { return s.String() } @@ -4304,8 +5680,15 @@ type DescribeAlarmsInput struct { // Use this parameter to specify whether you want the operation to return metric // alarms or composite alarms. If you omit this parameter, only metric alarms - // are returned. - AlarmTypes []*string `type:"list"` + // are returned, even if composite alarms exist in the account. + // + // For example, if you omit this parameter or specify MetricAlarms, the operation + // returns only a list of metric alarms. It does not return any composite alarms, + // even if composite alarms exist in the account. + // + // If you specify CompositeAlarms, the operation returns only a list of composite + // alarms, and does not return any metric alarms. + AlarmTypes []*string `type:"list" enum:"AlarmType"` // If you use this parameter and specify the name of a composite alarm, the // operation returns information about the "children" alarms of the alarm you @@ -4352,12 +5735,20 @@ type DescribeAlarmsInput struct { StateValue *string `type:"string" enum:"StateValue"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsInput) GoString() string { return s.String() } @@ -4454,12 +5845,20 @@ type DescribeAlarmsOutput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAlarmsOutput) GoString() string { return s.String() } @@ -4485,6 +5884,10 @@ func (s *DescribeAlarmsOutput) SetNextToken(v string) *DescribeAlarmsOutput { type DescribeAnomalyDetectorsInput struct { _ struct{} `type:"structure"` + // The anomaly detector types to request when using DescribeAnomalyDetectorsInput. + // If empty, defaults to SINGLE_METRIC. + AnomalyDetectorTypes []*string `type:"list" enum:"AnomalyDetectorType"` + // Limits the results to only the anomaly detection models that are associated // with the specified metric dimensions. If there are multiple metrics that // have these dimensions and have anomaly detection models associated, they're @@ -4512,12 +5915,20 @@ type DescribeAnomalyDetectorsInput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAnomalyDetectorsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAnomalyDetectorsInput) GoString() string { return s.String() } @@ -4551,6 +5962,12 @@ func (s *DescribeAnomalyDetectorsInput) Validate() error { return nil } +// SetAnomalyDetectorTypes sets the AnomalyDetectorTypes field's value. +func (s *DescribeAnomalyDetectorsInput) SetAnomalyDetectorTypes(v []*string) *DescribeAnomalyDetectorsInput { + s.AnomalyDetectorTypes = v + return s +} + // SetDimensions sets the Dimensions field's value. func (s *DescribeAnomalyDetectorsInput) SetDimensions(v []*Dimension) *DescribeAnomalyDetectorsInput { s.Dimensions = v @@ -4592,12 +6009,20 @@ type DescribeAnomalyDetectorsOutput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAnomalyDetectorsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAnomalyDetectorsOutput) GoString() string { return s.String() } @@ -4626,12 +6051,20 @@ type DescribeInsightRulesInput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeInsightRulesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeInsightRulesInput) GoString() string { return s.String() } @@ -4672,12 +6105,20 @@ type DescribeInsightRulesOutput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeInsightRulesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeInsightRulesOutput) GoString() string { return s.String() } @@ -4695,31 +6136,46 @@ func (s *DescribeInsightRulesOutput) SetNextToken(v string) *DescribeInsightRule } // A dimension is a name/value pair that is part of the identity of a metric. -// You can assign up to 10 dimensions to a metric. Because dimensions are part -// of the unique identifier for a metric, whenever you add a unique name/value -// pair to one of your metrics, you are creating a new variation of that metric. +// Because dimensions are part of the unique identifier for a metric, whenever +// you add a unique name/value pair to one of your metrics, you are creating +// a new variation of that metric. For example, many Amazon EC2 metrics publish +// InstanceId as a dimension name, and the actual instance ID as the value for +// that dimension. +// +// You can assign up to 30 dimensions to a metric. type Dimension struct { _ struct{} `type:"structure"` - // The name of the dimension. Dimension names cannot contain blank spaces or - // non-ASCII characters. + // The name of the dimension. Dimension names must contain only ASCII characters, + // must include at least one non-whitespace character, and cannot start with + // a colon (:). ASCII control characters are not supported as part of dimension + // names. // // Name is a required field Name *string `min:"1" type:"string" required:"true"` - // The value of the dimension. Dimension values cannot contain blank spaces - // or non-ASCII characters. + // The value of the dimension. Dimension values must contain only ASCII characters + // and must include at least one non-whitespace character. ASCII control characters + // are not supported as part of dimension values. // // Value is a required field Value *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Dimension) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Dimension) GoString() string { return s.String() } @@ -4771,12 +6227,20 @@ type DimensionFilter struct { Value *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DimensionFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DimensionFilter) GoString() string { return s.String() } @@ -4821,12 +6285,20 @@ type DisableAlarmActionsInput struct { AlarmNames []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableAlarmActionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableAlarmActionsInput) GoString() string { return s.String() } @@ -4854,12 +6326,20 @@ type DisableAlarmActionsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableAlarmActionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableAlarmActionsOutput) GoString() string { return s.String() } @@ -4874,12 +6354,20 @@ type DisableInsightRulesInput struct { RuleNames []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableInsightRulesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableInsightRulesInput) GoString() string { return s.String() } @@ -4911,12 +6399,20 @@ type DisableInsightRulesOutput struct { Failures []*PartialFailure `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableInsightRulesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableInsightRulesOutput) GoString() string { return s.String() } @@ -4936,12 +6432,20 @@ type EnableAlarmActionsInput struct { AlarmNames []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableAlarmActionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableAlarmActionsInput) GoString() string { return s.String() } @@ -4969,12 +6473,20 @@ type EnableAlarmActionsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableAlarmActionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableAlarmActionsOutput) GoString() string { return s.String() } @@ -4989,12 +6501,20 @@ type EnableInsightRulesInput struct { RuleNames []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableInsightRulesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableInsightRulesInput) GoString() string { return s.String() } @@ -5026,12 +6546,20 @@ type EnableInsightRulesOutput struct { Failures []*PartialFailure `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableInsightRulesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableInsightRulesOutput) GoString() string { return s.String() } @@ -5051,12 +6579,20 @@ type GetDashboardInput struct { DashboardName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetDashboardInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetDashboardInput) GoString() string { return s.String() } @@ -5095,12 +6631,20 @@ type GetDashboardOutput struct { DashboardName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetDashboardOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetDashboardOutput) GoString() string { return s.String() } @@ -5166,7 +6710,7 @@ type GetInsightRuleReportInput struct { Metrics []*string `type:"list"` // Determines what statistic to use to rank the contributors. Valid values are - // SUM and MAXIMUM. + // Sum and Maximum. OrderBy *string `min:"1" type:"string"` // The period, in seconds, to use for the statistics in the InsightRuleMetricDatapoint @@ -5187,12 +6731,20 @@ type GetInsightRuleReportInput struct { StartTime *time.Time `type:"timestamp" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetInsightRuleReportInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetInsightRuleReportInput) GoString() string { return s.String() } @@ -5299,12 +6851,20 @@ type GetInsightRuleReportOutput struct { MetricDatapoints []*InsightRuleMetricDatapoint `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetInsightRuleReportOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetInsightRuleReportOutput) GoString() string { return s.String() } @@ -5362,14 +6922,19 @@ type GetMetricDataInput struct { // EndTime is a required field EndTime *time.Time `type:"timestamp" required:"true"` + // This structure includes the Timezone parameter, which you can use to specify + // your time zone so that the labels of returned data display the correct time + // for your time zone. + LabelOptions *LabelOptions `type:"structure"` + // The maximum number of data points the request should return before paginating. // If you omit this, the default of 100,800 is used. MaxDatapoints *int64 `type:"integer"` // The metric queries to be returned. A single GetMetricData call can include // as many as 500 MetricDataQuery structures. Each of these structures can specify - // either a metric to retrieve, or a math expression to perform on retrieved - // data. + // either a metric to retrieve, a Metrics Insights query, or a math expression + // to perform on retrieved data. // // MetricDataQueries is a required field MetricDataQueries []*MetricDataQuery `type:"list" required:"true"` @@ -5382,6 +6947,8 @@ type GetMetricDataInput struct { // the newest data first and paginates when the MaxDatapoints limit is reached. // TimestampAscending returns the oldest data first and paginates when the MaxDatapoints // limit is reached. + // + // If you omit this parameter, the default of TimestampDescending is used. ScanBy *string `type:"string" enum:"ScanBy"` // The time stamp indicating the earliest data to be returned. @@ -5418,12 +6985,20 @@ type GetMetricDataInput struct { StartTime *time.Time `type:"timestamp" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricDataInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricDataInput) GoString() string { return s.String() } @@ -5463,6 +7038,12 @@ func (s *GetMetricDataInput) SetEndTime(v time.Time) *GetMetricDataInput { return s } +// SetLabelOptions sets the LabelOptions field's value. +func (s *GetMetricDataInput) SetLabelOptions(v *LabelOptions) *GetMetricDataInput { + s.LabelOptions = v + return s +} + // SetMaxDatapoints sets the MaxDatapoints field's value. func (s *GetMetricDataInput) SetMaxDatapoints(v int64) *GetMetricDataInput { s.MaxDatapoints = &v @@ -5514,12 +7095,20 @@ type GetMetricDataOutput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricDataOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricDataOutput) GoString() string { return s.String() } @@ -5636,7 +7225,7 @@ type GetMetricStatisticsInput struct { // The metric statistics, other than percentile. For percentile statistics, // use ExtendedStatistics. When calling GetMetricStatistics, you must specify // either Statistics or ExtendedStatistics, but not both. - Statistics []*string `min:"1" type:"list"` + Statistics []*string `min:"1" type:"list" enum:"Statistic"` // The unit for a given metric. If you omit Unit, all data that was collected // with any unit is returned, along with the corresponding units that were specified @@ -5647,12 +7236,20 @@ type GetMetricStatisticsInput struct { Unit *string `type:"string" enum:"StandardUnit"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricStatisticsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricStatisticsInput) GoString() string { return s.String() } @@ -5771,12 +7368,20 @@ type GetMetricStatisticsOutput struct { Label *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricStatisticsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricStatisticsOutput) GoString() string { return s.String() } @@ -5793,38 +7398,228 @@ func (s *GetMetricStatisticsOutput) SetLabel(v string) *GetMetricStatisticsOutpu return s } -type GetMetricWidgetImageInput struct { +type GetMetricStreamInput struct { _ struct{} `type:"structure"` - // A JSON string that defines the bitmap graph to be retrieved. The string includes - // the metrics to include in the graph, statistics, annotations, title, axis - // limits, and so on. You can include only one MetricWidget parameter in each - // GetMetricWidgetImage call. - // - // For more information about the syntax of MetricWidget see GetMetricWidgetImage: - // Metric Widget Structure and Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Metric-Widget-Structure.html). - // - // If any metric on the graph could not load all the requested data points, - // an orange triangle with an exclamation point appears next to the graph legend. + // The name of the metric stream to retrieve information about. // - // MetricWidget is a required field - MetricWidget *string `type:"string" required:"true"` + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` +} - // The format of the resulting image. Only PNG images are supported. - // - // The default is png. If you specify png, the API returns an HTTP response - // with the content-type set to text/xml. The image data is in a MetricWidgetImage - // field. For example: - // - // > - // - // - // - // - // - // iVBORw0KGgoAAAANSUhEUgAAAlgAAAGQEAYAAAAip... - // - // +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMetricStreamInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMetricStreamInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetMetricStreamInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetMetricStreamInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *GetMetricStreamInput) SetName(v string) *GetMetricStreamInput { + s.Name = &v + return s +} + +type GetMetricStreamOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the metric stream. + Arn *string `min:"1" type:"string"` + + // The date that the metric stream was created. + CreationDate *time.Time `type:"timestamp"` + + // If this array of metric namespaces is present, then these namespaces are + // the only metric namespaces that are not streamed by this metric stream. In + // this case, all other metric namespaces in the account are streamed by this + // metric stream. + ExcludeFilters []*MetricStreamFilter `type:"list"` + + // The ARN of the Amazon Kinesis Data Firehose delivery stream that is used + // by this metric stream. + FirehoseArn *string `min:"1" type:"string"` + + // If this array of metric namespaces is present, then these namespaces are + // the only metric namespaces that are streamed by this metric stream. + IncludeFilters []*MetricStreamFilter `type:"list"` + + // If this is true and this metric stream is in a monitoring account, then the + // stream includes metrics from source accounts that the monitoring account + // is linked to. + IncludeLinkedAccountsMetrics *bool `type:"boolean"` + + // The date of the most recent update to the metric stream's configuration. + LastUpdateDate *time.Time `type:"timestamp"` + + // The name of the metric stream. + Name *string `min:"1" type:"string"` + + // The output format for the stream. Valid values are json, opentelemetry1.0, + // and opentelemetry0.7. For more information about metric stream output formats, + // see Metric streams output formats (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html). + OutputFormat *string `min:"1" type:"string" enum:"MetricStreamOutputFormat"` + + // The ARN of the IAM role that is used by this metric stream. + RoleArn *string `min:"1" type:"string"` + + // The state of the metric stream. The possible values are running and stopped. + State *string `type:"string"` + + // Each entry in this array displays information about one or more metrics that + // include additional statistics in the metric stream. For more information + // about the additional statistics, see CloudWatch statistics definitions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html.html). + StatisticsConfigurations []*MetricStreamStatisticsConfiguration `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMetricStreamOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetMetricStreamOutput) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *GetMetricStreamOutput) SetArn(v string) *GetMetricStreamOutput { + s.Arn = &v + return s +} + +// SetCreationDate sets the CreationDate field's value. +func (s *GetMetricStreamOutput) SetCreationDate(v time.Time) *GetMetricStreamOutput { + s.CreationDate = &v + return s +} + +// SetExcludeFilters sets the ExcludeFilters field's value. +func (s *GetMetricStreamOutput) SetExcludeFilters(v []*MetricStreamFilter) *GetMetricStreamOutput { + s.ExcludeFilters = v + return s +} + +// SetFirehoseArn sets the FirehoseArn field's value. +func (s *GetMetricStreamOutput) SetFirehoseArn(v string) *GetMetricStreamOutput { + s.FirehoseArn = &v + return s +} + +// SetIncludeFilters sets the IncludeFilters field's value. +func (s *GetMetricStreamOutput) SetIncludeFilters(v []*MetricStreamFilter) *GetMetricStreamOutput { + s.IncludeFilters = v + return s +} + +// SetIncludeLinkedAccountsMetrics sets the IncludeLinkedAccountsMetrics field's value. +func (s *GetMetricStreamOutput) SetIncludeLinkedAccountsMetrics(v bool) *GetMetricStreamOutput { + s.IncludeLinkedAccountsMetrics = &v + return s +} + +// SetLastUpdateDate sets the LastUpdateDate field's value. +func (s *GetMetricStreamOutput) SetLastUpdateDate(v time.Time) *GetMetricStreamOutput { + s.LastUpdateDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *GetMetricStreamOutput) SetName(v string) *GetMetricStreamOutput { + s.Name = &v + return s +} + +// SetOutputFormat sets the OutputFormat field's value. +func (s *GetMetricStreamOutput) SetOutputFormat(v string) *GetMetricStreamOutput { + s.OutputFormat = &v + return s +} + +// SetRoleArn sets the RoleArn field's value. +func (s *GetMetricStreamOutput) SetRoleArn(v string) *GetMetricStreamOutput { + s.RoleArn = &v + return s +} + +// SetState sets the State field's value. +func (s *GetMetricStreamOutput) SetState(v string) *GetMetricStreamOutput { + s.State = &v + return s +} + +// SetStatisticsConfigurations sets the StatisticsConfigurations field's value. +func (s *GetMetricStreamOutput) SetStatisticsConfigurations(v []*MetricStreamStatisticsConfiguration) *GetMetricStreamOutput { + s.StatisticsConfigurations = v + return s +} + +type GetMetricWidgetImageInput struct { + _ struct{} `type:"structure"` + + // A JSON string that defines the bitmap graph to be retrieved. The string includes + // the metrics to include in the graph, statistics, annotations, title, axis + // limits, and so on. You can include only one MetricWidget parameter in each + // GetMetricWidgetImage call. + // + // For more information about the syntax of MetricWidget see GetMetricWidgetImage: + // Metric Widget Structure and Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Metric-Widget-Structure.html). + // + // If any metric on the graph could not load all the requested data points, + // an orange triangle with an exclamation point appears next to the graph legend. + // + // MetricWidget is a required field + MetricWidget *string `type:"string" required:"true"` + + // The format of the resulting image. Only PNG images are supported. + // + // The default is png. If you specify png, the API returns an HTTP response + // with the content-type set to text/xml. The image data is in a MetricWidgetImage + // field. For example: + // + // > + // + // + // + // + // + // iVBORw0KGgoAAAANSUhEUgAAAlgAAAGQEAYAAAAip... + // + // // // // @@ -5837,18 +7632,26 @@ type GetMetricWidgetImageInput struct { // // // The image/png setting is intended only for custom HTTP requests. For most - // use cases, and all actions using an AWS SDK, you should use png. If you specify - // image/png, the HTTP response has a content-type set to image/png, and the - // body of the response is a PNG image. + // use cases, and all actions using an Amazon Web Services SDK, you should use + // png. If you specify image/png, the HTTP response has a content-type set to + // image/png, and the body of the response is a PNG image. OutputFormat *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricWidgetImageInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricWidgetImageInput) GoString() string { return s.String() } @@ -5882,17 +7685,24 @@ type GetMetricWidgetImageOutput struct { _ struct{} `type:"structure"` // The image of the graph, in the output format specified. The output is base64-encoded. - // // MetricWidgetImage is automatically base64 encoded/decoded by the SDK. MetricWidgetImage []byte `type:"blob"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricWidgetImageOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetMetricWidgetImageOutput) GoString() string { return s.String() } @@ -5903,7 +7713,10 @@ func (s *GetMetricWidgetImageOutput) SetMetricWidgetImage(v []byte) *GetMetricWi return s } -// This structure contains the definition for a Contributor Insights rule. +// This structure contains the definition for a Contributor Insights rule. For +// more information about this rule, see Using Constributor Insights to analyze +// high-cardinality data (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights.html) +// in the Amazon CloudWatch User Guide. type InsightRule struct { _ struct{} `type:"structure"` @@ -5915,13 +7728,16 @@ type InsightRule struct { // Definition is a required field Definition *string `min:"1" type:"string" required:"true"` + // An optional built-in rule that Amazon Web Services manages. + ManagedRule *bool `type:"boolean"` + // The name of the rule. // // Name is a required field Name *string `min:"1" type:"string" required:"true"` // For rules that you create, this is always {"Name": "CloudWatchLogRule", "Version": - // 1}. For built-in rules, this is {"Name": "ServiceLogRule", "Version": 1} + // 1}. For managed rules, this is {"Name": "ServiceLogRule", "Version": 1} // // Schema is a required field Schema *string `type:"string" required:"true"` @@ -5932,12 +7748,20 @@ type InsightRule struct { State *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRule) GoString() string { return s.String() } @@ -5948,6 +7772,12 @@ func (s *InsightRule) SetDefinition(v string) *InsightRule { return s } +// SetManagedRule sets the ManagedRule field's value. +func (s *InsightRule) SetManagedRule(v bool) *InsightRule { + s.ManagedRule = &v + return s +} + // SetName sets the Name field's value. func (s *InsightRule) SetName(v string) *InsightRule { s.Name = &v @@ -5995,12 +7825,20 @@ type InsightRuleContributor struct { Keys []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRuleContributor) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRuleContributor) GoString() string { return s.String() } @@ -6041,12 +7879,20 @@ type InsightRuleContributorDatapoint struct { Timestamp *time.Time `type:"timestamp" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRuleContributorDatapoint) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRuleContributorDatapoint) GoString() string { return s.String() } @@ -6124,12 +7970,20 @@ type InsightRuleMetricDatapoint struct { UniqueContributors *float64 `type:"double"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRuleMetricDatapoint) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InsightRuleMetricDatapoint) GoString() string { return s.String() } @@ -6182,6 +8036,48 @@ func (s *InsightRuleMetricDatapoint) SetUniqueContributors(v float64) *InsightRu return s } +// This structure includes the Timezone parameter, which you can use to specify +// your time zone so that the labels that are associated with returned metrics +// display the correct time for your time zone. +// +// The Timezone value affects a label only if you have a time-based dynamic +// expression in the label. For more information about dynamic expressions in +// labels, see Using Dynamic Labels (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html). +type LabelOptions struct { + _ struct{} `type:"structure"` + + // The time zone to use for metric data return in this operation. The format + // is + or - followed by four digits. The first two digits indicate the number + // of hours ahead or behind of UTC, and the final two digits are the number + // of minutes. For example, +0130 indicates a time zone that is 1 hour and 30 + // minutes ahead of UTC. The default is +0000. + Timezone *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LabelOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LabelOptions) GoString() string { + return s.String() +} + +// SetTimezone sets the Timezone field's value. +func (s *LabelOptions) SetTimezone(v string) *LabelOptions { + s.Timezone = &v + return s +} + type ListDashboardsInput struct { _ struct{} `type:"structure"` @@ -6195,12 +8091,20 @@ type ListDashboardsInput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListDashboardsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListDashboardsInput) GoString() string { return s.String() } @@ -6227,12 +8131,20 @@ type ListDashboardsOutput struct { NextToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListDashboardsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListDashboardsOutput) GoString() string { return s.String() } @@ -6249,63 +8161,53 @@ func (s *ListDashboardsOutput) SetNextToken(v string) *ListDashboardsOutput { return s } -type ListMetricsInput struct { +type ListManagedInsightRulesInput struct { _ struct{} `type:"structure"` - // The dimensions to filter against. Only the dimensions that match exactly - // will be returned. - Dimensions []*DimensionFilter `type:"list"` - - // The name of the metric to filter against. Only the metrics with names that - // match exactly will be returned. - MetricName *string `min:"1" type:"string"` - - // The metric namespace to filter against. Only the namespace that matches exactly - // will be returned. - Namespace *string `min:"1" type:"string"` + // The maximum number of results to return in one operation. If you omit this + // parameter, the default number is used. The default number is 100. + MaxResults *int64 `min:"1" type:"integer"` - // The token returned by a previous call to indicate that there is more data - // available. + // Include this value to get the next set of rules if the value was returned + // by the previous operation. NextToken *string `type:"string"` - // To filter the results to show only metrics that have had data points published - // in the past three hours, specify this parameter with a value of PT3H. This - // is the only valid value for this parameter. + // The ARN of an Amazon Web Services resource that has managed Contributor Insights + // rules. // - // The results that are returned are an approximation of the value you specify. - // There is a low probability that the returned results include metrics with - // last published data as much as 40 minutes more than the specified time interval. - RecentlyActive *string `type:"string" enum:"RecentlyActive"` + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s ListMetricsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListManagedInsightRulesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListMetricsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListManagedInsightRulesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ListMetricsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListMetricsInput"} - if s.MetricName != nil && len(*s.MetricName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) +func (s *ListManagedInsightRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListManagedInsightRulesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } - if s.Namespace != nil && len(*s.Namespace) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) } - if s.Dimensions != nil { - for i, v := range s.Dimensions { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Dimensions", i), err.(request.ErrInvalidParams)) - } - } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) } if invalidParams.Len() > 0 { @@ -6314,103 +8216,100 @@ func (s *ListMetricsInput) Validate() error { return nil } -// SetDimensions sets the Dimensions field's value. -func (s *ListMetricsInput) SetDimensions(v []*DimensionFilter) *ListMetricsInput { - s.Dimensions = v - return s -} - -// SetMetricName sets the MetricName field's value. -func (s *ListMetricsInput) SetMetricName(v string) *ListMetricsInput { - s.MetricName = &v - return s -} - -// SetNamespace sets the Namespace field's value. -func (s *ListMetricsInput) SetNamespace(v string) *ListMetricsInput { - s.Namespace = &v +// SetMaxResults sets the MaxResults field's value. +func (s *ListManagedInsightRulesInput) SetMaxResults(v int64) *ListManagedInsightRulesInput { + s.MaxResults = &v return s } // SetNextToken sets the NextToken field's value. -func (s *ListMetricsInput) SetNextToken(v string) *ListMetricsInput { +func (s *ListManagedInsightRulesInput) SetNextToken(v string) *ListManagedInsightRulesInput { s.NextToken = &v return s } -// SetRecentlyActive sets the RecentlyActive field's value. -func (s *ListMetricsInput) SetRecentlyActive(v string) *ListMetricsInput { - s.RecentlyActive = &v +// SetResourceARN sets the ResourceARN field's value. +func (s *ListManagedInsightRulesInput) SetResourceARN(v string) *ListManagedInsightRulesInput { + s.ResourceARN = &v return s } -type ListMetricsOutput struct { +type ListManagedInsightRulesOutput struct { _ struct{} `type:"structure"` - // The metrics that match your request. - Metrics []*Metric `type:"list"` + // The managed rules that are available for the specified Amazon Web Services + // resource. + ManagedRules []*ManagedRuleDescription `type:"list"` - // The token that marks the start of the next batch of returned results. + // Include this value to get the next set of rules if the value was returned + // by the previous operation. NextToken *string `type:"string"` } -// String returns the string representation -func (s ListMetricsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListManagedInsightRulesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListMetricsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListManagedInsightRulesOutput) GoString() string { return s.String() } -// SetMetrics sets the Metrics field's value. -func (s *ListMetricsOutput) SetMetrics(v []*Metric) *ListMetricsOutput { - s.Metrics = v +// SetManagedRules sets the ManagedRules field's value. +func (s *ListManagedInsightRulesOutput) SetManagedRules(v []*ManagedRuleDescription) *ListManagedInsightRulesOutput { + s.ManagedRules = v return s } // SetNextToken sets the NextToken field's value. -func (s *ListMetricsOutput) SetNextToken(v string) *ListMetricsOutput { +func (s *ListManagedInsightRulesOutput) SetNextToken(v string) *ListManagedInsightRulesOutput { s.NextToken = &v return s } -type ListTagsForResourceInput struct { +type ListMetricStreamsInput struct { _ struct{} `type:"structure"` - // The ARN of the CloudWatch resource that you want to view tags for. - // - // The ARN format of an alarm is arn:aws:cloudwatch:Region:account-id:alarm:alarm-name - // - // The ARN format of a Contributor Insights rule is arn:aws:cloudwatch:Region:account-id:insight-rule:insight-rule-name - // - // For more information about ARN format, see Resource Types Defined by Amazon - // CloudWatch (https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html#amazoncloudwatch-resources-for-iam-policies) - // in the Amazon Web Services General Reference. - // - // ResourceARN is a required field - ResourceARN *string `min:"1" type:"string" required:"true"` + // The maximum number of results to return in one operation. + MaxResults *int64 `min:"1" type:"integer"` + + // Include this value, if it was returned by the previous call, to get the next + // set of metric streams. + NextToken *string `type:"string"` } -// String returns the string representation -func (s ListTagsForResourceInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricStreamsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListTagsForResourceInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricStreamsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ListTagsForResourceInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} - if s.ResourceARN == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceARN")) - } - if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { - invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) +func (s *ListMetricStreamsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListMetricStreamsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } if invalidParams.Len() > 0 { @@ -6419,101 +8318,129 @@ func (s *ListTagsForResourceInput) Validate() error { return nil } -// SetResourceARN sets the ResourceARN field's value. -func (s *ListTagsForResourceInput) SetResourceARN(v string) *ListTagsForResourceInput { - s.ResourceARN = &v +// SetMaxResults sets the MaxResults field's value. +func (s *ListMetricStreamsInput) SetMaxResults(v int64) *ListMetricStreamsInput { + s.MaxResults = &v return s } -type ListTagsForResourceOutput struct { - _ struct{} `type:"structure"` - - // The list of tag keys and values associated with the resource you specified. - Tags []*Tag `type:"list"` -} - -// String returns the string representation -func (s ListTagsForResourceOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s ListTagsForResourceOutput) GoString() string { - return s.String() -} - -// SetTags sets the Tags field's value. -func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { - s.Tags = v +// SetNextToken sets the NextToken field's value. +func (s *ListMetricStreamsInput) SetNextToken(v string) *ListMetricStreamsInput { + s.NextToken = &v return s } -// A message returned by the GetMetricDataAPI, including a code and a description. -type MessageData struct { +type ListMetricStreamsOutput struct { _ struct{} `type:"structure"` - // The error code or status code associated with the message. - Code *string `type:"string"` + // The array of metric stream information. + Entries []*MetricStreamEntry `type:"list"` - // The message text. - Value *string `type:"string"` + // The token that marks the start of the next batch of returned results. You + // can use this token in a subsequent operation to get the next batch of results. + NextToken *string `type:"string"` } -// String returns the string representation -func (s MessageData) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricStreamsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MessageData) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricStreamsOutput) GoString() string { return s.String() } -// SetCode sets the Code field's value. -func (s *MessageData) SetCode(v string) *MessageData { - s.Code = &v +// SetEntries sets the Entries field's value. +func (s *ListMetricStreamsOutput) SetEntries(v []*MetricStreamEntry) *ListMetricStreamsOutput { + s.Entries = v return s } -// SetValue sets the Value field's value. -func (s *MessageData) SetValue(v string) *MessageData { - s.Value = &v +// SetNextToken sets the NextToken field's value. +func (s *ListMetricStreamsOutput) SetNextToken(v string) *ListMetricStreamsOutput { + s.NextToken = &v return s } -// Represents a specific metric. -type Metric struct { +type ListMetricsInput struct { _ struct{} `type:"structure"` - // The dimensions for the metric. - Dimensions []*Dimension `type:"list"` + // The dimensions to filter against. Only the dimensions that match exactly + // will be returned. + Dimensions []*DimensionFilter `type:"list"` - // The name of the metric. This is a required field. + // If you are using this operation in a monitoring account, specify true to + // include metrics from source accounts in the returned data. + // + // The default is false. + IncludeLinkedAccounts *bool `type:"boolean"` + + // The name of the metric to filter against. Only the metrics with names that + // match exactly will be returned. MetricName *string `min:"1" type:"string"` - // The namespace of the metric. + // The metric namespace to filter against. Only the namespace that matches exactly + // will be returned. Namespace *string `min:"1" type:"string"` + + // The token returned by a previous call to indicate that there is more data + // available. + NextToken *string `type:"string"` + + // When you use this operation in a monitoring account, use this field to return + // metrics only from one source account. To do so, specify that source account + // ID in this field, and also specify true for IncludeLinkedAccounts. + OwningAccount *string `min:"1" type:"string"` + + // To filter the results to show only metrics that have had data points published + // in the past three hours, specify this parameter with a value of PT3H. This + // is the only valid value for this parameter. + // + // The results that are returned are an approximation of the value you specify. + // There is a low probability that the returned results include metrics with + // last published data as much as 40 minutes more than the specified time interval. + RecentlyActive *string `type:"string" enum:"RecentlyActive"` } -// String returns the string representation -func (s Metric) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s Metric) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *Metric) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "Metric"} +func (s *ListMetricsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListMetricsInput"} if s.MetricName != nil && len(*s.MetricName) < 1 { invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) } if s.Namespace != nil && len(*s.Namespace) < 1 { invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) } + if s.OwningAccount != nil && len(*s.OwningAccount) < 1 { + invalidParams.Add(request.NewErrParamMinLen("OwningAccount", 1)) + } if s.Dimensions != nil { for i, v := range s.Dimensions { if v == nil { @@ -6532,409 +8459,1452 @@ func (s *Metric) Validate() error { } // SetDimensions sets the Dimensions field's value. -func (s *Metric) SetDimensions(v []*Dimension) *Metric { +func (s *ListMetricsInput) SetDimensions(v []*DimensionFilter) *ListMetricsInput { s.Dimensions = v return s } +// SetIncludeLinkedAccounts sets the IncludeLinkedAccounts field's value. +func (s *ListMetricsInput) SetIncludeLinkedAccounts(v bool) *ListMetricsInput { + s.IncludeLinkedAccounts = &v + return s +} + // SetMetricName sets the MetricName field's value. -func (s *Metric) SetMetricName(v string) *Metric { +func (s *ListMetricsInput) SetMetricName(v string) *ListMetricsInput { s.MetricName = &v return s } // SetNamespace sets the Namespace field's value. -func (s *Metric) SetNamespace(v string) *Metric { +func (s *ListMetricsInput) SetNamespace(v string) *ListMetricsInput { s.Namespace = &v return s } -// The details about a metric alarm. -type MetricAlarm struct { - _ struct{} `type:"structure"` - - // Indicates whether actions should be executed during any changes to the alarm - // state. - ActionsEnabled *bool `type:"boolean"` - - // The actions to execute when this alarm transitions to the ALARM state from - // any other state. Each action is specified as an Amazon Resource Name (ARN). - AlarmActions []*string `type:"list"` - - // The Amazon Resource Name (ARN) of the alarm. - AlarmArn *string `min:"1" type:"string"` - - // The time stamp of the last update to the alarm configuration. - AlarmConfigurationUpdatedTimestamp *time.Time `type:"timestamp"` - - // The description of the alarm. - AlarmDescription *string `type:"string"` - - // The name of the alarm. - AlarmName *string `min:"1" type:"string"` - - // The arithmetic operation to use when comparing the specified statistic and - // threshold. The specified statistic value is used as the first operand. - ComparisonOperator *string `type:"string" enum:"ComparisonOperator"` - - // The number of data points that must be breaching to trigger the alarm. - DatapointsToAlarm *int64 `min:"1" type:"integer"` - - // The dimensions for the metric associated with the alarm. - Dimensions []*Dimension `type:"list"` - - // Used only for alarms based on percentiles. If ignore, the alarm state does - // not change during periods with too few data points to be statistically significant. - // If evaluate or this parameter is not used, the alarm is always evaluated - // and possibly changes state no matter how many data points are available. - EvaluateLowSampleCountPercentile *string `min:"1" type:"string"` - - // The number of periods over which data is compared to the specified threshold. - EvaluationPeriods *int64 `min:"1" type:"integer"` - - // The percentile statistic for the metric associated with the alarm. Specify - // a value between p0.0 and p100. - ExtendedStatistic *string `type:"string"` - - // The actions to execute when this alarm transitions to the INSUFFICIENT_DATA - // state from any other state. Each action is specified as an Amazon Resource - // Name (ARN). - InsufficientDataActions []*string `type:"list"` - - // The name of the metric associated with the alarm, if this is an alarm based - // on a single metric. - MetricName *string `min:"1" type:"string"` - - // An array of MetricDataQuery structures, used in an alarm based on a metric - // math expression. Each structure either retrieves a metric or performs a math - // expression. One item in the Metrics array is the math expression that the - // alarm watches. This expression by designated by having ReturnData set to - // true. - Metrics []*MetricDataQuery `type:"list"` - - // The namespace of the metric associated with the alarm. - Namespace *string `min:"1" type:"string"` - - // The actions to execute when this alarm transitions to the OK state from any - // other state. Each action is specified as an Amazon Resource Name (ARN). - OKActions []*string `type:"list"` - - // The period, in seconds, over which the statistic is applied. - Period *int64 `min:"1" type:"integer"` - - // An explanation for the alarm state, in text format. - StateReason *string `type:"string"` - - // An explanation for the alarm state, in JSON format. - StateReasonData *string `type:"string"` - - // The time stamp of the last update to the alarm state. - StateUpdatedTimestamp *time.Time `type:"timestamp"` +// SetNextToken sets the NextToken field's value. +func (s *ListMetricsInput) SetNextToken(v string) *ListMetricsInput { + s.NextToken = &v + return s +} - // The state value for the alarm. - StateValue *string `type:"string" enum:"StateValue"` +// SetOwningAccount sets the OwningAccount field's value. +func (s *ListMetricsInput) SetOwningAccount(v string) *ListMetricsInput { + s.OwningAccount = &v + return s +} - // The statistic for the metric associated with the alarm, other than percentile. - // For percentile statistics, use ExtendedStatistic. - Statistic *string `type:"string" enum:"Statistic"` +// SetRecentlyActive sets the RecentlyActive field's value. +func (s *ListMetricsInput) SetRecentlyActive(v string) *ListMetricsInput { + s.RecentlyActive = &v + return s +} - // The value to compare with the specified statistic. - Threshold *float64 `type:"double"` +type ListMetricsOutput struct { + _ struct{} `type:"structure"` - // In an alarm based on an anomaly detection model, this is the ID of the ANOMALY_DETECTION_BAND - // function used as the threshold for the alarm. - ThresholdMetricId *string `min:"1" type:"string"` + // The metrics that match your request. + Metrics []*Metric `type:"list"` - // Sets how this alarm is to handle missing data points. If this parameter is - // omitted, the default behavior of missing is used. - TreatMissingData *string `min:"1" type:"string"` + // The token that marks the start of the next batch of returned results. + NextToken *string `type:"string"` - // The unit of the metric associated with the alarm. - Unit *string `type:"string" enum:"StandardUnit"` + // If you are using this operation in a monitoring account, this array contains + // the account IDs of the source accounts where the metrics in the returned + // data are from. + // + // This field is a 1:1 mapping between each metric that is returned and the + // ID of the owning account. + OwningAccounts []*string `type:"list"` } -// String returns the string representation -func (s MetricAlarm) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricAlarm) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListMetricsOutput) GoString() string { return s.String() } -// SetActionsEnabled sets the ActionsEnabled field's value. -func (s *MetricAlarm) SetActionsEnabled(v bool) *MetricAlarm { - s.ActionsEnabled = &v +// SetMetrics sets the Metrics field's value. +func (s *ListMetricsOutput) SetMetrics(v []*Metric) *ListMetricsOutput { + s.Metrics = v return s } -// SetAlarmActions sets the AlarmActions field's value. -func (s *MetricAlarm) SetAlarmActions(v []*string) *MetricAlarm { - s.AlarmActions = v +// SetNextToken sets the NextToken field's value. +func (s *ListMetricsOutput) SetNextToken(v string) *ListMetricsOutput { + s.NextToken = &v return s } -// SetAlarmArn sets the AlarmArn field's value. -func (s *MetricAlarm) SetAlarmArn(v string) *MetricAlarm { - s.AlarmArn = &v +// SetOwningAccounts sets the OwningAccounts field's value. +func (s *ListMetricsOutput) SetOwningAccounts(v []*string) *ListMetricsOutput { + s.OwningAccounts = v return s } -// SetAlarmConfigurationUpdatedTimestamp sets the AlarmConfigurationUpdatedTimestamp field's value. -func (s *MetricAlarm) SetAlarmConfigurationUpdatedTimestamp(v time.Time) *MetricAlarm { - s.AlarmConfigurationUpdatedTimestamp = &v - return s -} +type ListTagsForResourceInput struct { + _ struct{} `type:"structure"` -// SetAlarmDescription sets the AlarmDescription field's value. -func (s *MetricAlarm) SetAlarmDescription(v string) *MetricAlarm { - s.AlarmDescription = &v - return s + // The ARN of the CloudWatch resource that you want to view tags for. + // + // The ARN format of an alarm is arn:aws:cloudwatch:Region:account-id:alarm:alarm-name + // + // The ARN format of a Contributor Insights rule is arn:aws:cloudwatch:Region:account-id:insight-rule/insight-rule-name + // + // For more information about ARN format, see Resource Types Defined by Amazon + // CloudWatch (https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html#amazoncloudwatch-resources-for-iam-policies) + // in the Amazon Web Services General Reference. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` } -// SetAlarmName sets the AlarmName field's value. -func (s *MetricAlarm) SetAlarmName(v string) *MetricAlarm { - s.AlarmName = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) String() string { + return awsutil.Prettify(s) } -// SetComparisonOperator sets the ComparisonOperator field's value. -func (s *MetricAlarm) SetComparisonOperator(v string) *MetricAlarm { - s.ComparisonOperator = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) GoString() string { + return s.String() } -// SetDatapointsToAlarm sets the DatapointsToAlarm field's value. -func (s *MetricAlarm) SetDatapointsToAlarm(v int64) *MetricAlarm { - s.DatapointsToAlarm = &v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTagsForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetDimensions sets the Dimensions field's value. -func (s *MetricAlarm) SetDimensions(v []*Dimension) *MetricAlarm { - s.Dimensions = v +// SetResourceARN sets the ResourceARN field's value. +func (s *ListTagsForResourceInput) SetResourceARN(v string) *ListTagsForResourceInput { + s.ResourceARN = &v return s } -// SetEvaluateLowSampleCountPercentile sets the EvaluateLowSampleCountPercentile field's value. -func (s *MetricAlarm) SetEvaluateLowSampleCountPercentile(v string) *MetricAlarm { - s.EvaluateLowSampleCountPercentile = &v - return s +type ListTagsForResourceOutput struct { + _ struct{} `type:"structure"` + + // The list of tag keys and values associated with the resource you specified. + Tags []*Tag `type:"list"` } -// SetEvaluationPeriods sets the EvaluationPeriods field's value. -func (s *MetricAlarm) SetEvaluationPeriods(v int64) *MetricAlarm { - s.EvaluationPeriods = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) String() string { + return awsutil.Prettify(s) } -// SetExtendedStatistic sets the ExtendedStatistic field's value. -func (s *MetricAlarm) SetExtendedStatistic(v string) *MetricAlarm { - s.ExtendedStatistic = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) GoString() string { + return s.String() } -// SetInsufficientDataActions sets the InsufficientDataActions field's value. -func (s *MetricAlarm) SetInsufficientDataActions(v []*string) *MetricAlarm { - s.InsufficientDataActions = v +// SetTags sets the Tags field's value. +func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { + s.Tags = v return s } -// SetMetricName sets the MetricName field's value. -func (s *MetricAlarm) SetMetricName(v string) *MetricAlarm { - s.MetricName = &v - return s +// Contains the information that's required to enable a managed Contributor +// Insights rule for an Amazon Web Services resource. +type ManagedRule struct { + _ struct{} `type:"structure"` + + // The ARN of an Amazon Web Services resource that has managed Contributor Insights + // rules. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` + + // A list of key-value pairs that you can associate with a managed Contributor + // Insights rule. You can associate as many as 50 tags with a rule. Tags can + // help you organize and categorize your resources. You also can use them to + // scope user permissions by granting a user permission to access or change + // only the resources that have certain tag values. To associate tags with a + // rule, you must have the cloudwatch:TagResource permission in addition to + // the cloudwatch:PutInsightRule permission. If you are using this operation + // to update an existing Contributor Insights rule, any tags that you specify + // in this parameter are ignored. To change the tags of an existing rule, use + // TagResource. + Tags []*Tag `type:"list"` + + // The template name for the managed Contributor Insights rule, as returned + // by ListManagedInsightRules. + // + // TemplateName is a required field + TemplateName *string `min:"1" type:"string" required:"true"` } -// SetMetrics sets the Metrics field's value. -func (s *MetricAlarm) SetMetrics(v []*MetricDataQuery) *MetricAlarm { - s.Metrics = v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ManagedRule) String() string { + return awsutil.Prettify(s) } -// SetNamespace sets the Namespace field's value. -func (s *MetricAlarm) SetNamespace(v string) *MetricAlarm { - s.Namespace = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ManagedRule) GoString() string { + return s.String() } -// SetOKActions sets the OKActions field's value. -func (s *MetricAlarm) SetOKActions(v []*string) *MetricAlarm { - s.OKActions = v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *ManagedRule) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ManagedRule"} + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + if s.TemplateName == nil { + invalidParams.Add(request.NewErrParamRequired("TemplateName")) + } + if s.TemplateName != nil && len(*s.TemplateName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TemplateName", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetPeriod sets the Period field's value. -func (s *MetricAlarm) SetPeriod(v int64) *MetricAlarm { - s.Period = &v +// SetResourceARN sets the ResourceARN field's value. +func (s *ManagedRule) SetResourceARN(v string) *ManagedRule { + s.ResourceARN = &v return s } -// SetStateReason sets the StateReason field's value. -func (s *MetricAlarm) SetStateReason(v string) *MetricAlarm { - s.StateReason = &v +// SetTags sets the Tags field's value. +func (s *ManagedRule) SetTags(v []*Tag) *ManagedRule { + s.Tags = v return s } -// SetStateReasonData sets the StateReasonData field's value. -func (s *MetricAlarm) SetStateReasonData(v string) *MetricAlarm { - s.StateReasonData = &v +// SetTemplateName sets the TemplateName field's value. +func (s *ManagedRule) SetTemplateName(v string) *ManagedRule { + s.TemplateName = &v return s } -// SetStateUpdatedTimestamp sets the StateUpdatedTimestamp field's value. -func (s *MetricAlarm) SetStateUpdatedTimestamp(v time.Time) *MetricAlarm { - s.StateUpdatedTimestamp = &v - return s +// Contains information about managed Contributor Insights rules, as returned +// by ListManagedInsightRules. +type ManagedRuleDescription struct { + _ struct{} `type:"structure"` + + // If a managed rule is enabled, this is the ARN for the related Amazon Web + // Services resource. + ResourceARN *string `min:"1" type:"string"` + + // Describes the state of a managed rule. If present, it contains information + // about the Contributor Insights rule that contains information about the related + // Amazon Web Services resource. + RuleState *ManagedRuleState `type:"structure"` + + // The template name for the managed rule. Used to enable managed rules using + // PutManagedInsightRules. + TemplateName *string `min:"1" type:"string"` } -// SetStateValue sets the StateValue field's value. -func (s *MetricAlarm) SetStateValue(v string) *MetricAlarm { - s.StateValue = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ManagedRuleDescription) String() string { + return awsutil.Prettify(s) } -// SetStatistic sets the Statistic field's value. -func (s *MetricAlarm) SetStatistic(v string) *MetricAlarm { - s.Statistic = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ManagedRuleDescription) GoString() string { + return s.String() } -// SetThreshold sets the Threshold field's value. -func (s *MetricAlarm) SetThreshold(v float64) *MetricAlarm { - s.Threshold = &v +// SetResourceARN sets the ResourceARN field's value. +func (s *ManagedRuleDescription) SetResourceARN(v string) *ManagedRuleDescription { + s.ResourceARN = &v return s } -// SetThresholdMetricId sets the ThresholdMetricId field's value. -func (s *MetricAlarm) SetThresholdMetricId(v string) *MetricAlarm { - s.ThresholdMetricId = &v +// SetRuleState sets the RuleState field's value. +func (s *ManagedRuleDescription) SetRuleState(v *ManagedRuleState) *ManagedRuleDescription { + s.RuleState = v return s } -// SetTreatMissingData sets the TreatMissingData field's value. -func (s *MetricAlarm) SetTreatMissingData(v string) *MetricAlarm { - s.TreatMissingData = &v +// SetTemplateName sets the TemplateName field's value. +func (s *ManagedRuleDescription) SetTemplateName(v string) *ManagedRuleDescription { + s.TemplateName = &v return s } -// SetUnit sets the Unit field's value. -func (s *MetricAlarm) SetUnit(v string) *MetricAlarm { - s.Unit = &v - return s +// The status of a managed Contributor Insights rule. +type ManagedRuleState struct { + _ struct{} `type:"structure"` + + // The name of the Contributor Insights rule that contains data for the specified + // Amazon Web Services resource. + // + // RuleName is a required field + RuleName *string `min:"1" type:"string" required:"true"` + + // Indicates whether the rule is enabled or disabled. + // + // State is a required field + State *string `min:"1" type:"string" required:"true"` } -// This structure is used in both GetMetricData and PutMetricAlarm. The supported -// use of this structure is different for those two operations. -// -// When used in GetMetricData, it indicates the metric data to return, and whether -// this call is just retrieving a batch set of data for one metric, or is performing -// a math expression on metric data. A single GetMetricData call can include -// up to 500 MetricDataQuery structures. +// String returns the string representation. // -// When used in PutMetricAlarm, it enables you to create an alarm based on a -// metric math expression. Each MetricDataQuery in the array specifies either -// a metric to retrieve, or a math expression to be performed on retrieved metrics. -// A single PutMetricAlarm call can include up to 20 MetricDataQuery structures -// in the array. The 20 structures can include as many as 10 structures that -// contain a MetricStat parameter to retrieve a metric, and as many as 10 structures -// that contain the Expression parameter to perform a math expression. Of those -// Expression structures, one must have True as the value for ReturnData. The -// result of this expression is the value the alarm watches. +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ManagedRuleState) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. // -// Any expression used in a PutMetricAlarm operation must return a single time -// series. For more information, see Metric Math Syntax and Functions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) -// in the Amazon CloudWatch User Guide. +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ManagedRuleState) GoString() string { + return s.String() +} + +// SetRuleName sets the RuleName field's value. +func (s *ManagedRuleState) SetRuleName(v string) *ManagedRuleState { + s.RuleName = &v + return s +} + +// SetState sets the State field's value. +func (s *ManagedRuleState) SetState(v string) *ManagedRuleState { + s.State = &v + return s +} + +// A message returned by the GetMetricDataAPI, including a code and a description. // -// Some of the parameters of this structure also have different uses whether -// you are using this structure in a GetMetricData operation or a PutMetricAlarm -// operation. These differences are explained in the following parameter list. -type MetricDataQuery struct { +// If a cross-Region GetMetricData operation fails with a code of Forbidden +// and a value of Authentication too complex to retrieve cross region data, +// you can correct the problem by running the GetMetricData operation in the +// same Region where the metric data is. +type MessageData struct { _ struct{} `type:"structure"` - // The math expression to be performed on the returned data, if this object - // is performing a math expression. This expression can use the Id of the other - // metrics to refer to those metrics, and can also use the Id of other expressions - // to use the result of those expressions. For more information about metric - // math expressions, see Metric Math Syntax and Functions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) - // in the Amazon CloudWatch User Guide. - // - // Within each MetricDataQuery object, you must specify either Expression or - // MetricStat but not both. - Expression *string `min:"1" type:"string"` - - // A short name used to tie this object to the results in the response. This - // name must be unique within a single call to GetMetricData. If you are performing - // math expressions on this set of data, this name represents that data and - // can serve as a variable in the mathematical expression. The valid characters - // are letters, numbers, and underscore. The first character must be a lowercase - // letter. - // - // Id is a required field - Id *string `min:"1" type:"string" required:"true"` + // The error code or status code associated with the message. + Code *string `type:"string"` - // A human-readable label for this metric or expression. This is especially - // useful if this is an expression, so that you know what the value represents. - // If the metric or expression is shown in a CloudWatch dashboard widget, the - // label is shown. If Label is omitted, CloudWatch generates a default. - Label *string `type:"string"` + // The message text. + Value *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MessageData) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MessageData) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *MessageData) SetCode(v string) *MessageData { + s.Code = &v + return s +} + +// SetValue sets the Value field's value. +func (s *MessageData) SetValue(v string) *MessageData { + s.Value = &v + return s +} + +// Represents a specific metric. +type Metric struct { + _ struct{} `type:"structure"` + + // The dimensions for the metric. + Dimensions []*Dimension `type:"list"` + + // The name of the metric. This is a required field. + MetricName *string `min:"1" type:"string"` + + // The namespace of the metric. + Namespace *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Metric) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Metric) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Metric) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Metric"} + if s.MetricName != nil && len(*s.MetricName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) + } + if s.Namespace != nil && len(*s.Namespace) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) + } + if s.Dimensions != nil { + for i, v := range s.Dimensions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Dimensions", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDimensions sets the Dimensions field's value. +func (s *Metric) SetDimensions(v []*Dimension) *Metric { + s.Dimensions = v + return s +} + +// SetMetricName sets the MetricName field's value. +func (s *Metric) SetMetricName(v string) *Metric { + s.MetricName = &v + return s +} + +// SetNamespace sets the Namespace field's value. +func (s *Metric) SetNamespace(v string) *Metric { + s.Namespace = &v + return s +} + +// The details about a metric alarm. +type MetricAlarm struct { + _ struct{} `type:"structure"` + + // Indicates whether actions should be executed during any changes to the alarm + // state. + ActionsEnabled *bool `type:"boolean"` + + // The actions to execute when this alarm transitions to the ALARM state from + // any other state. Each action is specified as an Amazon Resource Name (ARN). + AlarmActions []*string `type:"list"` + + // The Amazon Resource Name (ARN) of the alarm. + AlarmArn *string `min:"1" type:"string"` + + // The time stamp of the last update to the alarm configuration. + AlarmConfigurationUpdatedTimestamp *time.Time `type:"timestamp"` + + // The description of the alarm. + AlarmDescription *string `type:"string"` + + // The name of the alarm. + AlarmName *string `min:"1" type:"string"` + + // The arithmetic operation to use when comparing the specified statistic and + // threshold. The specified statistic value is used as the first operand. + ComparisonOperator *string `type:"string" enum:"ComparisonOperator"` + + // The number of data points that must be breaching to trigger the alarm. + DatapointsToAlarm *int64 `min:"1" type:"integer"` + + // The dimensions for the metric associated with the alarm. + Dimensions []*Dimension `type:"list"` + + // Used only for alarms based on percentiles. If ignore, the alarm state does + // not change during periods with too few data points to be statistically significant. + // If evaluate or this parameter is not used, the alarm is always evaluated + // and possibly changes state no matter how many data points are available. + EvaluateLowSampleCountPercentile *string `min:"1" type:"string"` + + // The number of periods over which data is compared to the specified threshold. + EvaluationPeriods *int64 `min:"1" type:"integer"` + + // If the value of this field is PARTIAL_DATA, the alarm is being evaluated + // based on only partial data. This happens if the query used for the alarm + // returns more than 10,000 metrics. For more information, see Create alarms + // on Metrics Insights queries (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Metrics_Insights_Alarm.html). + EvaluationState *string `type:"string" enum:"EvaluationState"` + + // The percentile statistic for the metric associated with the alarm. Specify + // a value between p0.0 and p100. + ExtendedStatistic *string `type:"string"` + + // The actions to execute when this alarm transitions to the INSUFFICIENT_DATA + // state from any other state. Each action is specified as an Amazon Resource + // Name (ARN). + InsufficientDataActions []*string `type:"list"` + + // The name of the metric associated with the alarm, if this is an alarm based + // on a single metric. + MetricName *string `min:"1" type:"string"` + + // An array of MetricDataQuery structures, used in an alarm based on a metric + // math expression. Each structure either retrieves a metric or performs a math + // expression. One item in the Metrics array is the math expression that the + // alarm watches. This expression by designated by having ReturnData set to + // true. + Metrics []*MetricDataQuery `type:"list"` + + // The namespace of the metric associated with the alarm. + Namespace *string `min:"1" type:"string"` + + // The actions to execute when this alarm transitions to the OK state from any + // other state. Each action is specified as an Amazon Resource Name (ARN). + OKActions []*string `type:"list"` + + // The period, in seconds, over which the statistic is applied. + Period *int64 `min:"1" type:"integer"` + + // An explanation for the alarm state, in text format. + StateReason *string `type:"string"` + + // An explanation for the alarm state, in JSON format. + StateReasonData *string `type:"string"` + + // The date and time that the alarm's StateValue most recently changed. + StateTransitionedTimestamp *time.Time `type:"timestamp"` + + // The time stamp of the last update to the value of either the StateValue or + // EvaluationState parameters. + StateUpdatedTimestamp *time.Time `type:"timestamp"` + + // The state value for the alarm. + StateValue *string `type:"string" enum:"StateValue"` + + // The statistic for the metric associated with the alarm, other than percentile. + // For percentile statistics, use ExtendedStatistic. + Statistic *string `type:"string" enum:"Statistic"` + + // The value to compare with the specified statistic. + Threshold *float64 `type:"double"` + + // In an alarm based on an anomaly detection model, this is the ID of the ANOMALY_DETECTION_BAND + // function used as the threshold for the alarm. + ThresholdMetricId *string `min:"1" type:"string"` + + // Sets how this alarm is to handle missing data points. The valid values are + // breaching, notBreaching, ignore, and missing. For more information, see Configuring + // how CloudWatch alarms treat missing data (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-missing-data). + // + // If this parameter is omitted, the default behavior of missing is used. + TreatMissingData *string `min:"1" type:"string"` + + // The unit of the metric associated with the alarm. + Unit *string `type:"string" enum:"StandardUnit"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricAlarm) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricAlarm) GoString() string { + return s.String() +} + +// SetActionsEnabled sets the ActionsEnabled field's value. +func (s *MetricAlarm) SetActionsEnabled(v bool) *MetricAlarm { + s.ActionsEnabled = &v + return s +} + +// SetAlarmActions sets the AlarmActions field's value. +func (s *MetricAlarm) SetAlarmActions(v []*string) *MetricAlarm { + s.AlarmActions = v + return s +} + +// SetAlarmArn sets the AlarmArn field's value. +func (s *MetricAlarm) SetAlarmArn(v string) *MetricAlarm { + s.AlarmArn = &v + return s +} + +// SetAlarmConfigurationUpdatedTimestamp sets the AlarmConfigurationUpdatedTimestamp field's value. +func (s *MetricAlarm) SetAlarmConfigurationUpdatedTimestamp(v time.Time) *MetricAlarm { + s.AlarmConfigurationUpdatedTimestamp = &v + return s +} + +// SetAlarmDescription sets the AlarmDescription field's value. +func (s *MetricAlarm) SetAlarmDescription(v string) *MetricAlarm { + s.AlarmDescription = &v + return s +} + +// SetAlarmName sets the AlarmName field's value. +func (s *MetricAlarm) SetAlarmName(v string) *MetricAlarm { + s.AlarmName = &v + return s +} + +// SetComparisonOperator sets the ComparisonOperator field's value. +func (s *MetricAlarm) SetComparisonOperator(v string) *MetricAlarm { + s.ComparisonOperator = &v + return s +} + +// SetDatapointsToAlarm sets the DatapointsToAlarm field's value. +func (s *MetricAlarm) SetDatapointsToAlarm(v int64) *MetricAlarm { + s.DatapointsToAlarm = &v + return s +} + +// SetDimensions sets the Dimensions field's value. +func (s *MetricAlarm) SetDimensions(v []*Dimension) *MetricAlarm { + s.Dimensions = v + return s +} + +// SetEvaluateLowSampleCountPercentile sets the EvaluateLowSampleCountPercentile field's value. +func (s *MetricAlarm) SetEvaluateLowSampleCountPercentile(v string) *MetricAlarm { + s.EvaluateLowSampleCountPercentile = &v + return s +} + +// SetEvaluationPeriods sets the EvaluationPeriods field's value. +func (s *MetricAlarm) SetEvaluationPeriods(v int64) *MetricAlarm { + s.EvaluationPeriods = &v + return s +} + +// SetEvaluationState sets the EvaluationState field's value. +func (s *MetricAlarm) SetEvaluationState(v string) *MetricAlarm { + s.EvaluationState = &v + return s +} + +// SetExtendedStatistic sets the ExtendedStatistic field's value. +func (s *MetricAlarm) SetExtendedStatistic(v string) *MetricAlarm { + s.ExtendedStatistic = &v + return s +} + +// SetInsufficientDataActions sets the InsufficientDataActions field's value. +func (s *MetricAlarm) SetInsufficientDataActions(v []*string) *MetricAlarm { + s.InsufficientDataActions = v + return s +} + +// SetMetricName sets the MetricName field's value. +func (s *MetricAlarm) SetMetricName(v string) *MetricAlarm { + s.MetricName = &v + return s +} + +// SetMetrics sets the Metrics field's value. +func (s *MetricAlarm) SetMetrics(v []*MetricDataQuery) *MetricAlarm { + s.Metrics = v + return s +} + +// SetNamespace sets the Namespace field's value. +func (s *MetricAlarm) SetNamespace(v string) *MetricAlarm { + s.Namespace = &v + return s +} + +// SetOKActions sets the OKActions field's value. +func (s *MetricAlarm) SetOKActions(v []*string) *MetricAlarm { + s.OKActions = v + return s +} + +// SetPeriod sets the Period field's value. +func (s *MetricAlarm) SetPeriod(v int64) *MetricAlarm { + s.Period = &v + return s +} + +// SetStateReason sets the StateReason field's value. +func (s *MetricAlarm) SetStateReason(v string) *MetricAlarm { + s.StateReason = &v + return s +} + +// SetStateReasonData sets the StateReasonData field's value. +func (s *MetricAlarm) SetStateReasonData(v string) *MetricAlarm { + s.StateReasonData = &v + return s +} + +// SetStateTransitionedTimestamp sets the StateTransitionedTimestamp field's value. +func (s *MetricAlarm) SetStateTransitionedTimestamp(v time.Time) *MetricAlarm { + s.StateTransitionedTimestamp = &v + return s +} + +// SetStateUpdatedTimestamp sets the StateUpdatedTimestamp field's value. +func (s *MetricAlarm) SetStateUpdatedTimestamp(v time.Time) *MetricAlarm { + s.StateUpdatedTimestamp = &v + return s +} + +// SetStateValue sets the StateValue field's value. +func (s *MetricAlarm) SetStateValue(v string) *MetricAlarm { + s.StateValue = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *MetricAlarm) SetStatistic(v string) *MetricAlarm { + s.Statistic = &v + return s +} + +// SetThreshold sets the Threshold field's value. +func (s *MetricAlarm) SetThreshold(v float64) *MetricAlarm { + s.Threshold = &v + return s +} + +// SetThresholdMetricId sets the ThresholdMetricId field's value. +func (s *MetricAlarm) SetThresholdMetricId(v string) *MetricAlarm { + s.ThresholdMetricId = &v + return s +} + +// SetTreatMissingData sets the TreatMissingData field's value. +func (s *MetricAlarm) SetTreatMissingData(v string) *MetricAlarm { + s.TreatMissingData = &v + return s +} + +// SetUnit sets the Unit field's value. +func (s *MetricAlarm) SetUnit(v string) *MetricAlarm { + s.Unit = &v + return s +} + +// This object includes parameters that you can use to provide information to +// CloudWatch to help it build more accurate anomaly detection models. +type MetricCharacteristics struct { + _ struct{} `type:"structure"` + + // Set this parameter to true if values for this metric consistently include + // spikes that should not be considered to be anomalies. With this set to true, + // CloudWatch will expect to see spikes that occurred consistently during the + // model training period, and won't flag future similar spikes as anomalies. + PeriodicSpikes *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricCharacteristics) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricCharacteristics) GoString() string { + return s.String() +} + +// SetPeriodicSpikes sets the PeriodicSpikes field's value. +func (s *MetricCharacteristics) SetPeriodicSpikes(v bool) *MetricCharacteristics { + s.PeriodicSpikes = &v + return s +} + +// This structure is used in both GetMetricData and PutMetricAlarm. The supported +// use of this structure is different for those two operations. +// +// When used in GetMetricData, it indicates the metric data to return, and whether +// this call is just retrieving a batch set of data for one metric, or is performing +// a Metrics Insights query or a math expression. A single GetMetricData call +// can include up to 500 MetricDataQuery structures. +// +// When used in PutMetricAlarm, it enables you to create an alarm based on a +// metric math expression. Each MetricDataQuery in the array specifies either +// a metric to retrieve, or a math expression to be performed on retrieved metrics. +// A single PutMetricAlarm call can include up to 20 MetricDataQuery structures +// in the array. The 20 structures can include as many as 10 structures that +// contain a MetricStat parameter to retrieve a metric, and as many as 10 structures +// that contain the Expression parameter to perform a math expression. Of those +// Expression structures, one must have true as the value for ReturnData. The +// result of this expression is the value the alarm watches. +// +// Any expression used in a PutMetricAlarm operation must return a single time +// series. For more information, see Metric Math Syntax and Functions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) +// in the Amazon CloudWatch User Guide. +// +// Some of the parameters of this structure also have different uses whether +// you are using this structure in a GetMetricData operation or a PutMetricAlarm +// operation. These differences are explained in the following parameter list. +type MetricDataQuery struct { + _ struct{} `type:"structure"` + + // The ID of the account where the metrics are located. + // + // If you are performing a GetMetricData operation in a monitoring account, + // use this to specify which account to retrieve this metric from. + // + // If you are performing a PutMetricAlarm operation, use this to specify which + // account contains the metric that the alarm is watching. + AccountId *string `min:"1" type:"string"` + + // This field can contain either a Metrics Insights query, or a metric math + // expression to be performed on the returned data. For more information about + // Metrics Insights queries, see Metrics Insights query components and syntax + // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-metrics-insights-querylanguage) + // in the Amazon CloudWatch User Guide. + // + // A math expression can use the Id of the other metrics or queries to refer + // to those metrics, and can also use the Id of other expressions to use the + // result of those expressions. For more information about metric math expressions, + // see Metric Math Syntax and Functions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) + // in the Amazon CloudWatch User Guide. + // + // Within each MetricDataQuery object, you must specify either Expression or + // MetricStat but not both. + Expression *string `min:"1" type:"string"` + + // A short name used to tie this object to the results in the response. This + // name must be unique within a single call to GetMetricData. If you are performing + // math expressions on this set of data, this name represents that data and + // can serve as a variable in the mathematical expression. The valid characters + // are letters, numbers, and underscore. The first character must be a lowercase + // letter. + // + // Id is a required field + Id *string `min:"1" type:"string" required:"true"` + + // A human-readable label for this metric or expression. This is especially + // useful if this is an expression, so that you know what the value represents. + // If the metric or expression is shown in a CloudWatch dashboard widget, the + // label is shown. If Label is omitted, CloudWatch generates a default. + // + // You can put dynamic expressions into a label, so that it is more descriptive. + // For more information, see Using Dynamic Labels (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph-dynamic-labels.html). + Label *string `type:"string"` // The metric to be returned, along with statistics, period, and units. Use // this parameter only if this object is retrieving a metric and not performing // a math expression on returned data. // - // Within one MetricDataQuery object, you must specify either Expression or - // MetricStat but not both. - MetricStat *MetricStat `type:"structure"` + // Within one MetricDataQuery object, you must specify either Expression or + // MetricStat but not both. + MetricStat *MetricStat `type:"structure"` + + // The granularity, in seconds, of the returned data points. For metrics with + // regular resolution, a period can be as short as one minute (60 seconds) and + // must be a multiple of 60. For high-resolution metrics that are collected + // at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, + // or any multiple of 60. High-resolution metrics are those metrics stored by + // a PutMetricData operation that includes a StorageResolution of 1 second. + Period *int64 `min:"1" type:"integer"` + + // When used in GetMetricData, this option indicates whether to return the timestamps + // and raw data values of this metric. If you are performing this call just + // to do math expressions and do not also need the raw data returned, you can + // specify false. If you omit this, the default of true is used. + // + // When used in PutMetricAlarm, specify true for the one expression result to + // use as the alarm. For all other metrics and expressions in the same PutMetricAlarm + // operation, specify ReturnData as False. + ReturnData *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricDataQuery) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricDataQuery) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MetricDataQuery) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricDataQuery"} + if s.AccountId != nil && len(*s.AccountId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AccountId", 1)) + } + if s.Expression != nil && len(*s.Expression) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Expression", 1)) + } + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + if s.Period != nil && *s.Period < 1 { + invalidParams.Add(request.NewErrParamMinValue("Period", 1)) + } + if s.MetricStat != nil { + if err := s.MetricStat.Validate(); err != nil { + invalidParams.AddNested("MetricStat", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountId sets the AccountId field's value. +func (s *MetricDataQuery) SetAccountId(v string) *MetricDataQuery { + s.AccountId = &v + return s +} + +// SetExpression sets the Expression field's value. +func (s *MetricDataQuery) SetExpression(v string) *MetricDataQuery { + s.Expression = &v + return s +} + +// SetId sets the Id field's value. +func (s *MetricDataQuery) SetId(v string) *MetricDataQuery { + s.Id = &v + return s +} + +// SetLabel sets the Label field's value. +func (s *MetricDataQuery) SetLabel(v string) *MetricDataQuery { + s.Label = &v + return s +} + +// SetMetricStat sets the MetricStat field's value. +func (s *MetricDataQuery) SetMetricStat(v *MetricStat) *MetricDataQuery { + s.MetricStat = v + return s +} + +// SetPeriod sets the Period field's value. +func (s *MetricDataQuery) SetPeriod(v int64) *MetricDataQuery { + s.Period = &v + return s +} + +// SetReturnData sets the ReturnData field's value. +func (s *MetricDataQuery) SetReturnData(v bool) *MetricDataQuery { + s.ReturnData = &v + return s +} + +// A GetMetricData call returns an array of MetricDataResult structures. Each +// of these structures includes the data points for that metric, along with +// the timestamps of those data points and other identifying information. +type MetricDataResult struct { + _ struct{} `type:"structure"` + + // The short name you specified to represent this metric. + Id *string `min:"1" type:"string"` + + // The human-readable label associated with the data. + Label *string `type:"string"` + + // A list of messages with additional information about the data returned. + Messages []*MessageData `type:"list"` + + // The status of the returned data. Complete indicates that all data points + // in the requested time range were returned. PartialData means that an incomplete + // set of data points were returned. You can use the NextToken value that was + // returned and repeat your request to get more data points. NextToken is not + // returned if you are performing a math expression. InternalError indicates + // that an error occurred. Retry your request using NextToken, if present. + StatusCode *string `type:"string" enum:"StatusCode"` + + // The timestamps for the data points, formatted in Unix timestamp format. The + // number of timestamps always matches the number of values and the value for + // Timestamps[x] is Values[x]. + Timestamps []*time.Time `type:"list"` + + // The data points for the metric corresponding to Timestamps. The number of + // values always matches the number of timestamps and the timestamp for Values[x] + // is Timestamps[x]. + Values []*float64 `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricDataResult) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricDataResult) GoString() string { + return s.String() +} + +// SetId sets the Id field's value. +func (s *MetricDataResult) SetId(v string) *MetricDataResult { + s.Id = &v + return s +} + +// SetLabel sets the Label field's value. +func (s *MetricDataResult) SetLabel(v string) *MetricDataResult { + s.Label = &v + return s +} + +// SetMessages sets the Messages field's value. +func (s *MetricDataResult) SetMessages(v []*MessageData) *MetricDataResult { + s.Messages = v + return s +} + +// SetStatusCode sets the StatusCode field's value. +func (s *MetricDataResult) SetStatusCode(v string) *MetricDataResult { + s.StatusCode = &v + return s +} + +// SetTimestamps sets the Timestamps field's value. +func (s *MetricDataResult) SetTimestamps(v []*time.Time) *MetricDataResult { + s.Timestamps = v + return s +} + +// SetValues sets the Values field's value. +func (s *MetricDataResult) SetValues(v []*float64) *MetricDataResult { + s.Values = v + return s +} + +// Encapsulates the information sent to either create a metric or add new values +// to be aggregated into an existing metric. +type MetricDatum struct { + _ struct{} `type:"structure"` + + // Array of numbers that is used along with the Values array. Each number in + // the Count array is the number of times the corresponding value in the Values + // array occurred during the period. + // + // If you omit the Counts array, the default of 1 is used as the value for each + // count. If you include a Counts array, it must include the same amount of + // values as the Values array. + Counts []*float64 `type:"list"` + + // The dimensions associated with the metric. + Dimensions []*Dimension `type:"list"` + + // The name of the metric. + // + // MetricName is a required field + MetricName *string `min:"1" type:"string" required:"true"` + + // The statistical values for the metric. + StatisticValues *StatisticSet `type:"structure"` + + // Valid values are 1 and 60. Setting this to 1 specifies this metric as a high-resolution + // metric, so that CloudWatch stores the metric with sub-minute resolution down + // to one second. Setting this to 60 specifies this metric as a regular-resolution + // metric, which CloudWatch stores at 1-minute resolution. Currently, high resolution + // is available only for custom metrics. For more information about high-resolution + // metrics, see High-Resolution Metrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#high-resolution-metrics) + // in the Amazon CloudWatch User Guide. + // + // This field is optional, if you do not specify it the default of 60 is used. + StorageResolution *int64 `min:"1" type:"integer"` + + // The time the metric data was received, expressed as the number of milliseconds + // since Jan 1, 1970 00:00:00 UTC. + Timestamp *time.Time `type:"timestamp"` + + // When you are using a Put operation, this defines what unit you want to use + // when storing the metric. + // + // In a Get operation, this displays the unit that is used for the metric. + Unit *string `type:"string" enum:"StandardUnit"` + + // The value for the metric. + // + // Although the parameter accepts numbers of type Double, CloudWatch rejects + // values that are either too small or too large. Values must be in the range + // of -2^360 to 2^360. In addition, special values (for example, NaN, +Infinity, + // -Infinity) are not supported. + Value *float64 `type:"double"` + + // Array of numbers representing the values for the metric during the period. + // Each unique value is listed just once in this array, and the corresponding + // number in the Counts array specifies the number of times that value occurred + // during the period. You can include up to 150 unique values in each PutMetricData + // action that specifies a Values array. + // + // Although the Values array accepts numbers of type Double, CloudWatch rejects + // values that are either too small or too large. Values must be in the range + // of -2^360 to 2^360. In addition, special values (for example, NaN, +Infinity, + // -Infinity) are not supported. + Values []*float64 `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricDatum) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricDatum) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MetricDatum) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricDatum"} + if s.MetricName == nil { + invalidParams.Add(request.NewErrParamRequired("MetricName")) + } + if s.MetricName != nil && len(*s.MetricName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) + } + if s.StorageResolution != nil && *s.StorageResolution < 1 { + invalidParams.Add(request.NewErrParamMinValue("StorageResolution", 1)) + } + if s.Dimensions != nil { + for i, v := range s.Dimensions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Dimensions", i), err.(request.ErrInvalidParams)) + } + } + } + if s.StatisticValues != nil { + if err := s.StatisticValues.Validate(); err != nil { + invalidParams.AddNested("StatisticValues", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCounts sets the Counts field's value. +func (s *MetricDatum) SetCounts(v []*float64) *MetricDatum { + s.Counts = v + return s +} + +// SetDimensions sets the Dimensions field's value. +func (s *MetricDatum) SetDimensions(v []*Dimension) *MetricDatum { + s.Dimensions = v + return s +} + +// SetMetricName sets the MetricName field's value. +func (s *MetricDatum) SetMetricName(v string) *MetricDatum { + s.MetricName = &v + return s +} + +// SetStatisticValues sets the StatisticValues field's value. +func (s *MetricDatum) SetStatisticValues(v *StatisticSet) *MetricDatum { + s.StatisticValues = v + return s +} + +// SetStorageResolution sets the StorageResolution field's value. +func (s *MetricDatum) SetStorageResolution(v int64) *MetricDatum { + s.StorageResolution = &v + return s +} + +// SetTimestamp sets the Timestamp field's value. +func (s *MetricDatum) SetTimestamp(v time.Time) *MetricDatum { + s.Timestamp = &v + return s +} + +// SetUnit sets the Unit field's value. +func (s *MetricDatum) SetUnit(v string) *MetricDatum { + s.Unit = &v + return s +} + +// SetValue sets the Value field's value. +func (s *MetricDatum) SetValue(v float64) *MetricDatum { + s.Value = &v + return s +} + +// SetValues sets the Values field's value. +func (s *MetricDatum) SetValues(v []*float64) *MetricDatum { + s.Values = v + return s +} + +// Indicates the CloudWatch math expression that provides the time series the +// anomaly detector uses as input. The designated math expression must return +// a single time series. +type MetricMathAnomalyDetector struct { + _ struct{} `type:"structure"` + + // An array of metric data query structures that enables you to create an anomaly + // detector based on the result of a metric math expression. Each item in MetricDataQueries + // gets a metric or performs a math expression. One item in MetricDataQueries + // is the expression that provides the time series that the anomaly detector + // uses as input. Designate the expression by setting ReturnData to true for + // this object in the array. For all other expressions and metrics, set ReturnData + // to false. The designated expression must return a single time series. + MetricDataQueries []*MetricDataQuery `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricMathAnomalyDetector) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricMathAnomalyDetector) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MetricMathAnomalyDetector) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricMathAnomalyDetector"} + if s.MetricDataQueries != nil { + for i, v := range s.MetricDataQueries { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricDataQueries", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMetricDataQueries sets the MetricDataQueries field's value. +func (s *MetricMathAnomalyDetector) SetMetricDataQueries(v []*MetricDataQuery) *MetricMathAnomalyDetector { + s.MetricDataQueries = v + return s +} + +// This structure defines the metric to be returned, along with the statistics, +// period, and units. +type MetricStat struct { + _ struct{} `type:"structure"` + + // The metric to return, including the metric name, namespace, and dimensions. + // + // Metric is a required field + Metric *Metric `type:"structure" required:"true"` // The granularity, in seconds, of the returned data points. For metrics with // regular resolution, a period can be as short as one minute (60 seconds) and // must be a multiple of 60. For high-resolution metrics that are collected // at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, // or any multiple of 60. High-resolution metrics are those metrics stored by - // a PutMetricData operation that includes a StorageResolution of 1 second. - Period *int64 `min:"1" type:"integer"` + // a PutMetricData call that includes a StorageResolution of 1 second. + // + // If the StartTime parameter specifies a time stamp that is greater than 3 + // hours ago, you must specify the period as follows or no data points in that + // time range is returned: + // + // * Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds + // (1 minute). + // + // * Start time between 15 and 63 days ago - Use a multiple of 300 seconds + // (5 minutes). + // + // * Start time greater than 63 days ago - Use a multiple of 3600 seconds + // (1 hour). + // + // Period is a required field + Period *int64 `min:"1" type:"integer" required:"true"` - // When used in GetMetricData, this option indicates whether to return the timestamps - // and raw data values of this metric. If you are performing this call just - // to do math expressions and do not also need the raw data returned, you can - // specify False. If you omit this, the default of True is used. + // The statistic to return. It can include any CloudWatch statistic or extended + // statistic. // - // When used in PutMetricAlarm, specify True for the one expression result to - // use as the alarm. For all other metrics and expressions in the same PutMetricAlarm - // operation, specify ReturnData as False. - ReturnData *bool `type:"boolean"` + // Stat is a required field + Stat *string `type:"string" required:"true"` + + // When you are using a Put operation, this defines what unit you want to use + // when storing the metric. + // + // In a Get operation, if you omit Unit then all data that was collected with + // any unit is returned, along with the corresponding units that were specified + // when the data was reported to CloudWatch. If you specify a unit, the operation + // returns only data that was collected with that unit specified. If you specify + // a unit that does not match the data collected, the results of the operation + // are null. CloudWatch does not perform unit conversions. + Unit *string `type:"string" enum:"StandardUnit"` } -// String returns the string representation -func (s MetricDataQuery) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStat) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricDataQuery) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStat) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *MetricDataQuery) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "MetricDataQuery"} - if s.Expression != nil && len(*s.Expression) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Expression", 1)) - } - if s.Id == nil { - invalidParams.Add(request.NewErrParamRequired("Id")) +func (s *MetricStat) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricStat"} + if s.Metric == nil { + invalidParams.Add(request.NewErrParamRequired("Metric")) } - if s.Id != nil && len(*s.Id) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + if s.Period == nil { + invalidParams.Add(request.NewErrParamRequired("Period")) } if s.Period != nil && *s.Period < 1 { invalidParams.Add(request.NewErrParamMinValue("Period", 1)) } - if s.MetricStat != nil { - if err := s.MetricStat.Validate(); err != nil { - invalidParams.AddNested("MetricStat", err.(request.ErrInvalidParams)) + if s.Stat == nil { + invalidParams.Add(request.NewErrParamRequired("Stat")) + } + if s.Metric != nil { + if err := s.Metric.Validate(); err != nil { + invalidParams.AddNested("Metric", err.(request.ErrInvalidParams)) } } @@ -6944,225 +9914,169 @@ func (s *MetricDataQuery) Validate() error { return nil } -// SetExpression sets the Expression field's value. -func (s *MetricDataQuery) SetExpression(v string) *MetricDataQuery { - s.Expression = &v - return s -} - -// SetId sets the Id field's value. -func (s *MetricDataQuery) SetId(v string) *MetricDataQuery { - s.Id = &v - return s -} - -// SetLabel sets the Label field's value. -func (s *MetricDataQuery) SetLabel(v string) *MetricDataQuery { - s.Label = &v +// SetMetric sets the Metric field's value. +func (s *MetricStat) SetMetric(v *Metric) *MetricStat { + s.Metric = v return s } -// SetMetricStat sets the MetricStat field's value. -func (s *MetricDataQuery) SetMetricStat(v *MetricStat) *MetricDataQuery { - s.MetricStat = v +// SetPeriod sets the Period field's value. +func (s *MetricStat) SetPeriod(v int64) *MetricStat { + s.Period = &v return s } -// SetPeriod sets the Period field's value. -func (s *MetricDataQuery) SetPeriod(v int64) *MetricDataQuery { - s.Period = &v +// SetStat sets the Stat field's value. +func (s *MetricStat) SetStat(v string) *MetricStat { + s.Stat = &v return s } -// SetReturnData sets the ReturnData field's value. -func (s *MetricDataQuery) SetReturnData(v bool) *MetricDataQuery { - s.ReturnData = &v +// SetUnit sets the Unit field's value. +func (s *MetricStat) SetUnit(v string) *MetricStat { + s.Unit = &v return s } -// A GetMetricData call returns an array of MetricDataResult structures. Each -// of these structures includes the data points for that metric, along with -// the timestamps of those data points and other identifying information. -type MetricDataResult struct { +// This structure contains the configuration information about one metric stream. +type MetricStreamEntry struct { _ struct{} `type:"structure"` - // The short name you specified to represent this metric. - Id *string `min:"1" type:"string"` + // The ARN of the metric stream. + Arn *string `min:"1" type:"string"` - // The human-readable label associated with the data. - Label *string `type:"string"` + // The date that the metric stream was originally created. + CreationDate *time.Time `type:"timestamp"` - // A list of messages with additional information about the data returned. - Messages []*MessageData `type:"list"` + // The ARN of the Kinesis Firehose devlivery stream that is used for this metric + // stream. + FirehoseArn *string `min:"1" type:"string"` - // The status of the returned data. Complete indicates that all data points - // in the requested time range were returned. PartialData means that an incomplete - // set of data points were returned. You can use the NextToken value that was - // returned and repeat your request to get more data points. NextToken is not - // returned if you are performing a math expression. InternalError indicates - // that an error occurred. Retry your request using NextToken, if present. - StatusCode *string `type:"string" enum:"StatusCode"` + // The date that the configuration of this metric stream was most recently updated. + LastUpdateDate *time.Time `type:"timestamp"` - // The timestamps for the data points, formatted in Unix timestamp format. The - // number of timestamps always matches the number of values and the value for - // Timestamps[x] is Values[x]. - Timestamps []*time.Time `type:"list"` + // The name of the metric stream. + Name *string `min:"1" type:"string"` - // The data points for the metric corresponding to Timestamps. The number of - // values always matches the number of timestamps and the timestamp for Values[x] - // is Timestamps[x]. - Values []*float64 `type:"list"` + // The output format of this metric stream. Valid values are json, opentelemetry1.0, + // and opentelemetry0.7. + OutputFormat *string `min:"1" type:"string" enum:"MetricStreamOutputFormat"` + + // The current state of this stream. Valid values are running and stopped. + State *string `type:"string"` } -// String returns the string representation -func (s MetricDataResult) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricDataResult) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamEntry) GoString() string { return s.String() } -// SetId sets the Id field's value. -func (s *MetricDataResult) SetId(v string) *MetricDataResult { - s.Id = &v +// SetArn sets the Arn field's value. +func (s *MetricStreamEntry) SetArn(v string) *MetricStreamEntry { + s.Arn = &v return s } -// SetLabel sets the Label field's value. -func (s *MetricDataResult) SetLabel(v string) *MetricDataResult { - s.Label = &v +// SetCreationDate sets the CreationDate field's value. +func (s *MetricStreamEntry) SetCreationDate(v time.Time) *MetricStreamEntry { + s.CreationDate = &v return s } -// SetMessages sets the Messages field's value. -func (s *MetricDataResult) SetMessages(v []*MessageData) *MetricDataResult { - s.Messages = v +// SetFirehoseArn sets the FirehoseArn field's value. +func (s *MetricStreamEntry) SetFirehoseArn(v string) *MetricStreamEntry { + s.FirehoseArn = &v return s } -// SetStatusCode sets the StatusCode field's value. -func (s *MetricDataResult) SetStatusCode(v string) *MetricDataResult { - s.StatusCode = &v +// SetLastUpdateDate sets the LastUpdateDate field's value. +func (s *MetricStreamEntry) SetLastUpdateDate(v time.Time) *MetricStreamEntry { + s.LastUpdateDate = &v return s } -// SetTimestamps sets the Timestamps field's value. -func (s *MetricDataResult) SetTimestamps(v []*time.Time) *MetricDataResult { - s.Timestamps = v +// SetName sets the Name field's value. +func (s *MetricStreamEntry) SetName(v string) *MetricStreamEntry { + s.Name = &v return s } -// SetValues sets the Values field's value. -func (s *MetricDataResult) SetValues(v []*float64) *MetricDataResult { - s.Values = v +// SetOutputFormat sets the OutputFormat field's value. +func (s *MetricStreamEntry) SetOutputFormat(v string) *MetricStreamEntry { + s.OutputFormat = &v return s } -// Encapsulates the information sent to either create a metric or add new values -// to be aggregated into an existing metric. -type MetricDatum struct { - _ struct{} `type:"structure"` - - // Array of numbers that is used along with the Values array. Each number in - // the Count array is the number of times the corresponding value in the Values - // array occurred during the period. - // - // If you omit the Counts array, the default of 1 is used as the value for each - // count. If you include a Counts array, it must include the same amount of - // values as the Values array. - Counts []*float64 `type:"list"` - - // The dimensions associated with the metric. - Dimensions []*Dimension `type:"list"` - - // The name of the metric. - // - // MetricName is a required field - MetricName *string `min:"1" type:"string" required:"true"` - - // The statistical values for the metric. - StatisticValues *StatisticSet `type:"structure"` - - // Valid values are 1 and 60. Setting this to 1 specifies this metric as a high-resolution - // metric, so that CloudWatch stores the metric with sub-minute resolution down - // to one second. Setting this to 60 specifies this metric as a regular-resolution - // metric, which CloudWatch stores at 1-minute resolution. Currently, high resolution - // is available only for custom metrics. For more information about high-resolution - // metrics, see High-Resolution Metrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#high-resolution-metrics) - // in the Amazon CloudWatch User Guide. - // - // This field is optional, if you do not specify it the default of 60 is used. - StorageResolution *int64 `min:"1" type:"integer"` +// SetState sets the State field's value. +func (s *MetricStreamEntry) SetState(v string) *MetricStreamEntry { + s.State = &v + return s +} - // The time the metric data was received, expressed as the number of milliseconds - // since Jan 1, 1970 00:00:00 UTC. - Timestamp *time.Time `type:"timestamp"` +// This structure contains a metric namespace and optionally, a list of metric +// names, to either include in a metric stream or exclude from a metric stream. +// +// A metric stream's filters can include up to 1000 total names. This limit +// applies to the sum of namespace names and metric names in the filters. For +// example, this could include 10 metric namespace filters with 99 metrics each, +// or 20 namespace filters with 49 metrics specified in each filter. +type MetricStreamFilter struct { + _ struct{} `type:"structure"` - // When you are using a Put operation, this defines what unit you want to use - // when storing the metric. + // The names of the metrics to either include or exclude from the metric stream. // - // In a Get operation, this displays the unit that is used for the metric. - Unit *string `type:"string" enum:"StandardUnit"` - - // The value for the metric. + // If you omit this parameter, all metrics in the namespace are included or + // excluded, depending on whether this filter is specified as an exclude filter + // or an include filter. // - // Although the parameter accepts numbers of type Double, CloudWatch rejects - // values that are either too small or too large. Values must be in the range - // of -2^360 to 2^360. In addition, special values (for example, NaN, +Infinity, - // -Infinity) are not supported. - Value *float64 `type:"double"` + // Each metric name can contain only ASCII printable characters (ASCII range + // 32 through 126). Each metric name must contain at least one non-whitespace + // character. + MetricNames []*string `type:"list"` - // Array of numbers representing the values for the metric during the period. - // Each unique value is listed just once in this array, and the corresponding - // number in the Counts array specifies the number of times that value occurred - // during the period. You can include up to 150 unique values in each PutMetricData - // action that specifies a Values array. + // The name of the metric namespace for this filter. // - // Although the Values array accepts numbers of type Double, CloudWatch rejects - // values that are either too small or too large. Values must be in the range - // of -2^360 to 2^360. In addition, special values (for example, NaN, +Infinity, - // -Infinity) are not supported. - Values []*float64 `type:"list"` + // The namespace can contain only ASCII printable characters (ASCII range 32 + // through 126). It must contain at least one non-whitespace character. + Namespace *string `min:"1" type:"string"` } -// String returns the string representation -func (s MetricDatum) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricDatum) GoString() string { - return s.String() -} - -// Validate inspects the fields of the type to determine if they are valid. -func (s *MetricDatum) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "MetricDatum"} - if s.MetricName == nil { - invalidParams.Add(request.NewErrParamRequired("MetricName")) - } - if s.MetricName != nil && len(*s.MetricName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) - } - if s.StorageResolution != nil && *s.StorageResolution < 1 { - invalidParams.Add(request.NewErrParamMinValue("StorageResolution", 1)) - } - if s.Dimensions != nil { - for i, v := range s.Dimensions { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Dimensions", i), err.(request.ErrInvalidParams)) - } - } - } - if s.StatisticValues != nil { - if err := s.StatisticValues.Validate(); err != nil { - invalidParams.AddNested("StatisticValues", err.(request.ErrInvalidParams)) - } +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamFilter) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MetricStreamFilter) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricStreamFilter"} + if s.Namespace != nil && len(*s.Namespace) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) } if invalidParams.Len() > 0 { @@ -7171,140 +10085,157 @@ func (s *MetricDatum) Validate() error { return nil } -// SetCounts sets the Counts field's value. -func (s *MetricDatum) SetCounts(v []*float64) *MetricDatum { - s.Counts = v +// SetMetricNames sets the MetricNames field's value. +func (s *MetricStreamFilter) SetMetricNames(v []*string) *MetricStreamFilter { + s.MetricNames = v return s } -// SetDimensions sets the Dimensions field's value. -func (s *MetricDatum) SetDimensions(v []*Dimension) *MetricDatum { - s.Dimensions = v +// SetNamespace sets the Namespace field's value. +func (s *MetricStreamFilter) SetNamespace(v string) *MetricStreamFilter { + s.Namespace = &v return s } -// SetMetricName sets the MetricName field's value. -func (s *MetricDatum) SetMetricName(v string) *MetricDatum { - s.MetricName = &v - return s -} +// By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT +// statistics for each metric that is streamed. This structure contains information +// for one metric that includes additional statistics in the stream. For more +// information about statistics, see CloudWatch, listed in CloudWatch statistics +// definitions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html.html). +type MetricStreamStatisticsConfiguration struct { + _ struct{} `type:"structure"` -// SetStatisticValues sets the StatisticValues field's value. -func (s *MetricDatum) SetStatisticValues(v *StatisticSet) *MetricDatum { - s.StatisticValues = v - return s + // The list of additional statistics that are to be streamed for the metrics + // listed in the IncludeMetrics array in this structure. This list can include + // as many as 20 statistics. + // + // If the OutputFormat for the stream is opentelemetry1.0 or opentelemetry0.7, + // the only valid values are p?? percentile statistics such as p90, p99 and + // so on. + // + // If the OutputFormat for the stream is json, the valid values include the + // abbreviations for all of the statistics listed in CloudWatch statistics definitions + // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html.html). + // For example, this includes tm98, wm90, PR(:300), and so on. + // + // AdditionalStatistics is a required field + AdditionalStatistics []*string `type:"list" required:"true"` + + // An array of metric name and namespace pairs that stream the additional statistics + // listed in the value of the AdditionalStatistics parameter. There can be as + // many as 100 pairs in the array. + // + // All metrics that match the combination of metric name and namespace will + // be streamed with the additional statistics, no matter their dimensions. + // + // IncludeMetrics is a required field + IncludeMetrics []*MetricStreamStatisticsMetric `type:"list" required:"true"` } -// SetStorageResolution sets the StorageResolution field's value. -func (s *MetricDatum) SetStorageResolution(v int64) *MetricDatum { - s.StorageResolution = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamStatisticsConfiguration) String() string { + return awsutil.Prettify(s) } -// SetTimestamp sets the Timestamp field's value. -func (s *MetricDatum) SetTimestamp(v time.Time) *MetricDatum { - s.Timestamp = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamStatisticsConfiguration) GoString() string { + return s.String() } -// SetUnit sets the Unit field's value. -func (s *MetricDatum) SetUnit(v string) *MetricDatum { - s.Unit = &v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *MetricStreamStatisticsConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricStreamStatisticsConfiguration"} + if s.AdditionalStatistics == nil { + invalidParams.Add(request.NewErrParamRequired("AdditionalStatistics")) + } + if s.IncludeMetrics == nil { + invalidParams.Add(request.NewErrParamRequired("IncludeMetrics")) + } + if s.IncludeMetrics != nil { + for i, v := range s.IncludeMetrics { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "IncludeMetrics", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetValue sets the Value field's value. -func (s *MetricDatum) SetValue(v float64) *MetricDatum { - s.Value = &v +// SetAdditionalStatistics sets the AdditionalStatistics field's value. +func (s *MetricStreamStatisticsConfiguration) SetAdditionalStatistics(v []*string) *MetricStreamStatisticsConfiguration { + s.AdditionalStatistics = v return s } -// SetValues sets the Values field's value. -func (s *MetricDatum) SetValues(v []*float64) *MetricDatum { - s.Values = v +// SetIncludeMetrics sets the IncludeMetrics field's value. +func (s *MetricStreamStatisticsConfiguration) SetIncludeMetrics(v []*MetricStreamStatisticsMetric) *MetricStreamStatisticsConfiguration { + s.IncludeMetrics = v return s } -// This structure defines the metric to be returned, along with the statistics, -// period, and units. -type MetricStat struct { +// This object contains the information for one metric that is to be streamed +// with additional statistics. +type MetricStreamStatisticsMetric struct { _ struct{} `type:"structure"` - // The metric to return, including the metric name, namespace, and dimensions. - // - // Metric is a required field - Metric *Metric `type:"structure" required:"true"` - - // The granularity, in seconds, of the returned data points. For metrics with - // regular resolution, a period can be as short as one minute (60 seconds) and - // must be a multiple of 60. For high-resolution metrics that are collected - // at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, - // or any multiple of 60. High-resolution metrics are those metrics stored by - // a PutMetricData call that includes a StorageResolution of 1 second. - // - // If the StartTime parameter specifies a time stamp that is greater than 3 - // hours ago, you must specify the period as follows or no data points in that - // time range is returned: - // - // * Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds - // (1 minute). - // - // * Start time between 15 and 63 days ago - Use a multiple of 300 seconds - // (5 minutes). - // - // * Start time greater than 63 days ago - Use a multiple of 3600 seconds - // (1 hour). - // - // Period is a required field - Period *int64 `min:"1" type:"integer" required:"true"` - - // The statistic to return. It can include any CloudWatch statistic or extended - // statistic. + // The name of the metric. // - // Stat is a required field - Stat *string `type:"string" required:"true"` + // MetricName is a required field + MetricName *string `min:"1" type:"string" required:"true"` - // When you are using a Put operation, this defines what unit you want to use - // when storing the metric. + // The namespace of the metric. // - // In a Get operation, if you omit Unit then all data that was collected with - // any unit is returned, along with the corresponding units that were specified - // when the data was reported to CloudWatch. If you specify a unit, the operation - // returns only data that was collected with that unit specified. If you specify - // a unit that does not match the data collected, the results of the operation - // are null. CloudWatch does not perform unit conversions. - Unit *string `type:"string" enum:"StandardUnit"` + // Namespace is a required field + Namespace *string `min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s MetricStat) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamStatisticsMetric) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricStat) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricStreamStatisticsMetric) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *MetricStat) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "MetricStat"} - if s.Metric == nil { - invalidParams.Add(request.NewErrParamRequired("Metric")) - } - if s.Period == nil { - invalidParams.Add(request.NewErrParamRequired("Period")) +func (s *MetricStreamStatisticsMetric) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricStreamStatisticsMetric"} + if s.MetricName == nil { + invalidParams.Add(request.NewErrParamRequired("MetricName")) } - if s.Period != nil && *s.Period < 1 { - invalidParams.Add(request.NewErrParamMinValue("Period", 1)) + if s.MetricName != nil && len(*s.MetricName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) } - if s.Stat == nil { - invalidParams.Add(request.NewErrParamRequired("Stat")) + if s.Namespace == nil { + invalidParams.Add(request.NewErrParamRequired("Namespace")) } - if s.Metric != nil { - if err := s.Metric.Validate(); err != nil { - invalidParams.AddNested("Metric", err.(request.ErrInvalidParams)) - } + if s.Namespace != nil && len(*s.Namespace) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) } if invalidParams.Len() > 0 { @@ -7313,27 +10244,15 @@ func (s *MetricStat) Validate() error { return nil } -// SetMetric sets the Metric field's value. -func (s *MetricStat) SetMetric(v *Metric) *MetricStat { - s.Metric = v - return s -} - -// SetPeriod sets the Period field's value. -func (s *MetricStat) SetPeriod(v int64) *MetricStat { - s.Period = &v - return s -} - -// SetStat sets the Stat field's value. -func (s *MetricStat) SetStat(v string) *MetricStat { - s.Stat = &v +// SetMetricName sets the MetricName field's value. +func (s *MetricStreamStatisticsMetric) SetMetricName(v string) *MetricStreamStatisticsMetric { + s.MetricName = &v return s } -// SetUnit sets the Unit field's value. -func (s *MetricStat) SetUnit(v string) *MetricStat { - s.Unit = &v +// SetNamespace sets the Namespace field's value. +func (s *MetricStreamStatisticsMetric) SetNamespace(v string) *MetricStreamStatisticsMetric { + s.Namespace = &v return s } @@ -7356,12 +10275,20 @@ type PartialFailure struct { FailureResource *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PartialFailure) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PartialFailure) GoString() string { return s.String() } @@ -7401,30 +10328,83 @@ type PutAnomalyDetectorInput struct { Configuration *AnomalyDetectorConfiguration `type:"structure"` // The metric dimensions to create the anomaly detection model for. - Dimensions []*Dimension `type:"list"` + // + // Deprecated: Use SingleMetricAnomalyDetector. + Dimensions []*Dimension `deprecated:"true" type:"list"` + + // Use this object to include parameters to provide information about your metric + // to CloudWatch to help it build more accurate anomaly detection models. Currently, + // it includes the PeriodicSpikes parameter. + MetricCharacteristics *MetricCharacteristics `type:"structure"` + + // The metric math anomaly detector to be created. + // + // When using MetricMathAnomalyDetector, you cannot include the following parameters + // in the same operation: + // + // * Dimensions + // + // * MetricName + // + // * Namespace + // + // * Stat + // + // * the SingleMetricAnomalyDetector parameters of PutAnomalyDetectorInput + // + // Instead, specify the metric math anomaly detector attributes as part of the + // property MetricMathAnomalyDetector. + MetricMathAnomalyDetector *MetricMathAnomalyDetector `type:"structure"` // The name of the metric to create the anomaly detection model for. // - // MetricName is a required field - MetricName *string `min:"1" type:"string" required:"true"` + // Deprecated: Use SingleMetricAnomalyDetector. + MetricName *string `min:"1" deprecated:"true" type:"string"` // The namespace of the metric to create the anomaly detection model for. // - // Namespace is a required field - Namespace *string `min:"1" type:"string" required:"true"` + // Deprecated: Use SingleMetricAnomalyDetector. + Namespace *string `min:"1" deprecated:"true" type:"string"` + + // A single metric anomaly detector to be created. + // + // When using SingleMetricAnomalyDetector, you cannot include the following + // parameters in the same operation: + // + // * Dimensions + // + // * MetricName + // + // * Namespace + // + // * Stat + // + // * the MetricMathAnomalyDetector parameters of PutAnomalyDetectorInput + // + // Instead, specify the single metric anomaly detector attributes as part of + // the property SingleMetricAnomalyDetector. + SingleMetricAnomalyDetector *SingleMetricAnomalyDetector `type:"structure"` // The statistic to use for the metric and the anomaly detection model. // - // Stat is a required field - Stat *string `type:"string" required:"true"` + // Deprecated: Use SingleMetricAnomalyDetector. + Stat *string `deprecated:"true" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutAnomalyDetectorInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutAnomalyDetectorInput) GoString() string { return s.String() } @@ -7432,21 +10412,12 @@ func (s PutAnomalyDetectorInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *PutAnomalyDetectorInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "PutAnomalyDetectorInput"} - if s.MetricName == nil { - invalidParams.Add(request.NewErrParamRequired("MetricName")) - } if s.MetricName != nil && len(*s.MetricName) < 1 { invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) } - if s.Namespace == nil { - invalidParams.Add(request.NewErrParamRequired("Namespace")) - } if s.Namespace != nil && len(*s.Namespace) < 1 { invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) } - if s.Stat == nil { - invalidParams.Add(request.NewErrParamRequired("Stat")) - } if s.Configuration != nil { if err := s.Configuration.Validate(); err != nil { invalidParams.AddNested("Configuration", err.(request.ErrInvalidParams)) @@ -7462,6 +10433,16 @@ func (s *PutAnomalyDetectorInput) Validate() error { } } } + if s.MetricMathAnomalyDetector != nil { + if err := s.MetricMathAnomalyDetector.Validate(); err != nil { + invalidParams.AddNested("MetricMathAnomalyDetector", err.(request.ErrInvalidParams)) + } + } + if s.SingleMetricAnomalyDetector != nil { + if err := s.SingleMetricAnomalyDetector.Validate(); err != nil { + invalidParams.AddNested("SingleMetricAnomalyDetector", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -7481,6 +10462,18 @@ func (s *PutAnomalyDetectorInput) SetDimensions(v []*Dimension) *PutAnomalyDetec return s } +// SetMetricCharacteristics sets the MetricCharacteristics field's value. +func (s *PutAnomalyDetectorInput) SetMetricCharacteristics(v *MetricCharacteristics) *PutAnomalyDetectorInput { + s.MetricCharacteristics = v + return s +} + +// SetMetricMathAnomalyDetector sets the MetricMathAnomalyDetector field's value. +func (s *PutAnomalyDetectorInput) SetMetricMathAnomalyDetector(v *MetricMathAnomalyDetector) *PutAnomalyDetectorInput { + s.MetricMathAnomalyDetector = v + return s +} + // SetMetricName sets the MetricName field's value. func (s *PutAnomalyDetectorInput) SetMetricName(v string) *PutAnomalyDetectorInput { s.MetricName = &v @@ -7493,6 +10486,12 @@ func (s *PutAnomalyDetectorInput) SetNamespace(v string) *PutAnomalyDetectorInpu return s } +// SetSingleMetricAnomalyDetector sets the SingleMetricAnomalyDetector field's value. +func (s *PutAnomalyDetectorInput) SetSingleMetricAnomalyDetector(v *SingleMetricAnomalyDetector) *PutAnomalyDetectorInput { + s.SingleMetricAnomalyDetector = v + return s +} + // SetStat sets the Stat field's value. func (s *PutAnomalyDetectorInput) SetStat(v string) *PutAnomalyDetectorInput { s.Stat = &v @@ -7503,12 +10502,20 @@ type PutAnomalyDetectorOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutAnomalyDetectorOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutAnomalyDetectorOutput) GoString() string { return s.String() } @@ -7520,10 +10527,45 @@ type PutCompositeAlarmInput struct { // state of the composite alarm. The default is TRUE. ActionsEnabled *bool `type:"boolean"` + // Actions will be suppressed if the suppressor alarm is in the ALARM state. + // ActionsSuppressor can be an AlarmName or an Amazon Resource Name (ARN) from + // an existing alarm. + ActionsSuppressor *string `min:"1" type:"string"` + + // The maximum time in seconds that the composite alarm waits after suppressor + // alarm goes out of the ALARM state. After this time, the composite alarm performs + // its actions. + // + // ExtensionPeriod is required only when ActionsSuppressor is specified. + ActionsSuppressorExtensionPeriod *int64 `type:"integer"` + + // The maximum time in seconds that the composite alarm waits for the suppressor + // alarm to go into the ALARM state. After this time, the composite alarm performs + // its actions. + // + // WaitPeriod is required only when ActionsSuppressor is specified. + ActionsSuppressorWaitPeriod *int64 `type:"integer"` + // The actions to execute when this alarm transitions to the ALARM state from // any other state. Each action is specified as an Amazon Resource Name (ARN). // - // Valid Values: arn:aws:sns:region:account-id:sns-topic-name | arn:aws:ssm:region:account-id:opsitem:severity + // Valid Values: ] + // + // Amazon SNS actions: + // + // arn:aws:sns:region:account-id:sns-topic-name + // + // Lambda actions: + // + // * Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name + // + // * Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number + // + // * Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name + // + // Systems Manager actions: + // + // arn:aws:ssm:region:account-id:opsitem:severity AlarmActions []*string `type:"list"` // The description for the composite alarm. @@ -7593,30 +10635,68 @@ type PutCompositeAlarmInput struct { // state from any other state. Each action is specified as an Amazon Resource // Name (ARN). // - // Valid Values: arn:aws:sns:region:account-id:sns-topic-name + // Valid Values: ] + // + // Amazon SNS actions: + // + // arn:aws:sns:region:account-id:sns-topic-name + // + // Lambda actions: + // + // * Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name + // + // * Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number + // + // * Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name InsufficientDataActions []*string `type:"list"` // The actions to execute when this alarm transitions to an OK state from any // other state. Each action is specified as an Amazon Resource Name (ARN). // - // Valid Values: arn:aws:sns:region:account-id:sns-topic-name + // Valid Values: ] + // + // Amazon SNS actions: + // + // arn:aws:sns:region:account-id:sns-topic-name + // + // Lambda actions: + // + // * Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name + // + // * Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number + // + // * Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name OKActions []*string `type:"list"` - // A list of key-value pairs to associate with the composite alarm. You can - // associate as many as 50 tags with an alarm. + // A list of key-value pairs to associate with the alarm. You can associate + // as many as 50 tags with an alarm. To be able to associate tags with the alarm + // when you create the alarm, you must have the cloudwatch:TagResource permission. // // Tags can help you organize and categorize your resources. You can also use - // them to scope user permissions, by granting a user permission to access or + // them to scope user permissions by granting a user permission to access or // change only resources with certain tag values. + // + // If you are using this operation to update an existing alarm, any tags you + // specify in this parameter are ignored. To change the tags of an existing + // alarm, use TagResource (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_TagResource.html) + // or UntagResource (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_UntagResource.html). Tags []*Tag `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutCompositeAlarmInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutCompositeAlarmInput) GoString() string { return s.String() } @@ -7624,6 +10704,9 @@ func (s PutCompositeAlarmInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *PutCompositeAlarmInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "PutCompositeAlarmInput"} + if s.ActionsSuppressor != nil && len(*s.ActionsSuppressor) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ActionsSuppressor", 1)) + } if s.AlarmName == nil { invalidParams.Add(request.NewErrParamRequired("AlarmName")) } @@ -7659,6 +10742,24 @@ func (s *PutCompositeAlarmInput) SetActionsEnabled(v bool) *PutCompositeAlarmInp return s } +// SetActionsSuppressor sets the ActionsSuppressor field's value. +func (s *PutCompositeAlarmInput) SetActionsSuppressor(v string) *PutCompositeAlarmInput { + s.ActionsSuppressor = &v + return s +} + +// SetActionsSuppressorExtensionPeriod sets the ActionsSuppressorExtensionPeriod field's value. +func (s *PutCompositeAlarmInput) SetActionsSuppressorExtensionPeriod(v int64) *PutCompositeAlarmInput { + s.ActionsSuppressorExtensionPeriod = &v + return s +} + +// SetActionsSuppressorWaitPeriod sets the ActionsSuppressorWaitPeriod field's value. +func (s *PutCompositeAlarmInput) SetActionsSuppressorWaitPeriod(v int64) *PutCompositeAlarmInput { + s.ActionsSuppressorWaitPeriod = &v + return s +} + // SetAlarmActions sets the AlarmActions field's value. func (s *PutCompositeAlarmInput) SetAlarmActions(v []*string) *PutCompositeAlarmInput { s.AlarmActions = v @@ -7705,12 +10806,20 @@ type PutCompositeAlarmOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutCompositeAlarmOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutCompositeAlarmOutput) GoString() string { return s.String() } @@ -7737,12 +10846,20 @@ type PutDashboardInput struct { DashboardName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutDashboardInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutDashboardInput) GoString() string { return s.String() } @@ -7790,12 +10907,20 @@ type PutDashboardOutput struct { DashboardValidationMessages []*DashboardValidationMessage `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutDashboardOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutDashboardOutput) GoString() string { return s.String() } @@ -7839,12 +10964,20 @@ type PutInsightRuleInput struct { Tags []*Tag `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutInsightRuleInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutInsightRuleInput) GoString() string { return s.String() } @@ -7912,16 +11045,111 @@ type PutInsightRuleOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutInsightRuleOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutInsightRuleOutput) GoString() string { return s.String() } +type PutManagedInsightRulesInput struct { + _ struct{} `type:"structure"` + + // A list of ManagedRules to enable. + // + // ManagedRules is a required field + ManagedRules []*ManagedRule `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutManagedInsightRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutManagedInsightRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutManagedInsightRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutManagedInsightRulesInput"} + if s.ManagedRules == nil { + invalidParams.Add(request.NewErrParamRequired("ManagedRules")) + } + if s.ManagedRules != nil { + for i, v := range s.ManagedRules { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ManagedRules", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetManagedRules sets the ManagedRules field's value. +func (s *PutManagedInsightRulesInput) SetManagedRules(v []*ManagedRule) *PutManagedInsightRulesInput { + s.ManagedRules = v + return s +} + +type PutManagedInsightRulesOutput struct { + _ struct{} `type:"structure"` + + // An array that lists the rules that could not be enabled. + Failures []*PartialFailure `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutManagedInsightRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutManagedInsightRulesOutput) GoString() string { + return s.String() +} + +// SetFailures sets the Failures field's value. +func (s *PutManagedInsightRulesOutput) SetFailures(v []*PartialFailure) *PutManagedInsightRulesOutput { + s.Failures = v + return s +} + type PutMetricAlarmInput struct { _ struct{} `type:"structure"` @@ -7931,15 +11159,47 @@ type PutMetricAlarmInput struct { // The actions to execute when this alarm transitions to the ALARM state from // any other state. Each action is specified as an Amazon Resource Name (ARN). + // Valid values: + // + // EC2 actions: + // + // * arn:aws:automate:region:ec2:stop + // + // * arn:aws:automate:region:ec2:terminate + // + // * arn:aws:automate:region:ec2:reboot + // + // * arn:aws:automate:region:ec2:recover + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0 + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0 + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0 + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Recover/1.0 + // + // Autoscaling action: + // + // * arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name // - // Valid Values: arn:aws:automate:region:ec2:stop | arn:aws:automate:region:ec2:terminate - // | arn:aws:automate:region:ec2:recover | arn:aws:automate:region:ec2:reboot - // | arn:aws:sns:region:account-id:sns-topic-name | arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name - // | arn:aws:ssm:region:account-id:opsitem:severity + // Lambda actions: // - // Valid Values (for use with IAM roles): arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0 - // | arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0 - // | arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0 + // * Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name + // + // * Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number + // + // * Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name + // + // SNS notification action: + // + // * arn:aws:sns:region:account-id:sns-topic-name + // + // SSM integration actions: + // + // * arn:aws:ssm:region:account-id:opsitem:severity#CATEGORY=category-name + // + // * arn:aws:ssm-incidents::account-id:responseplan/response-plan-name AlarmActions []*string `type:"list"` // The description for the alarm. @@ -7947,6 +11207,9 @@ type PutMetricAlarmInput struct { // The name for the alarm. This name must be unique within the Region. // + // The name must contain only UTF-8 characters, and can't contain ASCII control + // characters + // // AlarmName is a required field AlarmName *string `min:"1" type:"string" required:"true"` @@ -7990,32 +11253,90 @@ type PutMetricAlarmInput struct { // EvaluationPeriods is a required field EvaluationPeriods *int64 `min:"1" type:"integer" required:"true"` - // The percentile statistic for the metric specified in MetricName. Specify - // a value between p0.0 and p100. When you call PutMetricAlarm and specify a - // MetricName, you must specify either Statistic or ExtendedStatistic, but not - // both. + // The extended statistic for the metric specified in MetricName. When you call + // PutMetricAlarm and specify a MetricName, you must specify either Statistic + // or ExtendedStatistic but not both. + // + // If you specify ExtendedStatistic, the following are valid values: + // + // * p90 + // + // * tm90 + // + // * tc90 + // + // * ts90 + // + // * wm90 + // + // * IQM + // + // * PR(n:m) where n and m are values of the metric + // + // * TC(X%:X%) where X is between 10 and 90 inclusive. + // + // * TM(X%:X%) where X is between 10 and 90 inclusive. + // + // * TS(X%:X%) where X is between 10 and 90 inclusive. + // + // * WM(X%:X%) where X is between 10 and 90 inclusive. + // + // For more information about these extended statistics, see CloudWatch statistics + // definitions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html). ExtendedStatistic *string `type:"string"` // The actions to execute when this alarm transitions to the INSUFFICIENT_DATA // state from any other state. Each action is specified as an Amazon Resource - // Name (ARN). + // Name (ARN). Valid values: + // + // EC2 actions: + // + // * arn:aws:automate:region:ec2:stop + // + // * arn:aws:automate:region:ec2:terminate + // + // * arn:aws:automate:region:ec2:reboot + // + // * arn:aws:automate:region:ec2:recover + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0 + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0 + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0 + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Recover/1.0 + // + // Autoscaling action: // - // Valid Values: arn:aws:automate:region:ec2:stop | arn:aws:automate:region:ec2:terminate - // | arn:aws:automate:region:ec2:recover | arn:aws:automate:region:ec2:reboot - // | arn:aws:sns:region:account-id:sns-topic-name | arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name + // * arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name // - // Valid Values (for use with IAM roles): >arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0 - // | arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0 - // | arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0 + // Lambda actions: + // + // * Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name + // + // * Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number + // + // * Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name + // + // SNS notification action: + // + // * arn:aws:sns:region:account-id:sns-topic-name + // + // SSM integration actions: + // + // * arn:aws:ssm:region:account-id:opsitem:severity#CATEGORY=category-name + // + // * arn:aws:ssm-incidents::account-id:responseplan/response-plan-name InsufficientDataActions []*string `type:"list"` // The name for the metric associated with the alarm. For each PutMetricAlarm // operation, you must specify either MetricName or a Metrics array. // // If you are creating an alarm based on a math expression, you cannot specify - // this parameter, or any of the Dimensions, Period, Namespace, Statistic, or - // ExtendedStatistic parameters. Instead, you specify all this information in - // the Metrics array. + // this parameter, or any of the Namespace, Dimensions, Period, Unit, Statistic, + // or ExtendedStatistic parameters. Instead, you specify all this information + // in the Metrics array. MetricName *string `min:"1" type:"string"` // An array of MetricDataQuery structures that enable you to create an alarm @@ -8029,8 +11350,8 @@ type PutMetricAlarmInput struct { // designate this expression by setting ReturnData to true for this object in // the array. For more information, see MetricDataQuery (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDataQuery.html). // - // If you use the Metrics parameter, you cannot include the MetricName, Dimensions, - // Period, Namespace, Statistic, or ExtendedStatistic parameters of PutMetricAlarm + // If you use the Metrics parameter, you cannot include the Namespace, MetricName, + // Dimensions, Period, Unit, Statistic, or ExtendedStatistic parameters of PutMetricAlarm // in the same operation. Instead, you retrieve the metrics you are using in // your math expression as part of the Metrics array. Metrics []*MetricDataQuery `type:"list"` @@ -8039,15 +11360,48 @@ type PutMetricAlarmInput struct { Namespace *string `min:"1" type:"string"` // The actions to execute when this alarm transitions to an OK state from any - // other state. Each action is specified as an Amazon Resource Name (ARN). + // other state. Each action is specified as an Amazon Resource Name (ARN). Valid + // values: + // + // EC2 actions: + // + // * arn:aws:automate:region:ec2:stop + // + // * arn:aws:automate:region:ec2:terminate + // + // * arn:aws:automate:region:ec2:reboot + // + // * arn:aws:automate:region:ec2:recover + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0 + // + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0 // - // Valid Values: arn:aws:automate:region:ec2:stop | arn:aws:automate:region:ec2:terminate - // | arn:aws:automate:region:ec2:recover | arn:aws:automate:region:ec2:reboot - // | arn:aws:sns:region:account-id:sns-topic-name | arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0 // - // Valid Values (for use with IAM roles): arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0 - // | arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0 - // | arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0 + // * arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Recover/1.0 + // + // Autoscaling action: + // + // * arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name + // + // Lambda actions: + // + // * Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name + // + // * Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number + // + // * Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name + // + // SNS notification action: + // + // * arn:aws:sns:region:account-id:sns-topic-name + // + // SSM integration actions: + // + // * arn:aws:ssm:region:account-id:opsitem:severity#CATEGORY=category-name + // + // * arn:aws:ssm-incidents::account-id:responseplan/response-plan-name OKActions []*string `type:"list"` // The length, in seconds, used each time the metric specified in MetricName @@ -8078,7 +11432,8 @@ type PutMetricAlarmInput struct { Statistic *string `type:"string" enum:"Statistic"` // A list of key-value pairs to associate with the alarm. You can associate - // as many as 50 tags with an alarm. + // as many as 50 tags with an alarm. To be able to associate tags with the alarm + // when you create the alarm, you must have the cloudwatch:TagResource permission. // // Tags can help you organize and categorize your resources. You can also use // them to scope user permissions by granting a user permission to access or @@ -8110,6 +11465,11 @@ type PutMetricAlarmInput struct { // see Configuring How CloudWatch Alarms Treats Missing Data (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-missing-data). // // Valid Values: breaching | notBreaching | ignore | missing + // + // Alarms that evaluate metrics in the AWS/DynamoDB namespace always ignore + // missing data even if you choose a different option for TreatMissingData. + // When an AWS/DynamoDB metric has missing data, alarms that evaluate that metric + // remain in their current state. TreatMissingData *string `min:"1" type:"string"` // The unit of measure for the statistic. For example, the units for the Amazon @@ -8117,7 +11477,9 @@ type PutMetricAlarmInput struct { // that an instance receives on all network interfaces. You can also specify // a unit when you create a custom metric. Units help provide conceptual meaning // to your data. Metric data points that specify a unit of measure, such as - // Percent, are aggregated separately. + // Percent, are aggregated separately. If you are creating an alarm based on + // a metric math expression, you can specify the unit for each metric (if needed) + // within the objects in the Metrics array. // // If you don't specify Unit, CloudWatch retrieves all unit types that have // been published for the metric and attempts to evaluate the alarm. Usually, @@ -8125,7 +11487,7 @@ type PutMetricAlarmInput struct { // // However, if the metric is published with multiple types of units and you // don't specify a unit, the alarm's behavior is not defined and it behaves - // predictably. + // unpredictably. // // We recommend omitting Unit so that you don't inadvertently specify an incorrect // unit that is not published for this metric. Doing so causes the alarm to @@ -8133,12 +11495,20 @@ type PutMetricAlarmInput struct { Unit *string `type:"string" enum:"StandardUnit"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutMetricAlarmInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutMetricAlarmInput) GoString() string { return s.String() } @@ -8355,12 +11725,20 @@ type PutMetricAlarmOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutMetricAlarmOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutMetricAlarmOutput) GoString() string { return s.String() } @@ -8368,27 +11746,36 @@ func (s PutMetricAlarmOutput) GoString() string { type PutMetricDataInput struct { _ struct{} `type:"structure"` - // The data for the metric. The array can include no more than 20 metrics per - // call. + // The data for the metric. The array can include no more than 1000 metrics + // per call. // // MetricData is a required field MetricData []*MetricDatum `type:"list" required:"true"` - // The namespace for the metric data. + // The namespace for the metric data. You can use ASCII characters for the namespace, + // except for control characters which are not supported. // - // To avoid conflicts with AWS service namespaces, you should not specify a - // namespace that begins with AWS/ + // To avoid conflicts with Amazon Web Services service namespaces, you should + // not specify a namespace that begins with AWS/ // // Namespace is a required field Namespace *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutMetricDataInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutMetricDataInput) GoString() string { return s.String() } @@ -8402,16 +11789,227 @@ func (s *PutMetricDataInput) Validate() error { if s.Namespace == nil { invalidParams.Add(request.NewErrParamRequired("Namespace")) } - if s.Namespace != nil && len(*s.Namespace) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) + if s.Namespace != nil && len(*s.Namespace) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) + } + if s.MetricData != nil { + for i, v := range s.MetricData { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricData", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMetricData sets the MetricData field's value. +func (s *PutMetricDataInput) SetMetricData(v []*MetricDatum) *PutMetricDataInput { + s.MetricData = v + return s +} + +// SetNamespace sets the Namespace field's value. +func (s *PutMetricDataInput) SetNamespace(v string) *PutMetricDataInput { + s.Namespace = &v + return s +} + +type PutMetricDataOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricDataOutput) GoString() string { + return s.String() +} + +type PutMetricStreamInput struct { + _ struct{} `type:"structure"` + + // If you specify this parameter, the stream sends metrics from all metric namespaces + // except for the namespaces that you specify here. + // + // You cannot include ExcludeFilters and IncludeFilters in the same operation. + ExcludeFilters []*MetricStreamFilter `type:"list"` + + // The ARN of the Amazon Kinesis Data Firehose delivery stream to use for this + // metric stream. This Amazon Kinesis Data Firehose delivery stream must already + // exist and must be in the same account as the metric stream. + // + // FirehoseArn is a required field + FirehoseArn *string `min:"1" type:"string" required:"true"` + + // If you specify this parameter, the stream sends only the metrics from the + // metric namespaces that you specify here. + // + // You cannot include IncludeFilters and ExcludeFilters in the same operation. + IncludeFilters []*MetricStreamFilter `type:"list"` + + // If you are creating a metric stream in a monitoring account, specify true + // to include metrics from source accounts in the metric stream. + IncludeLinkedAccountsMetrics *bool `type:"boolean"` + + // If you are creating a new metric stream, this is the name for the new stream. + // The name must be different than the names of other metric streams in this + // account and Region. + // + // If you are updating a metric stream, specify the name of that stream here. + // + // Valid characters are A-Z, a-z, 0-9, "-" and "_". + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` + + // The output format for the stream. Valid values are json, opentelemetry1.0, + // and opentelemetry0.7. For more information about metric stream output formats, + // see Metric streams output formats (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html). + // + // OutputFormat is a required field + OutputFormat *string `min:"1" type:"string" required:"true" enum:"MetricStreamOutputFormat"` + + // The ARN of an IAM role that this metric stream will use to access Amazon + // Kinesis Data Firehose resources. This IAM role must already exist and must + // be in the same account as the metric stream. This IAM role must include the + // following permissions: + // + // * firehose:PutRecord + // + // * firehose:PutRecordBatch + // + // RoleArn is a required field + RoleArn *string `min:"1" type:"string" required:"true"` + + // By default, a metric stream always sends the MAX, MIN, SUM, and SAMPLECOUNT + // statistics for each metric that is streamed. You can use this parameter to + // have the metric stream also send additional statistics in the stream. This + // array can have up to 100 members. + // + // For each entry in this array, you specify one or more metrics and the list + // of additional statistics to stream for those metrics. The additional statistics + // that you can stream depend on the stream's OutputFormat. If the OutputFormat + // is json, you can stream any additional statistic that is supported by CloudWatch, + // listed in CloudWatch statistics definitions (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html.html). + // If the OutputFormat is opentelemetry1.0 or opentelemetry0.7, you can stream + // percentile statistics such as p95, p99.9, and so on. + StatisticsConfigurations []*MetricStreamStatisticsConfiguration `type:"list"` + + // A list of key-value pairs to associate with the metric stream. You can associate + // as many as 50 tags with a metric stream. + // + // Tags can help you organize and categorize your resources. You can also use + // them to scope user permissions by granting a user permission to access or + // change only resources with certain tag values. + // + // You can use this parameter only when you are creating a new metric stream. + // If you are using this operation to update an existing metric stream, any + // tags you specify in this parameter are ignored. To change the tags of an + // existing metric stream, use TagResource (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_TagResource.html) + // or UntagResource (https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_UntagResource.html). + Tags []*Tag `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricStreamInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricStreamInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutMetricStreamInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutMetricStreamInput"} + if s.FirehoseArn == nil { + invalidParams.Add(request.NewErrParamRequired("FirehoseArn")) + } + if s.FirehoseArn != nil && len(*s.FirehoseArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FirehoseArn", 1)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.OutputFormat == nil { + invalidParams.Add(request.NewErrParamRequired("OutputFormat")) + } + if s.OutputFormat != nil && len(*s.OutputFormat) < 1 { + invalidParams.Add(request.NewErrParamMinLen("OutputFormat", 1)) + } + if s.RoleArn == nil { + invalidParams.Add(request.NewErrParamRequired("RoleArn")) + } + if s.RoleArn != nil && len(*s.RoleArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1)) + } + if s.ExcludeFilters != nil { + for i, v := range s.ExcludeFilters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ExcludeFilters", i), err.(request.ErrInvalidParams)) + } + } + } + if s.IncludeFilters != nil { + for i, v := range s.IncludeFilters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "IncludeFilters", i), err.(request.ErrInvalidParams)) + } + } + } + if s.StatisticsConfigurations != nil { + for i, v := range s.StatisticsConfigurations { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StatisticsConfigurations", i), err.(request.ErrInvalidParams)) + } + } } - if s.MetricData != nil { - for i, v := range s.MetricData { + if s.Tags != nil { + for i, v := range s.Tags { if v == nil { continue } if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricData", i), err.(request.ErrInvalidParams)) + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) } } } @@ -8422,32 +12020,91 @@ func (s *PutMetricDataInput) Validate() error { return nil } -// SetMetricData sets the MetricData field's value. -func (s *PutMetricDataInput) SetMetricData(v []*MetricDatum) *PutMetricDataInput { - s.MetricData = v +// SetExcludeFilters sets the ExcludeFilters field's value. +func (s *PutMetricStreamInput) SetExcludeFilters(v []*MetricStreamFilter) *PutMetricStreamInput { + s.ExcludeFilters = v return s } -// SetNamespace sets the Namespace field's value. -func (s *PutMetricDataInput) SetNamespace(v string) *PutMetricDataInput { - s.Namespace = &v +// SetFirehoseArn sets the FirehoseArn field's value. +func (s *PutMetricStreamInput) SetFirehoseArn(v string) *PutMetricStreamInput { + s.FirehoseArn = &v return s } -type PutMetricDataOutput struct { +// SetIncludeFilters sets the IncludeFilters field's value. +func (s *PutMetricStreamInput) SetIncludeFilters(v []*MetricStreamFilter) *PutMetricStreamInput { + s.IncludeFilters = v + return s +} + +// SetIncludeLinkedAccountsMetrics sets the IncludeLinkedAccountsMetrics field's value. +func (s *PutMetricStreamInput) SetIncludeLinkedAccountsMetrics(v bool) *PutMetricStreamInput { + s.IncludeLinkedAccountsMetrics = &v + return s +} + +// SetName sets the Name field's value. +func (s *PutMetricStreamInput) SetName(v string) *PutMetricStreamInput { + s.Name = &v + return s +} + +// SetOutputFormat sets the OutputFormat field's value. +func (s *PutMetricStreamInput) SetOutputFormat(v string) *PutMetricStreamInput { + s.OutputFormat = &v + return s +} + +// SetRoleArn sets the RoleArn field's value. +func (s *PutMetricStreamInput) SetRoleArn(v string) *PutMetricStreamInput { + s.RoleArn = &v + return s +} + +// SetStatisticsConfigurations sets the StatisticsConfigurations field's value. +func (s *PutMetricStreamInput) SetStatisticsConfigurations(v []*MetricStreamStatisticsConfiguration) *PutMetricStreamInput { + s.StatisticsConfigurations = v + return s +} + +// SetTags sets the Tags field's value. +func (s *PutMetricStreamInput) SetTags(v []*Tag) *PutMetricStreamInput { + s.Tags = v + return s +} + +type PutMetricStreamOutput struct { _ struct{} `type:"structure"` + + // The ARN of the metric stream. + Arn *string `min:"1" type:"string"` } -// String returns the string representation -func (s PutMetricDataOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricStreamOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutMetricDataOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricStreamOutput) GoString() string { return s.String() } +// SetArn sets the Arn field's value. +func (s *PutMetricStreamOutput) SetArn(v string) *PutMetricStreamOutput { + s.Arn = &v + return s +} + // Specifies one range of days or times to exclude from use for training an // anomaly detection model. type Range struct { @@ -8466,12 +12123,20 @@ type Range struct { StartTime *time.Time `type:"timestamp" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Range) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Range) GoString() string { return s.String() } @@ -8530,12 +12195,20 @@ type SetAlarmStateInput struct { StateValue *string `type:"string" required:"true" enum:"StateValue"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SetAlarmStateInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SetAlarmStateInput) GoString() string { return s.String() } @@ -8590,16 +12263,198 @@ type SetAlarmStateOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SetAlarmStateOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SetAlarmStateOutput) GoString() string { return s.String() } +// Designates the CloudWatch metric and statistic that provides the time series +// the anomaly detector uses as input. If you have enabled unified cross-account +// observability, and this account is a monitoring account, the metric can be +// in the same account or a source account. +type SingleMetricAnomalyDetector struct { + _ struct{} `type:"structure"` + + // If the CloudWatch metric that provides the time series that the anomaly detector + // uses as input is in another account, specify that account ID here. If you + // omit this parameter, the current account is used. + AccountId *string `min:"1" type:"string"` + + // The metric dimensions to create the anomaly detection model for. + Dimensions []*Dimension `type:"list"` + + // The name of the metric to create the anomaly detection model for. + MetricName *string `min:"1" type:"string"` + + // The namespace of the metric to create the anomaly detection model for. + Namespace *string `min:"1" type:"string"` + + // The statistic to use for the metric and anomaly detection model. + Stat *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SingleMetricAnomalyDetector) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SingleMetricAnomalyDetector) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SingleMetricAnomalyDetector) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SingleMetricAnomalyDetector"} + if s.AccountId != nil && len(*s.AccountId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AccountId", 1)) + } + if s.MetricName != nil && len(*s.MetricName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MetricName", 1)) + } + if s.Namespace != nil && len(*s.Namespace) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Namespace", 1)) + } + if s.Dimensions != nil { + for i, v := range s.Dimensions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Dimensions", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountId sets the AccountId field's value. +func (s *SingleMetricAnomalyDetector) SetAccountId(v string) *SingleMetricAnomalyDetector { + s.AccountId = &v + return s +} + +// SetDimensions sets the Dimensions field's value. +func (s *SingleMetricAnomalyDetector) SetDimensions(v []*Dimension) *SingleMetricAnomalyDetector { + s.Dimensions = v + return s +} + +// SetMetricName sets the MetricName field's value. +func (s *SingleMetricAnomalyDetector) SetMetricName(v string) *SingleMetricAnomalyDetector { + s.MetricName = &v + return s +} + +// SetNamespace sets the Namespace field's value. +func (s *SingleMetricAnomalyDetector) SetNamespace(v string) *SingleMetricAnomalyDetector { + s.Namespace = &v + return s +} + +// SetStat sets the Stat field's value. +func (s *SingleMetricAnomalyDetector) SetStat(v string) *SingleMetricAnomalyDetector { + s.Stat = &v + return s +} + +type StartMetricStreamsInput struct { + _ struct{} `type:"structure"` + + // The array of the names of metric streams to start streaming. + // + // This is an "all or nothing" operation. If you do not have permission to access + // all of the metric streams that you list here, then none of the streams that + // you list in the operation will start streaming. + // + // Names is a required field + Names []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMetricStreamsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMetricStreamsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartMetricStreamsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartMetricStreamsInput"} + if s.Names == nil { + invalidParams.Add(request.NewErrParamRequired("Names")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNames sets the Names field's value. +func (s *StartMetricStreamsInput) SetNames(v []*string) *StartMetricStreamsInput { + s.Names = v + return s +} + +type StartMetricStreamsOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMetricStreamsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartMetricStreamsOutput) GoString() string { + return s.String() +} + // Represents a set of statistics that describes a specific metric. type StatisticSet struct { _ struct{} `type:"structure"` @@ -8625,12 +12480,20 @@ type StatisticSet struct { Sum *float64 `type:"double" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StatisticSet) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StatisticSet) GoString() string { return s.String() } @@ -8681,6 +12544,78 @@ func (s *StatisticSet) SetSum(v float64) *StatisticSet { return s } +type StopMetricStreamsInput struct { + _ struct{} `type:"structure"` + + // The array of the names of metric streams to stop streaming. + // + // This is an "all or nothing" operation. If you do not have permission to access + // all of the metric streams that you list here, then none of the streams that + // you list in the operation will stop streaming. + // + // Names is a required field + Names []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopMetricStreamsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopMetricStreamsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StopMetricStreamsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StopMetricStreamsInput"} + if s.Names == nil { + invalidParams.Add(request.NewErrParamRequired("Names")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNames sets the Names field's value. +func (s *StopMetricStreamsInput) SetNames(v []*string) *StopMetricStreamsInput { + s.Names = v + return s +} + +type StopMetricStreamsOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopMetricStreamsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopMetricStreamsOutput) GoString() string { + return s.String() +} + // A key-value pair associated with a CloudWatch resource. type Tag struct { _ struct{} `type:"structure"` @@ -8697,12 +12632,20 @@ type Tag struct { Value *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) GoString() string { return s.String() } @@ -8745,7 +12688,7 @@ type TagResourceInput struct { // // The ARN format of an alarm is arn:aws:cloudwatch:Region:account-id:alarm:alarm-name // - // The ARN format of a Contributor Insights rule is arn:aws:cloudwatch:Region:account-id:insight-rule:insight-rule-name + // The ARN format of a Contributor Insights rule is arn:aws:cloudwatch:Region:account-id:insight-rule/insight-rule-name // // For more information about ARN format, see Resource Types Defined by Amazon // CloudWatch (https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html#amazoncloudwatch-resources-for-iam-policies) @@ -8760,12 +12703,20 @@ type TagResourceInput struct { Tags []*Tag `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TagResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TagResourceInput) GoString() string { return s.String() } @@ -8815,12 +12766,20 @@ type TagResourceOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TagResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TagResourceOutput) GoString() string { return s.String() } @@ -8832,7 +12791,7 @@ type UntagResourceInput struct { // // The ARN format of an alarm is arn:aws:cloudwatch:Region:account-id:alarm:alarm-name // - // The ARN format of a Contributor Insights rule is arn:aws:cloudwatch:Region:account-id:insight-rule:insight-rule-name + // The ARN format of a Contributor Insights rule is arn:aws:cloudwatch:Region:account-id:insight-rule/insight-rule-name // // For more information about ARN format, see Resource Types Defined by Amazon // CloudWatch (https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazoncloudwatch.html#amazoncloudwatch-resources-for-iam-policies) @@ -8847,12 +12806,20 @@ type UntagResourceInput struct { TagKeys []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UntagResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UntagResourceInput) GoString() string { return s.String() } @@ -8892,16 +12859,44 @@ type UntagResourceOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UntagResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UntagResourceOutput) GoString() string { return s.String() } +const ( + // ActionsSuppressedByWaitPeriod is a ActionsSuppressedBy enum value + ActionsSuppressedByWaitPeriod = "WaitPeriod" + + // ActionsSuppressedByExtensionPeriod is a ActionsSuppressedBy enum value + ActionsSuppressedByExtensionPeriod = "ExtensionPeriod" + + // ActionsSuppressedByAlarm is a ActionsSuppressedBy enum value + ActionsSuppressedByAlarm = "Alarm" +) + +// ActionsSuppressedBy_Values returns all elements of the ActionsSuppressedBy enum +func ActionsSuppressedBy_Values() []string { + return []string{ + ActionsSuppressedByWaitPeriod, + ActionsSuppressedByExtensionPeriod, + ActionsSuppressedByAlarm, + } +} + const ( // AlarmTypeCompositeAlarm is a AlarmType enum value AlarmTypeCompositeAlarm = "CompositeAlarm" @@ -8938,6 +12933,22 @@ func AnomalyDetectorStateValue_Values() []string { } } +const ( + // AnomalyDetectorTypeSingleMetric is a AnomalyDetectorType enum value + AnomalyDetectorTypeSingleMetric = "SINGLE_METRIC" + + // AnomalyDetectorTypeMetricMath is a AnomalyDetectorType enum value + AnomalyDetectorTypeMetricMath = "METRIC_MATH" +) + +// AnomalyDetectorType_Values returns all elements of the AnomalyDetectorType enum +func AnomalyDetectorType_Values() []string { + return []string{ + AnomalyDetectorTypeSingleMetric, + AnomalyDetectorTypeMetricMath, + } +} + const ( // ComparisonOperatorGreaterThanOrEqualToThreshold is a ComparisonOperator enum value ComparisonOperatorGreaterThanOrEqualToThreshold = "GreaterThanOrEqualToThreshold" @@ -8974,6 +12985,18 @@ func ComparisonOperator_Values() []string { } } +const ( + // EvaluationStatePartialData is a EvaluationState enum value + EvaluationStatePartialData = "PARTIAL_DATA" +) + +// EvaluationState_Values returns all elements of the EvaluationState enum +func EvaluationState_Values() []string { + return []string{ + EvaluationStatePartialData, + } +} + const ( // HistoryItemTypeConfigurationUpdate is a HistoryItemType enum value HistoryItemTypeConfigurationUpdate = "ConfigurationUpdate" @@ -8994,6 +13017,26 @@ func HistoryItemType_Values() []string { } } +const ( + // MetricStreamOutputFormatJson is a MetricStreamOutputFormat enum value + MetricStreamOutputFormatJson = "json" + + // MetricStreamOutputFormatOpentelemetry07 is a MetricStreamOutputFormat enum value + MetricStreamOutputFormatOpentelemetry07 = "opentelemetry0.7" + + // MetricStreamOutputFormatOpentelemetry10 is a MetricStreamOutputFormat enum value + MetricStreamOutputFormatOpentelemetry10 = "opentelemetry1.0" +) + +// MetricStreamOutputFormat_Values returns all elements of the MetricStreamOutputFormat enum +func MetricStreamOutputFormat_Values() []string { + return []string{ + MetricStreamOutputFormatJson, + MetricStreamOutputFormatOpentelemetry07, + MetricStreamOutputFormatOpentelemetry10, + } +} + const ( // RecentlyActivePt3h is a RecentlyActive enum value RecentlyActivePt3h = "PT3H" @@ -9195,6 +13238,9 @@ const ( // StatusCodePartialData is a StatusCode enum value StatusCodePartialData = "PartialData" + + // StatusCodeForbidden is a StatusCode enum value + StatusCodeForbidden = "Forbidden" ) // StatusCode_Values returns all elements of the StatusCode enum @@ -9203,5 +13249,6 @@ func StatusCode_Values() []string { StatusCodeComplete, StatusCodeInternalError, StatusCodePartialData, + StatusCodeForbidden, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/customizations.go new file mode 100644 index 000000000..4c8ec0c0e --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/customizations.go @@ -0,0 +1,19 @@ +package cloudwatch + +import ( + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/internal/encoding/gzip" +) + +// WithGzipRequest is a request.Option that adds a request handler to the Build +// stage of the operation's pipeline that will content-encoding GZIP the +// request payload before sending it to the API. This will buffer the request +// payload in memory, GZIP it, and reassign the GZIP'ed payload as the new +// request payload. +// +// GZIP may not be supported by all API operations. See API's documentation for +// the operation your using to see if GZIP request payload is supported. +// https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html +func WithGzipRequest(r *request.Request) { + r.Handlers.Build.PushBackNamed(gzip.NewGzipRequestHandler()) +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/doc.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/doc.go index 662023540..deffff1b0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/doc.go @@ -3,10 +3,10 @@ // Package cloudwatch provides the client and types for making API // requests to Amazon CloudWatch. // -// Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the -// applications you run on AWS in real time. You can use CloudWatch to collect -// and track metrics, which are the variables you want to measure for your resources -// and applications. +// Amazon CloudWatch monitors your Amazon Web Services (Amazon Web Services) +// resources and the applications you run on Amazon Web Services in real time. +// You can use CloudWatch to collect and track metrics, which are the variables +// you want to measure for your resources and applications. // // CloudWatch alarms send notifications or automatically change the resources // you are monitoring based on rules that you define. For example, you can monitor @@ -15,16 +15,17 @@ // to handle increased load. You can also use this data to stop under-used instances // to save money. // -// In addition to monitoring the built-in metrics that come with AWS, you can -// monitor your own custom metrics. With CloudWatch, you gain system-wide visibility -// into resource utilization, application performance, and operational health. +// In addition to monitoring the built-in metrics that come with Amazon Web +// Services, you can monitor your own custom metrics. With CloudWatch, you gain +// system-wide visibility into resource utilization, application performance, +// and operational health. // // See https://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01 for more information on this service. // // See cloudwatch package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/cloudwatch/ // -// Using the Client +// # Using the Client // // To contact Amazon CloudWatch with the SDK use the New function to create // a new service client. With that client you can make API requests to the service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/service.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/service.go index c926b57c8..fe843fede 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatch/service.go @@ -39,31 +39,37 @@ const ( // aws.Config parameter to add your extra config. // // Example: -// mySession := session.Must(session.NewSession()) // -// // Create a CloudWatch client from just a session. -// svc := cloudwatch.New(mySession) +// mySession := session.Must(session.NewSession()) // -// // Create a CloudWatch client with additional configuration -// svc := cloudwatch.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +// // Create a CloudWatch client from just a session. +// svc := cloudwatch.New(mySession) +// +// // Create a CloudWatch client with additional configuration +// svc := cloudwatch.New(mySession, aws.NewConfig().WithRegion("us-west-2")) func New(p client.ConfigProvider, cfgs ...*aws.Config) *CloudWatch { c := p.ClientConfig(EndpointsID, cfgs...) - return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = EndpointsID + // No Fallback + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } // newClient creates, initializes and returns a new service client instance. -func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *CloudWatch { +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *CloudWatch { svc := &CloudWatch{ Client: client.New( cfg, metadata.ClientInfo{ - ServiceName: ServiceName, - ServiceID: ServiceID, - SigningName: signingName, - SigningRegion: signingRegion, - PartitionID: partitionID, - Endpoint: endpoint, - APIVersion: "2010-08-01", + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2010-08-01", + ResolvedRegion: resolvedRegion, }, handlers, ), diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go index 5deb41731..93f1dca6f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/api.go @@ -3,13 +3,22 @@ package cloudwatchlogs import ( + "bytes" "fmt" + "io" + "sync" + "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/eventstream" + "github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi" "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" + "github.com/aws/aws-sdk-go/private/protocol/rest" ) const opAssociateKmsKey = "AssociateKmsKey" @@ -28,14 +37,13 @@ const opAssociateKmsKey = "AssociateKmsKey" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AssociateKmsKeyRequest method. +// req, resp := client.AssociateKmsKeyRequest(params) // -// // Example sending a request using the AssociateKmsKeyRequest method. -// req, resp := client.AssociateKmsKeyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AssociateKmsKey func (c *CloudWatchLogs) AssociateKmsKeyRequest(input *AssociateKmsKeyInput) (req *request.Request, output *AssociateKmsKeyOutput) { @@ -57,24 +65,50 @@ func (c *CloudWatchLogs) AssociateKmsKeyRequest(input *AssociateKmsKeyInput) (re // AssociateKmsKey API operation for Amazon CloudWatch Logs. // -// Associates the specified AWS Key Management Service (AWS KMS) customer master -// key (CMK) with the specified log group. -// -// Associating an AWS KMS CMK with a log group overrides any existing associations -// between the log group and a CMK. After a CMK is associated with a log group, -// all newly ingested data for the log group is encrypted using the CMK. This -// association is stored as long as the data encrypted with the CMK is still -// within Amazon CloudWatch Logs. This enables Amazon CloudWatch Logs to decrypt -// this data whenever it is requested. -// -// CloudWatch Logs supports only symmetric CMKs. Do not use an associate an -// asymmetric CMK with your log group. For more information, see Using Symmetric -// and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html). +// Associates the specified KMS key with either one log group in the account, +// or with all stored CloudWatch Logs query insights results in the account. +// +// When you use AssociateKmsKey, you specify either the logGroupName parameter +// or the resourceIdentifier parameter. You can't specify both of those parameters +// in the same operation. +// +// - Specify the logGroupName parameter to cause all log events stored in +// the log group to be encrypted with that key. Only the log events ingested +// after the key is associated are encrypted with that key. Associating a +// KMS key with a log group overrides any existing associations between the +// log group and a KMS key. After a KMS key is associated with a log group, +// all newly ingested data for the log group is encrypted using the KMS key. +// This association is stored as long as the data encrypted with the KMS +// key is still within CloudWatch Logs. This enables CloudWatch Logs to decrypt +// this data whenever it is requested. Associating a key with a log group +// does not cause the results of queries of that log group to be encrypted +// with that key. To have query results encrypted with a KMS key, you must +// use an AssociateKmsKey operation with the resourceIdentifier parameter +// that specifies a query-result resource. +// +// - Specify the resourceIdentifier parameter with a query-result resource, +// to use that key to encrypt the stored results of all future StartQuery +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html) +// operations in the account. The response from a GetQueryResults (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html) +// operation will still return the query results in plain text. Even if you +// have not associated a key with your query results, the query results are +// encrypted when stored, using the default CloudWatch Logs method. If you +// run a query from a monitoring account that queries logs in a source account, +// the query results key from the monitoring account, if any, is used. +// +// If you delete the key that is used to encrypt log events or log group query +// results, then all the associated stored log events or query results that +// were encrypted with that key will be unencryptable and unusable. +// +// CloudWatch Logs supports only symmetric KMS keys. Do not use an associate +// an asymmetric KMS key with your log group or query results. For more information, +// see Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html). // // It can take up to 5 minutes for this operation to take effect. // -// If you attempt to associate a CMK with a log group but the CMK does not exist -// or the CMK is disabled, you receive an InvalidParameterException error. +// If you attempt to associate a KMS key with a log group but the KMS key does +// not exist or the KMS key is disabled, you receive an InvalidParameterException +// error. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -84,17 +118,18 @@ func (c *CloudWatchLogs) AssociateKmsKeyRequest(input *AssociateKmsKeyInput) (re // API operation AssociateKmsKey for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AssociateKmsKey func (c *CloudWatchLogs) AssociateKmsKey(input *AssociateKmsKeyInput) (*AssociateKmsKeyOutput, error) { @@ -134,14 +169,13 @@ const opCancelExportTask = "CancelExportTask" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CancelExportTaskRequest method. +// req, resp := client.CancelExportTaskRequest(params) // -// // Example sending a request using the CancelExportTaskRequest method. -// req, resp := client.CancelExportTaskRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CancelExportTask func (c *CloudWatchLogs) CancelExportTaskRequest(input *CancelExportTaskInput) (req *request.Request, output *CancelExportTaskOutput) { @@ -175,17 +209,18 @@ func (c *CloudWatchLogs) CancelExportTaskRequest(input *CancelExportTaskInput) ( // API operation CancelExportTask for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. // -// * InvalidOperationException -// The operation is not valid on the specified resource. +// - InvalidOperationException +// The operation is not valid on the specified resource. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CancelExportTask func (c *CloudWatchLogs) CancelExportTask(input *CancelExportTaskInput) (*CancelExportTaskOutput, error) { @@ -209,6 +244,137 @@ func (c *CloudWatchLogs) CancelExportTaskWithContext(ctx aws.Context, input *Can return out, req.Send() } +const opCreateDelivery = "CreateDelivery" + +// CreateDeliveryRequest generates a "aws/request.Request" representing the +// client's request for the CreateDelivery operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateDelivery for more information on using the CreateDelivery +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateDeliveryRequest method. +// req, resp := client.CreateDeliveryRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateDelivery +func (c *CloudWatchLogs) CreateDeliveryRequest(input *CreateDeliveryInput) (req *request.Request, output *CreateDeliveryOutput) { + op := &request.Operation{ + Name: opCreateDelivery, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateDeliveryInput{} + } + + output = &CreateDeliveryOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateDelivery API operation for Amazon CloudWatch Logs. +// +// Creates a delivery. A delivery is a connection between a logical delivery +// source and a logical delivery destination that you have already created. +// +// Only some Amazon Web Services services support being configured as a delivery +// source using this operation. These services are listed as Supported [V2 Permissions] +// in the table at Enabling logging from Amazon Web Services services. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) +// +// A delivery destination can represent a log group in CloudWatch Logs, an Amazon +// S3 bucket, or a delivery stream in Firehose. +// +// To configure logs delivery between a supported Amazon Web Services service +// and a destination, you must do the following: +// +// - Create a delivery source, which is a logical object that represents +// the resource that is actually sending the logs. For more information, +// see PutDeliverySource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html). +// +// - Create a delivery destination, which is a logical object that represents +// the actual delivery destination. For more information, see PutDeliveryDestination +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html). +// +// - If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) +// in the destination account to assign an IAM policy to the destination. +// This policy allows delivery to that destination. +// +// - Use CreateDelivery to create a delivery by pairing exactly one delivery +// source and one delivery destination. +// +// You can configure a single delivery source to send logs to multiple destinations +// by creating multiple deliveries. You can also create multiple deliveries +// to configure multiple delivery sources to send logs to the same delivery +// destination. +// +// You can't update an existing delivery. You can only create and delete deliveries. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation CreateDelivery for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ConflictException +// This operation attempted to create a resource that already exists. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ValidationException +// One of the parameters for the request is not valid. +// +// - AccessDeniedException +// You don't have sufficient permissions to perform this action. +// +// - ServiceQuotaExceededException +// This request exceeds a service quota. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateDelivery +func (c *CloudWatchLogs) CreateDelivery(input *CreateDeliveryInput) (*CreateDeliveryOutput, error) { + req, out := c.CreateDeliveryRequest(input) + return out, req.Send() +} + +// CreateDeliveryWithContext is the same as CreateDelivery with the addition of +// the ability to pass a context and additional request options. +// +// See CreateDelivery for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) CreateDeliveryWithContext(ctx aws.Context, input *CreateDeliveryInput, opts ...request.Option) (*CreateDeliveryOutput, error) { + req, out := c.CreateDeliveryRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateExportTask = "CreateExportTask" // CreateExportTaskRequest generates a "aws/request.Request" representing the @@ -225,14 +391,13 @@ const opCreateExportTask = "CreateExportTask" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateExportTaskRequest method. +// req, resp := client.CreateExportTaskRequest(params) // -// // Example sending a request using the CreateExportTaskRequest method. -// req, resp := client.CreateExportTaskRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateExportTask func (c *CloudWatchLogs) CreateExportTaskRequest(input *CreateExportTaskInput) (req *request.Request, output *CreateExportTaskOutput) { @@ -253,11 +418,17 @@ func (c *CloudWatchLogs) CreateExportTaskRequest(input *CreateExportTaskInput) ( // CreateExportTask API operation for Amazon CloudWatch Logs. // -// Creates an export task, which allows you to efficiently export data from -// a log group to an Amazon S3 bucket. When you perform a CreateExportTask operation, +// Creates an export task so that you can efficiently export data from a log +// group to an Amazon S3 bucket. When you perform a CreateExportTask operation, // you must use credentials that have permission to write to the S3 bucket that // you specify as the destination. // +// Exporting log data to S3 buckets that are encrypted by KMS is supported. +// Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled +// with a retention period is also supported. +// +// Exporting to S3 buckets that are encrypted with AES-256 is supported. +// // This is an asynchronous call. If all the required information is provided, // this operation initiates an export task and responds with the ID of the task. // After the task has started, you can use DescribeExportTasks (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html) @@ -266,11 +437,11 @@ func (c *CloudWatchLogs) CreateExportTaskRequest(input *CreateExportTaskInput) ( // CancelExportTask (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html). // // You can export logs from multiple log groups or multiple time ranges to the -// same S3 bucket. To separate out log data for each export task, you can specify -// a prefix to be used as the Amazon S3 key prefix for all exported objects. +// same S3 bucket. To separate log data for each export task, specify a prefix +// to be used as the Amazon S3 key prefix for all exported objects. // -// Exporting to S3 buckets that are encrypted with AES-256 is supported. Exporting -// to S3 buckets encrypted with SSE-KMS is not supported. +// Time-based sorting on chunks of log data inside an exported file is not guaranteed. +// You can sort the exported log field data by using Linux utilities. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -280,23 +451,24 @@ func (c *CloudWatchLogs) CreateExportTaskRequest(input *CreateExportTaskInput) ( // API operation CreateExportTask for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * LimitExceededException -// You have reached the maximum number of resources that can be created. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - LimitExceededException +// You have reached the maximum number of resources that can be created. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * ResourceAlreadyExistsException -// The specified resource already exists. +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ResourceAlreadyExistsException +// The specified resource already exists. // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateExportTask func (c *CloudWatchLogs) CreateExportTask(input *CreateExportTaskInput) (*CreateExportTaskOutput, error) { @@ -320,6 +492,125 @@ func (c *CloudWatchLogs) CreateExportTaskWithContext(ctx aws.Context, input *Cre return out, req.Send() } +const opCreateLogAnomalyDetector = "CreateLogAnomalyDetector" + +// CreateLogAnomalyDetectorRequest generates a "aws/request.Request" representing the +// client's request for the CreateLogAnomalyDetector operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateLogAnomalyDetector for more information on using the CreateLogAnomalyDetector +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateLogAnomalyDetectorRequest method. +// req, resp := client.CreateLogAnomalyDetectorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogAnomalyDetector +func (c *CloudWatchLogs) CreateLogAnomalyDetectorRequest(input *CreateLogAnomalyDetectorInput) (req *request.Request, output *CreateLogAnomalyDetectorOutput) { + op := &request.Operation{ + Name: opCreateLogAnomalyDetector, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateLogAnomalyDetectorInput{} + } + + output = &CreateLogAnomalyDetectorOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateLogAnomalyDetector API operation for Amazon CloudWatch Logs. +// +// Creates an anomaly detector that regularly scans one or more log groups and +// look for patterns and anomalies in the logs. +// +// An anomaly detector can help surface issues by automatically discovering +// anomalies in your log event traffic. An anomaly detector uses machine learning +// algorithms to scan log events and find patterns. A pattern is a shared text +// structure that recurs among your log fields. Patterns provide a useful tool +// for analyzing large sets of logs because a large number of log events can +// often be compressed into a few patterns. +// +// The anomaly detector uses pattern recognition to find anomalies, which are +// unusual log events. It uses the evaluationFrequency to compare current log +// events and patterns with trained baselines. +// +// Fields within a pattern are called tokens. Fields that vary within a pattern, +// such as a request ID or timestamp, are referred to as dynamic tokens and +// represented by <*>. +// +// The following is an example of a pattern: +// +// [INFO] Request time: <*> ms +// +// This pattern represents log events like [INFO] Request time: 327 ms and other +// similar log events that differ only by the number, in this csse 327. When +// the pattern is displayed, the different numbers are replaced by <*> +// +// Any parts of log events that are masked as sensitive data are not scanned +// for anomalies. For more information about masking sensitive data, see Help +// protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation CreateLogAnomalyDetector for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogAnomalyDetector +func (c *CloudWatchLogs) CreateLogAnomalyDetector(input *CreateLogAnomalyDetectorInput) (*CreateLogAnomalyDetectorOutput, error) { + req, out := c.CreateLogAnomalyDetectorRequest(input) + return out, req.Send() +} + +// CreateLogAnomalyDetectorWithContext is the same as CreateLogAnomalyDetector with the addition of +// the ability to pass a context and additional request options. +// +// See CreateLogAnomalyDetector for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) CreateLogAnomalyDetectorWithContext(ctx aws.Context, input *CreateLogAnomalyDetectorInput, opts ...request.Option) (*CreateLogAnomalyDetectorOutput, error) { + req, out := c.CreateLogAnomalyDetectorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateLogGroup = "CreateLogGroup" // CreateLogGroupRequest generates a "aws/request.Request" representing the @@ -336,14 +627,13 @@ const opCreateLogGroup = "CreateLogGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateLogGroupRequest method. +// req, resp := client.CreateLogGroupRequest(params) // -// // Example sending a request using the CreateLogGroupRequest method. -// req, resp := client.CreateLogGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogGroup func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req *request.Request, output *CreateLogGroupOutput) { @@ -365,35 +655,38 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req // CreateLogGroup API operation for Amazon CloudWatch Logs. // -// Creates a log group with the specified name. You can create up to 20,000 -// log groups per account. +// Creates a log group with the specified name. You can create up to 1,000,000 +// log groups per Region per account. // // You must use the following guidelines when naming a log group: // -// * Log group names must be unique within a region for an AWS account. +// - Log group names must be unique within a Region for an Amazon Web Services +// account. +// +// - Log group names can be between 1 and 512 characters long. // -// * Log group names can be between 1 and 512 characters long. +// - Log group names consist of the following characters: a-z, A-Z, 0-9, +// '_' (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and +// '#' (number sign) // -// * Log group names consist of the following characters: a-z, A-Z, 0-9, -// '_' (underscore), '-' (hyphen), '/' (forward slash), '.' (period), and -// '#' (number sign) +// - Log group names can't start with the string aws/ // -// When you create a log group, by default the log events in the log group never -// expire. To set a retention policy so that events expire and are deleted after -// a specified time, use PutRetentionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html). +// When you create a log group, by default the log events in the log group do +// not expire. To set a retention policy so that events expire and are deleted +// after a specified time, use PutRetentionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html). // -// If you associate a AWS Key Management Service (AWS KMS) customer master key -// (CMK) with the log group, ingested data is encrypted using the CMK. This -// association is stored as long as the data encrypted with the CMK is still -// within Amazon CloudWatch Logs. This enables Amazon CloudWatch Logs to decrypt -// this data whenever it is requested. +// If you associate an KMS key with the log group, ingested data is encrypted +// using the KMS key. This association is stored as long as the data encrypted +// with the KMS key is still within CloudWatch Logs. This enables CloudWatch +// Logs to decrypt this data whenever it is requested. // -// If you attempt to associate a CMK with the log group but the CMK does not -// exist or the CMK is disabled, you receive an InvalidParameterException error. +// If you attempt to associate a KMS key with the log group but the KMS key +// does not exist or the KMS key is disabled, you receive an InvalidParameterException +// error. // -// CloudWatch Logs supports only symmetric CMKs. Do not associate an asymmetric -// CMK with your log group. For more information, see Using Symmetric and Asymmetric -// Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html). +// CloudWatch Logs supports only symmetric KMS keys. Do not associate an asymmetric +// KMS key with your log group. For more information, see Using Symmetric and +// Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -403,20 +696,21 @@ func (c *CloudWatchLogs) CreateLogGroupRequest(input *CreateLogGroupInput) (req // API operation CreateLogGroup for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceAlreadyExistsException -// The specified resource already exists. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * LimitExceededException -// You have reached the maximum number of resources that can be created. +// - ResourceAlreadyExistsException +// The specified resource already exists. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - LimitExceededException +// You have reached the maximum number of resources that can be created. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogGroup func (c *CloudWatchLogs) CreateLogGroup(input *CreateLogGroupInput) (*CreateLogGroupOutput, error) { @@ -456,14 +750,13 @@ const opCreateLogStream = "CreateLogStream" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateLogStreamRequest method. +// req, resp := client.CreateLogStreamRequest(params) // -// // Example sending a request using the CreateLogStreamRequest method. -// req, resp := client.CreateLogStreamRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogStream func (c *CloudWatchLogs) CreateLogStreamRequest(input *CreateLogStreamInput) (req *request.Request, output *CreateLogStreamOutput) { @@ -495,11 +788,11 @@ func (c *CloudWatchLogs) CreateLogStreamRequest(input *CreateLogStreamInput) (re // // You must use the following guidelines when naming a log stream: // -// * Log stream names must be unique within the log group. +// - Log stream names must be unique within the log group. // -// * Log stream names can be between 1 and 512 characters long. +// - Log stream names can be between 1 and 512 characters long. // -// * The ':' (colon) and '*' (asterisk) characters are not allowed. +// - Don't use ':' (colon) or '*' (asterisk) characters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -509,17 +802,18 @@ func (c *CloudWatchLogs) CreateLogStreamRequest(input *CreateLogStreamInput) (re // API operation CreateLogStream for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceAlreadyExistsException -// The specified resource already exists. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ResourceAlreadyExistsException +// The specified resource already exists. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. // // See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogStream func (c *CloudWatchLogs) CreateLogStream(input *CreateLogStreamInput) (*CreateLogStreamOutput, error) { @@ -543,1672 +837,1512 @@ func (c *CloudWatchLogs) CreateLogStreamWithContext(ctx aws.Context, input *Crea return out, req.Send() } -const opDeleteDestination = "DeleteDestination" +const opDeleteAccountPolicy = "DeleteAccountPolicy" -// DeleteDestinationRequest generates a "aws/request.Request" representing the -// client's request for the DeleteDestination operation. The "output" return +// DeleteAccountPolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteAccountPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteDestination for more information on using the DeleteDestination +// See DeleteAccountPolicy for more information on using the DeleteAccountPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteAccountPolicyRequest method. +// req, resp := client.DeleteAccountPolicyRequest(params) // -// // Example sending a request using the DeleteDestinationRequest method. -// req, resp := client.DeleteDestinationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDestination -func (c *CloudWatchLogs) DeleteDestinationRequest(input *DeleteDestinationInput) (req *request.Request, output *DeleteDestinationOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicy +func (c *CloudWatchLogs) DeleteAccountPolicyRequest(input *DeleteAccountPolicyInput) (req *request.Request, output *DeleteAccountPolicyOutput) { op := &request.Operation{ - Name: opDeleteDestination, + Name: opDeleteAccountPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteDestinationInput{} + input = &DeleteAccountPolicyInput{} } - output = &DeleteDestinationOutput{} + output = &DeleteAccountPolicyOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteDestination API operation for Amazon CloudWatch Logs. +// DeleteAccountPolicy API operation for Amazon CloudWatch Logs. // -// Deletes the specified destination, and eventually disables all the subscription -// filters that publish to it. This operation does not delete the physical resource -// encapsulated by the destination. +// Deletes a CloudWatch Logs account policy. This stops the policy from applying +// to all log groups or a subset of log groups in the account. Log-group level +// policies will still be in effect. +// +// To use this operation, you must be signed on with the correct permissions +// depending on the type of policy that you are deleting. +// +// - To delete a data protection policy, you must have the logs:DeleteDataProtectionPolicy +// and logs:DeleteAccountPolicy permissions. +// +// - To delete a subscription filter policy, you must have the logs:DeleteSubscriptionFilter +// and logs:DeleteAccountPolicy permissions. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteDestination for usage and error information. +// API operation DeleteAccountPolicy for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDestination -func (c *CloudWatchLogs) DeleteDestination(input *DeleteDestinationInput) (*DeleteDestinationOutput, error) { - req, out := c.DeleteDestinationRequest(input) +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicy +func (c *CloudWatchLogs) DeleteAccountPolicy(input *DeleteAccountPolicyInput) (*DeleteAccountPolicyOutput, error) { + req, out := c.DeleteAccountPolicyRequest(input) return out, req.Send() } -// DeleteDestinationWithContext is the same as DeleteDestination with the addition of +// DeleteAccountPolicyWithContext is the same as DeleteAccountPolicy with the addition of // the ability to pass a context and additional request options. // -// See DeleteDestination for details on how to use this API operation. +// See DeleteAccountPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteDestinationWithContext(ctx aws.Context, input *DeleteDestinationInput, opts ...request.Option) (*DeleteDestinationOutput, error) { - req, out := c.DeleteDestinationRequest(input) +func (c *CloudWatchLogs) DeleteAccountPolicyWithContext(ctx aws.Context, input *DeleteAccountPolicyInput, opts ...request.Option) (*DeleteAccountPolicyOutput, error) { + req, out := c.DeleteAccountPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDeleteLogGroup = "DeleteLogGroup" +const opDeleteDataProtectionPolicy = "DeleteDataProtectionPolicy" -// DeleteLogGroupRequest generates a "aws/request.Request" representing the -// client's request for the DeleteLogGroup operation. The "output" return +// DeleteDataProtectionPolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDataProtectionPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteLogGroup for more information on using the DeleteLogGroup +// See DeleteDataProtectionPolicy for more information on using the DeleteDataProtectionPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDataProtectionPolicyRequest method. +// req, resp := client.DeleteDataProtectionPolicyRequest(params) // -// // Example sending a request using the DeleteLogGroupRequest method. -// req, resp := client.DeleteLogGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogGroup -func (c *CloudWatchLogs) DeleteLogGroupRequest(input *DeleteLogGroupInput) (req *request.Request, output *DeleteLogGroupOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDataProtectionPolicy +func (c *CloudWatchLogs) DeleteDataProtectionPolicyRequest(input *DeleteDataProtectionPolicyInput) (req *request.Request, output *DeleteDataProtectionPolicyOutput) { op := &request.Operation{ - Name: opDeleteLogGroup, + Name: opDeleteDataProtectionPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteLogGroupInput{} + input = &DeleteDataProtectionPolicyInput{} } - output = &DeleteLogGroupOutput{} + output = &DeleteDataProtectionPolicyOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteLogGroup API operation for Amazon CloudWatch Logs. +// DeleteDataProtectionPolicy API operation for Amazon CloudWatch Logs. // -// Deletes the specified log group and permanently deletes all the archived -// log events associated with the log group. +// Deletes the data protection policy from the specified log group. +// +// For more information about data protection policies, see PutDataProtectionPolicy +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteLogGroup for usage and error information. +// API operation DeleteDataProtectionPolicy for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogGroup -func (c *CloudWatchLogs) DeleteLogGroup(input *DeleteLogGroupInput) (*DeleteLogGroupOutput, error) { - req, out := c.DeleteLogGroupRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDataProtectionPolicy +func (c *CloudWatchLogs) DeleteDataProtectionPolicy(input *DeleteDataProtectionPolicyInput) (*DeleteDataProtectionPolicyOutput, error) { + req, out := c.DeleteDataProtectionPolicyRequest(input) return out, req.Send() } -// DeleteLogGroupWithContext is the same as DeleteLogGroup with the addition of +// DeleteDataProtectionPolicyWithContext is the same as DeleteDataProtectionPolicy with the addition of // the ability to pass a context and additional request options. // -// See DeleteLogGroup for details on how to use this API operation. +// See DeleteDataProtectionPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteLogGroupWithContext(ctx aws.Context, input *DeleteLogGroupInput, opts ...request.Option) (*DeleteLogGroupOutput, error) { - req, out := c.DeleteLogGroupRequest(input) +func (c *CloudWatchLogs) DeleteDataProtectionPolicyWithContext(ctx aws.Context, input *DeleteDataProtectionPolicyInput, opts ...request.Option) (*DeleteDataProtectionPolicyOutput, error) { + req, out := c.DeleteDataProtectionPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDeleteLogStream = "DeleteLogStream" +const opDeleteDelivery = "DeleteDelivery" -// DeleteLogStreamRequest generates a "aws/request.Request" representing the -// client's request for the DeleteLogStream operation. The "output" return +// DeleteDeliveryRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDelivery operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteLogStream for more information on using the DeleteLogStream +// See DeleteDelivery for more information on using the DeleteDelivery // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDeliveryRequest method. +// req, resp := client.DeleteDeliveryRequest(params) // -// // Example sending a request using the DeleteLogStreamRequest method. -// req, resp := client.DeleteLogStreamRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogStream -func (c *CloudWatchLogs) DeleteLogStreamRequest(input *DeleteLogStreamInput) (req *request.Request, output *DeleteLogStreamOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDelivery +func (c *CloudWatchLogs) DeleteDeliveryRequest(input *DeleteDeliveryInput) (req *request.Request, output *DeleteDeliveryOutput) { op := &request.Operation{ - Name: opDeleteLogStream, + Name: opDeleteDelivery, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteLogStreamInput{} + input = &DeleteDeliveryInput{} } - output = &DeleteLogStreamOutput{} + output = &DeleteDeliveryOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteLogStream API operation for Amazon CloudWatch Logs. +// DeleteDelivery API operation for Amazon CloudWatch Logs. // -// Deletes the specified log stream and permanently deletes all the archived -// log events associated with the log stream. +// Deletes s delivery. A delivery is a connection between a logical delivery +// source and a logical delivery destination. Deleting a delivery only deletes +// the connection between the delivery source and delivery destination. It does +// not delete the delivery destination or the delivery source. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteLogStream for usage and error information. +// API operation DeleteDelivery for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ConflictException +// This operation attempted to create a resource that already exists. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogStream -func (c *CloudWatchLogs) DeleteLogStream(input *DeleteLogStreamInput) (*DeleteLogStreamOutput, error) { - req, out := c.DeleteLogStreamRequest(input) +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ServiceQuotaExceededException +// This request exceeds a service quota. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDelivery +func (c *CloudWatchLogs) DeleteDelivery(input *DeleteDeliveryInput) (*DeleteDeliveryOutput, error) { + req, out := c.DeleteDeliveryRequest(input) return out, req.Send() } -// DeleteLogStreamWithContext is the same as DeleteLogStream with the addition of +// DeleteDeliveryWithContext is the same as DeleteDelivery with the addition of // the ability to pass a context and additional request options. // -// See DeleteLogStream for details on how to use this API operation. +// See DeleteDelivery for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteLogStreamWithContext(ctx aws.Context, input *DeleteLogStreamInput, opts ...request.Option) (*DeleteLogStreamOutput, error) { - req, out := c.DeleteLogStreamRequest(input) +func (c *CloudWatchLogs) DeleteDeliveryWithContext(ctx aws.Context, input *DeleteDeliveryInput, opts ...request.Option) (*DeleteDeliveryOutput, error) { + req, out := c.DeleteDeliveryRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDeleteMetricFilter = "DeleteMetricFilter" +const opDeleteDeliveryDestination = "DeleteDeliveryDestination" -// DeleteMetricFilterRequest generates a "aws/request.Request" representing the -// client's request for the DeleteMetricFilter operation. The "output" return +// DeleteDeliveryDestinationRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDeliveryDestination operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteMetricFilter for more information on using the DeleteMetricFilter +// See DeleteDeliveryDestination for more information on using the DeleteDeliveryDestination // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDeliveryDestinationRequest method. +// req, resp := client.DeleteDeliveryDestinationRequest(params) // -// // Example sending a request using the DeleteMetricFilterRequest method. -// req, resp := client.DeleteMetricFilterRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteMetricFilter -func (c *CloudWatchLogs) DeleteMetricFilterRequest(input *DeleteMetricFilterInput) (req *request.Request, output *DeleteMetricFilterOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDeliveryDestination +func (c *CloudWatchLogs) DeleteDeliveryDestinationRequest(input *DeleteDeliveryDestinationInput) (req *request.Request, output *DeleteDeliveryDestinationOutput) { op := &request.Operation{ - Name: opDeleteMetricFilter, + Name: opDeleteDeliveryDestination, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteMetricFilterInput{} + input = &DeleteDeliveryDestinationInput{} } - output = &DeleteMetricFilterOutput{} + output = &DeleteDeliveryDestinationOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteMetricFilter API operation for Amazon CloudWatch Logs. +// DeleteDeliveryDestination API operation for Amazon CloudWatch Logs. // -// Deletes the specified metric filter. +// Deletes a delivery destination. A delivery is a connection between a logical +// delivery source and a logical delivery destination. +// +// You can't delete a delivery destination if any current deliveries are associated +// with it. To find whether any deliveries are associated with this delivery +// destination, use the DescribeDeliveries (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html) +// operation and check the deliveryDestinationArn field in the results. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteMetricFilter for usage and error information. +// API operation DeleteDeliveryDestination for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ConflictException +// This operation attempted to create a resource that already exists. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteMetricFilter -func (c *CloudWatchLogs) DeleteMetricFilter(input *DeleteMetricFilterInput) (*DeleteMetricFilterOutput, error) { - req, out := c.DeleteMetricFilterRequest(input) +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ServiceQuotaExceededException +// This request exceeds a service quota. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDeliveryDestination +func (c *CloudWatchLogs) DeleteDeliveryDestination(input *DeleteDeliveryDestinationInput) (*DeleteDeliveryDestinationOutput, error) { + req, out := c.DeleteDeliveryDestinationRequest(input) return out, req.Send() } -// DeleteMetricFilterWithContext is the same as DeleteMetricFilter with the addition of +// DeleteDeliveryDestinationWithContext is the same as DeleteDeliveryDestination with the addition of // the ability to pass a context and additional request options. // -// See DeleteMetricFilter for details on how to use this API operation. +// See DeleteDeliveryDestination for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteMetricFilterWithContext(ctx aws.Context, input *DeleteMetricFilterInput, opts ...request.Option) (*DeleteMetricFilterOutput, error) { - req, out := c.DeleteMetricFilterRequest(input) +func (c *CloudWatchLogs) DeleteDeliveryDestinationWithContext(ctx aws.Context, input *DeleteDeliveryDestinationInput, opts ...request.Option) (*DeleteDeliveryDestinationOutput, error) { + req, out := c.DeleteDeliveryDestinationRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDeleteQueryDefinition = "DeleteQueryDefinition" +const opDeleteDeliveryDestinationPolicy = "DeleteDeliveryDestinationPolicy" -// DeleteQueryDefinitionRequest generates a "aws/request.Request" representing the -// client's request for the DeleteQueryDefinition operation. The "output" return +// DeleteDeliveryDestinationPolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDeliveryDestinationPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteQueryDefinition for more information on using the DeleteQueryDefinition +// See DeleteDeliveryDestinationPolicy for more information on using the DeleteDeliveryDestinationPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDeliveryDestinationPolicyRequest method. +// req, resp := client.DeleteDeliveryDestinationPolicyRequest(params) // -// // Example sending a request using the DeleteQueryDefinitionRequest method. -// req, resp := client.DeleteQueryDefinitionRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteQueryDefinition -func (c *CloudWatchLogs) DeleteQueryDefinitionRequest(input *DeleteQueryDefinitionInput) (req *request.Request, output *DeleteQueryDefinitionOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDeliveryDestinationPolicy +func (c *CloudWatchLogs) DeleteDeliveryDestinationPolicyRequest(input *DeleteDeliveryDestinationPolicyInput) (req *request.Request, output *DeleteDeliveryDestinationPolicyOutput) { op := &request.Operation{ - Name: opDeleteQueryDefinition, + Name: opDeleteDeliveryDestinationPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteQueryDefinitionInput{} + input = &DeleteDeliveryDestinationPolicyInput{} } - output = &DeleteQueryDefinitionOutput{} + output = &DeleteDeliveryDestinationPolicyOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteQueryDefinition API operation for Amazon CloudWatch Logs. +// DeleteDeliveryDestinationPolicy API operation for Amazon CloudWatch Logs. // -// Deletes a saved CloudWatch Logs Insights query definition. A query definition -// contains details about a saved CloudWatch Logs Insights query. -// -// Each DeleteQueryDefinition operation can delete one query definition. -// -// You must have the logs:DeleteQueryDefinition permission to be able to perform -// this operation. +// Deletes a delivery destination policy. For more information about these policies, +// see PutDeliveryDestinationPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteQueryDefinition for usage and error information. +// API operation DeleteDeliveryDestinationPolicy for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ValidationException +// One of the parameters for the request is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteQueryDefinition -func (c *CloudWatchLogs) DeleteQueryDefinition(input *DeleteQueryDefinitionInput) (*DeleteQueryDefinitionOutput, error) { - req, out := c.DeleteQueryDefinitionRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ConflictException +// This operation attempted to create a resource that already exists. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDeliveryDestinationPolicy +func (c *CloudWatchLogs) DeleteDeliveryDestinationPolicy(input *DeleteDeliveryDestinationPolicyInput) (*DeleteDeliveryDestinationPolicyOutput, error) { + req, out := c.DeleteDeliveryDestinationPolicyRequest(input) return out, req.Send() } -// DeleteQueryDefinitionWithContext is the same as DeleteQueryDefinition with the addition of +// DeleteDeliveryDestinationPolicyWithContext is the same as DeleteDeliveryDestinationPolicy with the addition of // the ability to pass a context and additional request options. // -// See DeleteQueryDefinition for details on how to use this API operation. +// See DeleteDeliveryDestinationPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteQueryDefinitionWithContext(ctx aws.Context, input *DeleteQueryDefinitionInput, opts ...request.Option) (*DeleteQueryDefinitionOutput, error) { - req, out := c.DeleteQueryDefinitionRequest(input) +func (c *CloudWatchLogs) DeleteDeliveryDestinationPolicyWithContext(ctx aws.Context, input *DeleteDeliveryDestinationPolicyInput, opts ...request.Option) (*DeleteDeliveryDestinationPolicyOutput, error) { + req, out := c.DeleteDeliveryDestinationPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDeleteResourcePolicy = "DeleteResourcePolicy" +const opDeleteDeliverySource = "DeleteDeliverySource" -// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the -// client's request for the DeleteResourcePolicy operation. The "output" return +// DeleteDeliverySourceRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDeliverySource operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy +// See DeleteDeliverySource for more information on using the DeleteDeliverySource // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDeliverySourceRequest method. +// req, resp := client.DeleteDeliverySourceRequest(params) // -// // Example sending a request using the DeleteResourcePolicyRequest method. -// req, resp := client.DeleteResourcePolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteResourcePolicy -func (c *CloudWatchLogs) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDeliverySource +func (c *CloudWatchLogs) DeleteDeliverySourceRequest(input *DeleteDeliverySourceInput) (req *request.Request, output *DeleteDeliverySourceOutput) { op := &request.Operation{ - Name: opDeleteResourcePolicy, + Name: opDeleteDeliverySource, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteResourcePolicyInput{} + input = &DeleteDeliverySourceInput{} } - output = &DeleteResourcePolicyOutput{} + output = &DeleteDeliverySourceOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteResourcePolicy API operation for Amazon CloudWatch Logs. +// DeleteDeliverySource API operation for Amazon CloudWatch Logs. // -// Deletes a resource policy from this account. This revokes the access of the -// identities in that policy to put log events to this account. +// Deletes a delivery source. A delivery is a connection between a logical delivery +// source and a logical delivery destination. +// +// You can't delete a delivery source if any current deliveries are associated +// with it. To find whether any deliveries are associated with this delivery +// source, use the DescribeDeliveries (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html) +// operation and check the deliverySourceName field in the results. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteResourcePolicy for usage and error information. +// API operation DeleteDeliverySource for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteResourcePolicy -func (c *CloudWatchLogs) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { - req, out := c.DeleteResourcePolicyRequest(input) +// - ConflictException +// This operation attempted to create a resource that already exists. +// +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ServiceQuotaExceededException +// This request exceeds a service quota. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDeliverySource +func (c *CloudWatchLogs) DeleteDeliverySource(input *DeleteDeliverySourceInput) (*DeleteDeliverySourceOutput, error) { + req, out := c.DeleteDeliverySourceRequest(input) return out, req.Send() } -// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of +// DeleteDeliverySourceWithContext is the same as DeleteDeliverySource with the addition of // the ability to pass a context and additional request options. // -// See DeleteResourcePolicy for details on how to use this API operation. +// See DeleteDeliverySource for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { - req, out := c.DeleteResourcePolicyRequest(input) +func (c *CloudWatchLogs) DeleteDeliverySourceWithContext(ctx aws.Context, input *DeleteDeliverySourceInput, opts ...request.Option) (*DeleteDeliverySourceOutput, error) { + req, out := c.DeleteDeliverySourceRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDeleteRetentionPolicy = "DeleteRetentionPolicy" +const opDeleteDestination = "DeleteDestination" -// DeleteRetentionPolicyRequest generates a "aws/request.Request" representing the -// client's request for the DeleteRetentionPolicy operation. The "output" return +// DeleteDestinationRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDestination operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteRetentionPolicy for more information on using the DeleteRetentionPolicy +// See DeleteDestination for more information on using the DeleteDestination // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDestinationRequest method. +// req, resp := client.DeleteDestinationRequest(params) // -// // Example sending a request using the DeleteRetentionPolicyRequest method. -// req, resp := client.DeleteRetentionPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteRetentionPolicy -func (c *CloudWatchLogs) DeleteRetentionPolicyRequest(input *DeleteRetentionPolicyInput) (req *request.Request, output *DeleteRetentionPolicyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDestination +func (c *CloudWatchLogs) DeleteDestinationRequest(input *DeleteDestinationInput) (req *request.Request, output *DeleteDestinationOutput) { op := &request.Operation{ - Name: opDeleteRetentionPolicy, + Name: opDeleteDestination, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteRetentionPolicyInput{} + input = &DeleteDestinationInput{} } - output = &DeleteRetentionPolicyOutput{} + output = &DeleteDestinationOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteRetentionPolicy API operation for Amazon CloudWatch Logs. -// -// Deletes the specified retention policy. +// DeleteDestination API operation for Amazon CloudWatch Logs. // -// Log events do not expire if they belong to log groups without a retention -// policy. +// Deletes the specified destination, and eventually disables all the subscription +// filters that publish to it. This operation does not delete the physical resource +// encapsulated by the destination. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteRetentionPolicy for usage and error information. +// API operation DeleteDestination for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteRetentionPolicy -func (c *CloudWatchLogs) DeleteRetentionPolicy(input *DeleteRetentionPolicyInput) (*DeleteRetentionPolicyOutput, error) { - req, out := c.DeleteRetentionPolicyRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDestination +func (c *CloudWatchLogs) DeleteDestination(input *DeleteDestinationInput) (*DeleteDestinationOutput, error) { + req, out := c.DeleteDestinationRequest(input) return out, req.Send() } -// DeleteRetentionPolicyWithContext is the same as DeleteRetentionPolicy with the addition of +// DeleteDestinationWithContext is the same as DeleteDestination with the addition of // the ability to pass a context and additional request options. // -// See DeleteRetentionPolicy for details on how to use this API operation. +// See DeleteDestination for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteRetentionPolicyWithContext(ctx aws.Context, input *DeleteRetentionPolicyInput, opts ...request.Option) (*DeleteRetentionPolicyOutput, error) { - req, out := c.DeleteRetentionPolicyRequest(input) +func (c *CloudWatchLogs) DeleteDestinationWithContext(ctx aws.Context, input *DeleteDestinationInput, opts ...request.Option) (*DeleteDestinationOutput, error) { + req, out := c.DeleteDestinationRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDeleteSubscriptionFilter = "DeleteSubscriptionFilter" +const opDeleteLogAnomalyDetector = "DeleteLogAnomalyDetector" -// DeleteSubscriptionFilterRequest generates a "aws/request.Request" representing the -// client's request for the DeleteSubscriptionFilter operation. The "output" return +// DeleteLogAnomalyDetectorRequest generates a "aws/request.Request" representing the +// client's request for the DeleteLogAnomalyDetector operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteSubscriptionFilter for more information on using the DeleteSubscriptionFilter +// See DeleteLogAnomalyDetector for more information on using the DeleteLogAnomalyDetector // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteLogAnomalyDetectorRequest method. +// req, resp := client.DeleteLogAnomalyDetectorRequest(params) // -// // Example sending a request using the DeleteSubscriptionFilterRequest method. -// req, resp := client.DeleteSubscriptionFilterRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteSubscriptionFilter -func (c *CloudWatchLogs) DeleteSubscriptionFilterRequest(input *DeleteSubscriptionFilterInput) (req *request.Request, output *DeleteSubscriptionFilterOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogAnomalyDetector +func (c *CloudWatchLogs) DeleteLogAnomalyDetectorRequest(input *DeleteLogAnomalyDetectorInput) (req *request.Request, output *DeleteLogAnomalyDetectorOutput) { op := &request.Operation{ - Name: opDeleteSubscriptionFilter, + Name: opDeleteLogAnomalyDetector, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteSubscriptionFilterInput{} + input = &DeleteLogAnomalyDetectorInput{} } - output = &DeleteSubscriptionFilterOutput{} + output = &DeleteLogAnomalyDetectorOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DeleteSubscriptionFilter API operation for Amazon CloudWatch Logs. +// DeleteLogAnomalyDetector API operation for Amazon CloudWatch Logs. // -// Deletes the specified subscription filter. +// Deletes the specified CloudWatch Logs anomaly detector. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DeleteSubscriptionFilter for usage and error information. +// API operation DeleteLogAnomalyDetector for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteSubscriptionFilter -func (c *CloudWatchLogs) DeleteSubscriptionFilter(input *DeleteSubscriptionFilterInput) (*DeleteSubscriptionFilterOutput, error) { - req, out := c.DeleteSubscriptionFilterRequest(input) +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogAnomalyDetector +func (c *CloudWatchLogs) DeleteLogAnomalyDetector(input *DeleteLogAnomalyDetectorInput) (*DeleteLogAnomalyDetectorOutput, error) { + req, out := c.DeleteLogAnomalyDetectorRequest(input) return out, req.Send() } -// DeleteSubscriptionFilterWithContext is the same as DeleteSubscriptionFilter with the addition of +// DeleteLogAnomalyDetectorWithContext is the same as DeleteLogAnomalyDetector with the addition of // the ability to pass a context and additional request options. // -// See DeleteSubscriptionFilter for details on how to use this API operation. +// See DeleteLogAnomalyDetector for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DeleteSubscriptionFilterWithContext(ctx aws.Context, input *DeleteSubscriptionFilterInput, opts ...request.Option) (*DeleteSubscriptionFilterOutput, error) { - req, out := c.DeleteSubscriptionFilterRequest(input) +func (c *CloudWatchLogs) DeleteLogAnomalyDetectorWithContext(ctx aws.Context, input *DeleteLogAnomalyDetectorInput, opts ...request.Option) (*DeleteLogAnomalyDetectorOutput, error) { + req, out := c.DeleteLogAnomalyDetectorRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDescribeDestinations = "DescribeDestinations" +const opDeleteLogGroup = "DeleteLogGroup" -// DescribeDestinationsRequest generates a "aws/request.Request" representing the -// client's request for the DescribeDestinations operation. The "output" return +// DeleteLogGroupRequest generates a "aws/request.Request" representing the +// client's request for the DeleteLogGroup operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeDestinations for more information on using the DescribeDestinations +// See DeleteLogGroup for more information on using the DeleteLogGroup // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteLogGroupRequest method. +// req, resp := client.DeleteLogGroupRequest(params) // -// // Example sending a request using the DescribeDestinationsRequest method. -// req, resp := client.DescribeDestinationsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDestinations -func (c *CloudWatchLogs) DescribeDestinationsRequest(input *DescribeDestinationsInput) (req *request.Request, output *DescribeDestinationsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogGroup +func (c *CloudWatchLogs) DeleteLogGroupRequest(input *DeleteLogGroupInput) (req *request.Request, output *DeleteLogGroupOutput) { op := &request.Operation{ - Name: opDescribeDestinations, + Name: opDeleteLogGroup, HTTPMethod: "POST", HTTPPath: "/", - Paginator: &request.Paginator{ - InputTokens: []string{"nextToken"}, - OutputTokens: []string{"nextToken"}, - LimitToken: "limit", - TruncationToken: "", - }, } if input == nil { - input = &DescribeDestinationsInput{} + input = &DeleteLogGroupInput{} } - output = &DescribeDestinationsOutput{} + output = &DeleteLogGroupOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DescribeDestinations API operation for Amazon CloudWatch Logs. +// DeleteLogGroup API operation for Amazon CloudWatch Logs. // -// Lists all your destinations. The results are ASCII-sorted by destination -// name. +// Deletes the specified log group and permanently deletes all the archived +// log events associated with the log group. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeDestinations for usage and error information. +// API operation DeleteLogGroup for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDestinations -func (c *CloudWatchLogs) DescribeDestinations(input *DescribeDestinationsInput) (*DescribeDestinationsOutput, error) { - req, out := c.DescribeDestinationsRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogGroup +func (c *CloudWatchLogs) DeleteLogGroup(input *DeleteLogGroupInput) (*DeleteLogGroupOutput, error) { + req, out := c.DeleteLogGroupRequest(input) return out, req.Send() } -// DescribeDestinationsWithContext is the same as DescribeDestinations with the addition of +// DeleteLogGroupWithContext is the same as DeleteLogGroup with the addition of // the ability to pass a context and additional request options. // -// See DescribeDestinations for details on how to use this API operation. +// See DeleteLogGroup for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeDestinationsWithContext(ctx aws.Context, input *DescribeDestinationsInput, opts ...request.Option) (*DescribeDestinationsOutput, error) { - req, out := c.DescribeDestinationsRequest(input) +func (c *CloudWatchLogs) DeleteLogGroupWithContext(ctx aws.Context, input *DeleteLogGroupInput, opts ...request.Option) (*DeleteLogGroupOutput, error) { + req, out := c.DeleteLogGroupRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// DescribeDestinationsPages iterates over the pages of a DescribeDestinations operation, -// calling the "fn" function with the response data for each page. To stop -// iterating, return false from the fn function. -// -// See DescribeDestinations method for more information on how to use this operation. -// -// Note: This operation can generate multiple requests to a service. -// -// // Example iterating over at most 3 pages of a DescribeDestinations operation. -// pageNum := 0 -// err := client.DescribeDestinationsPages(params, -// func(page *cloudwatchlogs.DescribeDestinationsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatchLogs) DescribeDestinationsPages(input *DescribeDestinationsInput, fn func(*DescribeDestinationsOutput, bool) bool) error { - return c.DescribeDestinationsPagesWithContext(aws.BackgroundContext(), input, fn) -} - -// DescribeDestinationsPagesWithContext same as DescribeDestinationsPages except -// it takes a Context and allows setting request options on the pages. -// -// The context must be non-nil and will be used for request cancellation. If -// the context is nil a panic will occur. In the future the SDK may create -// sub-contexts for http.Requests. See https://golang.org/pkg/context/ -// for more information on using Contexts. -func (c *CloudWatchLogs) DescribeDestinationsPagesWithContext(ctx aws.Context, input *DescribeDestinationsInput, fn func(*DescribeDestinationsOutput, bool) bool, opts ...request.Option) error { - p := request.Pagination{ - EndPageOnSameToken: true, - NewRequest: func() (*request.Request, error) { - var inCpy *DescribeDestinationsInput - if input != nil { - tmp := *input - inCpy = &tmp - } - req, _ := c.DescribeDestinationsRequest(inCpy) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return req, nil - }, - } - - for p.Next() { - if !fn(p.Page().(*DescribeDestinationsOutput), !p.HasNextPage()) { - break - } - } - - return p.Err() -} - -const opDescribeExportTasks = "DescribeExportTasks" +const opDeleteLogStream = "DeleteLogStream" -// DescribeExportTasksRequest generates a "aws/request.Request" representing the -// client's request for the DescribeExportTasks operation. The "output" return +// DeleteLogStreamRequest generates a "aws/request.Request" representing the +// client's request for the DeleteLogStream operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeExportTasks for more information on using the DescribeExportTasks +// See DeleteLogStream for more information on using the DeleteLogStream // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteLogStreamRequest method. +// req, resp := client.DeleteLogStreamRequest(params) // -// // Example sending a request using the DescribeExportTasksRequest method. -// req, resp := client.DescribeExportTasksRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeExportTasks -func (c *CloudWatchLogs) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req *request.Request, output *DescribeExportTasksOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogStream +func (c *CloudWatchLogs) DeleteLogStreamRequest(input *DeleteLogStreamInput) (req *request.Request, output *DeleteLogStreamOutput) { op := &request.Operation{ - Name: opDescribeExportTasks, + Name: opDeleteLogStream, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DescribeExportTasksInput{} + input = &DeleteLogStreamInput{} } - output = &DescribeExportTasksOutput{} + output = &DeleteLogStreamOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DescribeExportTasks API operation for Amazon CloudWatch Logs. +// DeleteLogStream API operation for Amazon CloudWatch Logs. // -// Lists the specified export tasks. You can list all your export tasks or filter -// the results based on task ID or task status. +// Deletes the specified log stream and permanently deletes all the archived +// log events associated with the log stream. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeExportTasks for usage and error information. +// API operation DeleteLogStream for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeExportTasks -func (c *CloudWatchLogs) DescribeExportTasks(input *DescribeExportTasksInput) (*DescribeExportTasksOutput, error) { - req, out := c.DescribeExportTasksRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogStream +func (c *CloudWatchLogs) DeleteLogStream(input *DeleteLogStreamInput) (*DeleteLogStreamOutput, error) { + req, out := c.DeleteLogStreamRequest(input) return out, req.Send() } -// DescribeExportTasksWithContext is the same as DescribeExportTasks with the addition of +// DeleteLogStreamWithContext is the same as DeleteLogStream with the addition of // the ability to pass a context and additional request options. // -// See DescribeExportTasks for details on how to use this API operation. +// See DeleteLogStream for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeExportTasksWithContext(ctx aws.Context, input *DescribeExportTasksInput, opts ...request.Option) (*DescribeExportTasksOutput, error) { - req, out := c.DescribeExportTasksRequest(input) +func (c *CloudWatchLogs) DeleteLogStreamWithContext(ctx aws.Context, input *DeleteLogStreamInput, opts ...request.Option) (*DeleteLogStreamOutput, error) { + req, out := c.DeleteLogStreamRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDescribeLogGroups = "DescribeLogGroups" +const opDeleteMetricFilter = "DeleteMetricFilter" -// DescribeLogGroupsRequest generates a "aws/request.Request" representing the -// client's request for the DescribeLogGroups operation. The "output" return +// DeleteMetricFilterRequest generates a "aws/request.Request" representing the +// client's request for the DeleteMetricFilter operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeLogGroups for more information on using the DescribeLogGroups +// See DeleteMetricFilter for more information on using the DeleteMetricFilter // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteMetricFilterRequest method. +// req, resp := client.DeleteMetricFilterRequest(params) // -// // Example sending a request using the DescribeLogGroupsRequest method. -// req, resp := client.DescribeLogGroupsRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups -func (c *CloudWatchLogs) DescribeLogGroupsRequest(input *DescribeLogGroupsInput) (req *request.Request, output *DescribeLogGroupsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteMetricFilter +func (c *CloudWatchLogs) DeleteMetricFilterRequest(input *DeleteMetricFilterInput) (req *request.Request, output *DeleteMetricFilterOutput) { op := &request.Operation{ - Name: opDescribeLogGroups, + Name: opDeleteMetricFilter, HTTPMethod: "POST", HTTPPath: "/", - Paginator: &request.Paginator{ - InputTokens: []string{"nextToken"}, - OutputTokens: []string{"nextToken"}, - LimitToken: "limit", - TruncationToken: "", - }, } if input == nil { - input = &DescribeLogGroupsInput{} + input = &DeleteMetricFilterInput{} } - output = &DescribeLogGroupsOutput{} + output = &DeleteMetricFilterOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DescribeLogGroups API operation for Amazon CloudWatch Logs. +// DeleteMetricFilter API operation for Amazon CloudWatch Logs. // -// Lists the specified log groups. You can list all your log groups or filter -// the results by prefix. The results are ASCII-sorted by log group name. +// Deletes the specified metric filter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeLogGroups for usage and error information. +// API operation DeleteMetricFilter for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups -func (c *CloudWatchLogs) DescribeLogGroups(input *DescribeLogGroupsInput) (*DescribeLogGroupsOutput, error) { - req, out := c.DescribeLogGroupsRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteMetricFilter +func (c *CloudWatchLogs) DeleteMetricFilter(input *DeleteMetricFilterInput) (*DeleteMetricFilterOutput, error) { + req, out := c.DeleteMetricFilterRequest(input) return out, req.Send() } -// DescribeLogGroupsWithContext is the same as DescribeLogGroups with the addition of +// DeleteMetricFilterWithContext is the same as DeleteMetricFilter with the addition of // the ability to pass a context and additional request options. // -// See DescribeLogGroups for details on how to use this API operation. +// See DeleteMetricFilter for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeLogGroupsWithContext(ctx aws.Context, input *DescribeLogGroupsInput, opts ...request.Option) (*DescribeLogGroupsOutput, error) { - req, out := c.DescribeLogGroupsRequest(input) +func (c *CloudWatchLogs) DeleteMetricFilterWithContext(ctx aws.Context, input *DeleteMetricFilterInput, opts ...request.Option) (*DeleteMetricFilterOutput, error) { + req, out := c.DeleteMetricFilterRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// DescribeLogGroupsPages iterates over the pages of a DescribeLogGroups operation, -// calling the "fn" function with the response data for each page. To stop -// iterating, return false from the fn function. -// -// See DescribeLogGroups method for more information on how to use this operation. -// -// Note: This operation can generate multiple requests to a service. -// -// // Example iterating over at most 3 pages of a DescribeLogGroups operation. -// pageNum := 0 -// err := client.DescribeLogGroupsPages(params, -// func(page *cloudwatchlogs.DescribeLogGroupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatchLogs) DescribeLogGroupsPages(input *DescribeLogGroupsInput, fn func(*DescribeLogGroupsOutput, bool) bool) error { - return c.DescribeLogGroupsPagesWithContext(aws.BackgroundContext(), input, fn) -} - -// DescribeLogGroupsPagesWithContext same as DescribeLogGroupsPages except -// it takes a Context and allows setting request options on the pages. -// -// The context must be non-nil and will be used for request cancellation. If -// the context is nil a panic will occur. In the future the SDK may create -// sub-contexts for http.Requests. See https://golang.org/pkg/context/ -// for more information on using Contexts. -func (c *CloudWatchLogs) DescribeLogGroupsPagesWithContext(ctx aws.Context, input *DescribeLogGroupsInput, fn func(*DescribeLogGroupsOutput, bool) bool, opts ...request.Option) error { - p := request.Pagination{ - EndPageOnSameToken: true, - NewRequest: func() (*request.Request, error) { - var inCpy *DescribeLogGroupsInput - if input != nil { - tmp := *input - inCpy = &tmp - } - req, _ := c.DescribeLogGroupsRequest(inCpy) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return req, nil - }, - } - - for p.Next() { - if !fn(p.Page().(*DescribeLogGroupsOutput), !p.HasNextPage()) { - break - } - } - - return p.Err() -} - -const opDescribeLogStreams = "DescribeLogStreams" +const opDeleteQueryDefinition = "DeleteQueryDefinition" -// DescribeLogStreamsRequest generates a "aws/request.Request" representing the -// client's request for the DescribeLogStreams operation. The "output" return +// DeleteQueryDefinitionRequest generates a "aws/request.Request" representing the +// client's request for the DeleteQueryDefinition operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeLogStreams for more information on using the DescribeLogStreams +// See DeleteQueryDefinition for more information on using the DeleteQueryDefinition // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteQueryDefinitionRequest method. +// req, resp := client.DeleteQueryDefinitionRequest(params) // -// // Example sending a request using the DescribeLogStreamsRequest method. -// req, resp := client.DescribeLogStreamsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogStreams -func (c *CloudWatchLogs) DescribeLogStreamsRequest(input *DescribeLogStreamsInput) (req *request.Request, output *DescribeLogStreamsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteQueryDefinition +func (c *CloudWatchLogs) DeleteQueryDefinitionRequest(input *DeleteQueryDefinitionInput) (req *request.Request, output *DeleteQueryDefinitionOutput) { op := &request.Operation{ - Name: opDescribeLogStreams, + Name: opDeleteQueryDefinition, HTTPMethod: "POST", HTTPPath: "/", - Paginator: &request.Paginator{ - InputTokens: []string{"nextToken"}, - OutputTokens: []string{"nextToken"}, - LimitToken: "limit", - TruncationToken: "", - }, } if input == nil { - input = &DescribeLogStreamsInput{} + input = &DeleteQueryDefinitionInput{} } - output = &DescribeLogStreamsOutput{} + output = &DeleteQueryDefinitionOutput{} req = c.newRequest(op, input, output) return } -// DescribeLogStreams API operation for Amazon CloudWatch Logs. +// DeleteQueryDefinition API operation for Amazon CloudWatch Logs. // -// Lists the log streams for the specified log group. You can list all the log -// streams or filter the results by prefix. You can also control how the results -// are ordered. +// Deletes a saved CloudWatch Logs Insights query definition. A query definition +// contains details about a saved CloudWatch Logs Insights query. // -// This operation has a limit of five transactions per second, after which transactions -// are throttled. +// Each DeleteQueryDefinition operation can delete one query definition. +// +// You must have the logs:DeleteQueryDefinition permission to be able to perform +// this operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeLogStreams for usage and error information. +// API operation DeleteQueryDefinition for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogStreams -func (c *CloudWatchLogs) DescribeLogStreams(input *DescribeLogStreamsInput) (*DescribeLogStreamsOutput, error) { - req, out := c.DescribeLogStreamsRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteQueryDefinition +func (c *CloudWatchLogs) DeleteQueryDefinition(input *DeleteQueryDefinitionInput) (*DeleteQueryDefinitionOutput, error) { + req, out := c.DeleteQueryDefinitionRequest(input) return out, req.Send() } -// DescribeLogStreamsWithContext is the same as DescribeLogStreams with the addition of +// DeleteQueryDefinitionWithContext is the same as DeleteQueryDefinition with the addition of // the ability to pass a context and additional request options. // -// See DescribeLogStreams for details on how to use this API operation. +// See DeleteQueryDefinition for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeLogStreamsWithContext(ctx aws.Context, input *DescribeLogStreamsInput, opts ...request.Option) (*DescribeLogStreamsOutput, error) { - req, out := c.DescribeLogStreamsRequest(input) +func (c *CloudWatchLogs) DeleteQueryDefinitionWithContext(ctx aws.Context, input *DeleteQueryDefinitionInput, opts ...request.Option) (*DeleteQueryDefinitionOutput, error) { + req, out := c.DeleteQueryDefinitionRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// DescribeLogStreamsPages iterates over the pages of a DescribeLogStreams operation, -// calling the "fn" function with the response data for each page. To stop -// iterating, return false from the fn function. -// -// See DescribeLogStreams method for more information on how to use this operation. -// -// Note: This operation can generate multiple requests to a service. -// -// // Example iterating over at most 3 pages of a DescribeLogStreams operation. -// pageNum := 0 -// err := client.DescribeLogStreamsPages(params, -// func(page *cloudwatchlogs.DescribeLogStreamsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatchLogs) DescribeLogStreamsPages(input *DescribeLogStreamsInput, fn func(*DescribeLogStreamsOutput, bool) bool) error { - return c.DescribeLogStreamsPagesWithContext(aws.BackgroundContext(), input, fn) -} - -// DescribeLogStreamsPagesWithContext same as DescribeLogStreamsPages except -// it takes a Context and allows setting request options on the pages. -// -// The context must be non-nil and will be used for request cancellation. If -// the context is nil a panic will occur. In the future the SDK may create -// sub-contexts for http.Requests. See https://golang.org/pkg/context/ -// for more information on using Contexts. -func (c *CloudWatchLogs) DescribeLogStreamsPagesWithContext(ctx aws.Context, input *DescribeLogStreamsInput, fn func(*DescribeLogStreamsOutput, bool) bool, opts ...request.Option) error { - p := request.Pagination{ - EndPageOnSameToken: true, - NewRequest: func() (*request.Request, error) { - var inCpy *DescribeLogStreamsInput - if input != nil { - tmp := *input - inCpy = &tmp - } - req, _ := c.DescribeLogStreamsRequest(inCpy) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return req, nil - }, - } - - for p.Next() { - if !fn(p.Page().(*DescribeLogStreamsOutput), !p.HasNextPage()) { - break - } - } - - return p.Err() -} - -const opDescribeMetricFilters = "DescribeMetricFilters" +const opDeleteResourcePolicy = "DeleteResourcePolicy" -// DescribeMetricFiltersRequest generates a "aws/request.Request" representing the -// client's request for the DescribeMetricFilters operation. The "output" return +// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteResourcePolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeMetricFilters for more information on using the DescribeMetricFilters +// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteResourcePolicyRequest method. +// req, resp := client.DeleteResourcePolicyRequest(params) // -// // Example sending a request using the DescribeMetricFiltersRequest method. -// req, resp := client.DescribeMetricFiltersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFilters -func (c *CloudWatchLogs) DescribeMetricFiltersRequest(input *DescribeMetricFiltersInput) (req *request.Request, output *DescribeMetricFiltersOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteResourcePolicy +func (c *CloudWatchLogs) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { op := &request.Operation{ - Name: opDescribeMetricFilters, + Name: opDeleteResourcePolicy, HTTPMethod: "POST", HTTPPath: "/", - Paginator: &request.Paginator{ - InputTokens: []string{"nextToken"}, - OutputTokens: []string{"nextToken"}, - LimitToken: "limit", - TruncationToken: "", - }, } if input == nil { - input = &DescribeMetricFiltersInput{} + input = &DeleteResourcePolicyInput{} } - output = &DescribeMetricFiltersOutput{} + output = &DeleteResourcePolicyOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DescribeMetricFilters API operation for Amazon CloudWatch Logs. +// DeleteResourcePolicy API operation for Amazon CloudWatch Logs. // -// Lists the specified metric filters. You can list all of the metric filters -// or filter the results by log name, prefix, metric name, or metric namespace. -// The results are ASCII-sorted by filter name. +// Deletes a resource policy from this account. This revokes the access of the +// identities in that policy to put log events to this account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeMetricFilters for usage and error information. +// API operation DeleteResourcePolicy for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFilters -func (c *CloudWatchLogs) DescribeMetricFilters(input *DescribeMetricFiltersInput) (*DescribeMetricFiltersOutput, error) { - req, out := c.DescribeMetricFiltersRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteResourcePolicy +func (c *CloudWatchLogs) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) return out, req.Send() } -// DescribeMetricFiltersWithContext is the same as DescribeMetricFilters with the addition of +// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of // the ability to pass a context and additional request options. // -// See DescribeMetricFilters for details on how to use this API operation. +// See DeleteResourcePolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeMetricFiltersWithContext(ctx aws.Context, input *DescribeMetricFiltersInput, opts ...request.Option) (*DescribeMetricFiltersOutput, error) { - req, out := c.DescribeMetricFiltersRequest(input) +func (c *CloudWatchLogs) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// DescribeMetricFiltersPages iterates over the pages of a DescribeMetricFilters operation, -// calling the "fn" function with the response data for each page. To stop -// iterating, return false from the fn function. +const opDeleteRetentionPolicy = "DeleteRetentionPolicy" + +// DeleteRetentionPolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteRetentionPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. // -// See DescribeMetricFilters method for more information on how to use this operation. +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. // -// Note: This operation can generate multiple requests to a service. +// See DeleteRetentionPolicy for more information on using the DeleteRetentionPolicy +// API call, and error handling. // -// // Example iterating over at most 3 pages of a DescribeMetricFilters operation. -// pageNum := 0 -// err := client.DescribeMetricFiltersPages(params, -// func(page *cloudwatchlogs.DescribeMetricFiltersOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatchLogs) DescribeMetricFiltersPages(input *DescribeMetricFiltersInput, fn func(*DescribeMetricFiltersOutput, bool) bool) error { - return c.DescribeMetricFiltersPagesWithContext(aws.BackgroundContext(), input, fn) -} - -// DescribeMetricFiltersPagesWithContext same as DescribeMetricFiltersPages except -// it takes a Context and allows setting request options on the pages. -// -// The context must be non-nil and will be used for request cancellation. If -// the context is nil a panic will occur. In the future the SDK may create -// sub-contexts for http.Requests. See https://golang.org/pkg/context/ -// for more information on using Contexts. -func (c *CloudWatchLogs) DescribeMetricFiltersPagesWithContext(ctx aws.Context, input *DescribeMetricFiltersInput, fn func(*DescribeMetricFiltersOutput, bool) bool, opts ...request.Option) error { - p := request.Pagination{ - EndPageOnSameToken: true, - NewRequest: func() (*request.Request, error) { - var inCpy *DescribeMetricFiltersInput - if input != nil { - tmp := *input - inCpy = &tmp - } - req, _ := c.DescribeMetricFiltersRequest(inCpy) - req.SetContext(ctx) - req.ApplyOptions(opts...) - return req, nil - }, - } - - for p.Next() { - if !fn(p.Page().(*DescribeMetricFiltersOutput), !p.HasNextPage()) { - break - } - } - - return p.Err() -} - -const opDescribeQueries = "DescribeQueries" - -// DescribeQueriesRequest generates a "aws/request.Request" representing the -// client's request for the DescribeQueries operation. The "output" return -// value will be populated with the request's response once the request completes -// successfully. -// -// Use "Send" method on the returned Request to send the API call to the service. -// the "output" return value is not valid until after Send returns without error. -// -// See DescribeQueries for more information on using the DescribeQueries -// API call, and error handling. -// -// This method is useful when you want to inject custom logic or configuration -// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteRetentionPolicyRequest method. +// req, resp := client.DeleteRetentionPolicyRequest(params) // -// // Example sending a request using the DescribeQueriesRequest method. -// req, resp := client.DescribeQueriesRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueries -func (c *CloudWatchLogs) DescribeQueriesRequest(input *DescribeQueriesInput) (req *request.Request, output *DescribeQueriesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteRetentionPolicy +func (c *CloudWatchLogs) DeleteRetentionPolicyRequest(input *DeleteRetentionPolicyInput) (req *request.Request, output *DeleteRetentionPolicyOutput) { op := &request.Operation{ - Name: opDescribeQueries, + Name: opDeleteRetentionPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DescribeQueriesInput{} + input = &DeleteRetentionPolicyInput{} } - output = &DescribeQueriesOutput{} + output = &DeleteRetentionPolicyOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DescribeQueries API operation for Amazon CloudWatch Logs. +// DeleteRetentionPolicy API operation for Amazon CloudWatch Logs. // -// Returns a list of CloudWatch Logs Insights queries that are scheduled, executing, -// or have been executed recently in this account. You can request all queries -// or limit it to queries of a specific log group or queries with a certain -// status. +// Deletes the specified retention policy. +// +// Log events do not expire if they belong to log groups without a retention +// policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeQueries for usage and error information. +// API operation DeleteRetentionPolicy for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueries -func (c *CloudWatchLogs) DescribeQueries(input *DescribeQueriesInput) (*DescribeQueriesOutput, error) { - req, out := c.DescribeQueriesRequest(input) +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteRetentionPolicy +func (c *CloudWatchLogs) DeleteRetentionPolicy(input *DeleteRetentionPolicyInput) (*DeleteRetentionPolicyOutput, error) { + req, out := c.DeleteRetentionPolicyRequest(input) return out, req.Send() } -// DescribeQueriesWithContext is the same as DescribeQueries with the addition of +// DeleteRetentionPolicyWithContext is the same as DeleteRetentionPolicy with the addition of // the ability to pass a context and additional request options. // -// See DescribeQueries for details on how to use this API operation. +// See DeleteRetentionPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeQueriesWithContext(ctx aws.Context, input *DescribeQueriesInput, opts ...request.Option) (*DescribeQueriesOutput, error) { - req, out := c.DescribeQueriesRequest(input) +func (c *CloudWatchLogs) DeleteRetentionPolicyWithContext(ctx aws.Context, input *DeleteRetentionPolicyInput, opts ...request.Option) (*DeleteRetentionPolicyOutput, error) { + req, out := c.DeleteRetentionPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDescribeQueryDefinitions = "DescribeQueryDefinitions" +const opDeleteSubscriptionFilter = "DeleteSubscriptionFilter" -// DescribeQueryDefinitionsRequest generates a "aws/request.Request" representing the -// client's request for the DescribeQueryDefinitions operation. The "output" return +// DeleteSubscriptionFilterRequest generates a "aws/request.Request" representing the +// client's request for the DeleteSubscriptionFilter operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeQueryDefinitions for more information on using the DescribeQueryDefinitions +// See DeleteSubscriptionFilter for more information on using the DeleteSubscriptionFilter // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteSubscriptionFilterRequest method. +// req, resp := client.DeleteSubscriptionFilterRequest(params) // -// // Example sending a request using the DescribeQueryDefinitionsRequest method. -// req, resp := client.DescribeQueryDefinitionsRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueryDefinitions -func (c *CloudWatchLogs) DescribeQueryDefinitionsRequest(input *DescribeQueryDefinitionsInput) (req *request.Request, output *DescribeQueryDefinitionsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteSubscriptionFilter +func (c *CloudWatchLogs) DeleteSubscriptionFilterRequest(input *DeleteSubscriptionFilterInput) (req *request.Request, output *DeleteSubscriptionFilterOutput) { op := &request.Operation{ - Name: opDescribeQueryDefinitions, + Name: opDeleteSubscriptionFilter, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DescribeQueryDefinitionsInput{} + input = &DeleteSubscriptionFilterInput{} } - output = &DescribeQueryDefinitionsOutput{} + output = &DeleteSubscriptionFilterOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DescribeQueryDefinitions API operation for Amazon CloudWatch Logs. -// -// This operation returns a paginated list of your saved CloudWatch Logs Insights -// query definitions. +// DeleteSubscriptionFilter API operation for Amazon CloudWatch Logs. // -// You can use the queryDefinitionNamePrefix parameter to limit the results -// to only the query definitions that have names that start with a certain string. +// Deletes the specified subscription filter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeQueryDefinitions for usage and error information. +// API operation DeleteSubscriptionFilter for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueryDefinitions -func (c *CloudWatchLogs) DescribeQueryDefinitions(input *DescribeQueryDefinitionsInput) (*DescribeQueryDefinitionsOutput, error) { - req, out := c.DescribeQueryDefinitionsRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteSubscriptionFilter +func (c *CloudWatchLogs) DeleteSubscriptionFilter(input *DeleteSubscriptionFilterInput) (*DeleteSubscriptionFilterOutput, error) { + req, out := c.DeleteSubscriptionFilterRequest(input) return out, req.Send() } -// DescribeQueryDefinitionsWithContext is the same as DescribeQueryDefinitions with the addition of +// DeleteSubscriptionFilterWithContext is the same as DeleteSubscriptionFilter with the addition of // the ability to pass a context and additional request options. // -// See DescribeQueryDefinitions for details on how to use this API operation. +// See DeleteSubscriptionFilter for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeQueryDefinitionsWithContext(ctx aws.Context, input *DescribeQueryDefinitionsInput, opts ...request.Option) (*DescribeQueryDefinitionsOutput, error) { - req, out := c.DescribeQueryDefinitionsRequest(input) +func (c *CloudWatchLogs) DeleteSubscriptionFilterWithContext(ctx aws.Context, input *DeleteSubscriptionFilterInput, opts ...request.Option) (*DeleteSubscriptionFilterOutput, error) { + req, out := c.DeleteSubscriptionFilterRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDescribeResourcePolicies = "DescribeResourcePolicies" +const opDescribeAccountPolicies = "DescribeAccountPolicies" -// DescribeResourcePoliciesRequest generates a "aws/request.Request" representing the -// client's request for the DescribeResourcePolicies operation. The "output" return +// DescribeAccountPoliciesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeAccountPolicies operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeResourcePolicies for more information on using the DescribeResourcePolicies +// See DescribeAccountPolicies for more information on using the DescribeAccountPolicies // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeAccountPoliciesRequest method. +// req, resp := client.DescribeAccountPoliciesRequest(params) // -// // Example sending a request using the DescribeResourcePoliciesRequest method. -// req, resp := client.DescribeResourcePoliciesRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeResourcePolicies -func (c *CloudWatchLogs) DescribeResourcePoliciesRequest(input *DescribeResourcePoliciesInput) (req *request.Request, output *DescribeResourcePoliciesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies +func (c *CloudWatchLogs) DescribeAccountPoliciesRequest(input *DescribeAccountPoliciesInput) (req *request.Request, output *DescribeAccountPoliciesOutput) { op := &request.Operation{ - Name: opDescribeResourcePolicies, + Name: opDescribeAccountPolicies, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DescribeResourcePoliciesInput{} + input = &DescribeAccountPoliciesInput{} } - output = &DescribeResourcePoliciesOutput{} + output = &DescribeAccountPoliciesOutput{} req = c.newRequest(op, input, output) return } -// DescribeResourcePolicies API operation for Amazon CloudWatch Logs. +// DescribeAccountPolicies API operation for Amazon CloudWatch Logs. // -// Lists the resource policies in this account. +// Returns a list of all CloudWatch Logs account policies in the account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeResourcePolicies for usage and error information. +// API operation DescribeAccountPolicies for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeResourcePolicies -func (c *CloudWatchLogs) DescribeResourcePolicies(input *DescribeResourcePoliciesInput) (*DescribeResourcePoliciesOutput, error) { - req, out := c.DescribeResourcePoliciesRequest(input) +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies +func (c *CloudWatchLogs) DescribeAccountPolicies(input *DescribeAccountPoliciesInput) (*DescribeAccountPoliciesOutput, error) { + req, out := c.DescribeAccountPoliciesRequest(input) return out, req.Send() } -// DescribeResourcePoliciesWithContext is the same as DescribeResourcePolicies with the addition of +// DescribeAccountPoliciesWithContext is the same as DescribeAccountPolicies with the addition of // the ability to pass a context and additional request options. // -// See DescribeResourcePolicies for details on how to use this API operation. +// See DescribeAccountPolicies for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeResourcePoliciesWithContext(ctx aws.Context, input *DescribeResourcePoliciesInput, opts ...request.Option) (*DescribeResourcePoliciesOutput, error) { - req, out := c.DescribeResourcePoliciesRequest(input) +func (c *CloudWatchLogs) DescribeAccountPoliciesWithContext(ctx aws.Context, input *DescribeAccountPoliciesInput, opts ...request.Option) (*DescribeAccountPoliciesOutput, error) { + req, out := c.DescribeAccountPoliciesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDescribeSubscriptionFilters = "DescribeSubscriptionFilters" +const opDescribeDeliveries = "DescribeDeliveries" -// DescribeSubscriptionFiltersRequest generates a "aws/request.Request" representing the -// client's request for the DescribeSubscriptionFilters operation. The "output" return +// DescribeDeliveriesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDeliveries operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeSubscriptionFilters for more information on using the DescribeSubscriptionFilters +// See DescribeDeliveries for more information on using the DescribeDeliveries // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDeliveriesRequest method. +// req, resp := client.DescribeDeliveriesRequest(params) // -// // Example sending a request using the DescribeSubscriptionFiltersRequest method. -// req, resp := client.DescribeSubscriptionFiltersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeSubscriptionFilters -func (c *CloudWatchLogs) DescribeSubscriptionFiltersRequest(input *DescribeSubscriptionFiltersInput) (req *request.Request, output *DescribeSubscriptionFiltersOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDeliveries +func (c *CloudWatchLogs) DescribeDeliveriesRequest(input *DescribeDeliveriesInput) (req *request.Request, output *DescribeDeliveriesOutput) { op := &request.Operation{ - Name: opDescribeSubscriptionFilters, + Name: opDescribeDeliveries, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ @@ -2220,97 +2354,107 @@ func (c *CloudWatchLogs) DescribeSubscriptionFiltersRequest(input *DescribeSubsc } if input == nil { - input = &DescribeSubscriptionFiltersInput{} + input = &DescribeDeliveriesInput{} } - output = &DescribeSubscriptionFiltersOutput{} + output = &DescribeDeliveriesOutput{} req = c.newRequest(op, input, output) return } -// DescribeSubscriptionFilters API operation for Amazon CloudWatch Logs. +// DescribeDeliveries API operation for Amazon CloudWatch Logs. // -// Lists the subscription filters for the specified log group. You can list -// all the subscription filters or filter the results by prefix. The results -// are ASCII-sorted by filter name. +// Retrieves a list of the deliveries that have been created in the account. +// +// A delivery is a connection between a delivery source (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) +// and a delivery destination (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html). +// +// A delivery source represents an Amazon Web Services resource that sends logs +// to an logs delivery destination. The destination can be CloudWatch Logs, +// Amazon S3, or Firehose. Only some Amazon Web Services services support being +// configured as a delivery source. These services are listed in Enable logging +// from Amazon Web Services services. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DescribeSubscriptionFilters for usage and error information. +// API operation DescribeDeliveries for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceQuotaExceededException +// This request exceeds a service quota. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeSubscriptionFilters -func (c *CloudWatchLogs) DescribeSubscriptionFilters(input *DescribeSubscriptionFiltersInput) (*DescribeSubscriptionFiltersOutput, error) { - req, out := c.DescribeSubscriptionFiltersRequest(input) +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDeliveries +func (c *CloudWatchLogs) DescribeDeliveries(input *DescribeDeliveriesInput) (*DescribeDeliveriesOutput, error) { + req, out := c.DescribeDeliveriesRequest(input) return out, req.Send() } -// DescribeSubscriptionFiltersWithContext is the same as DescribeSubscriptionFilters with the addition of +// DescribeDeliveriesWithContext is the same as DescribeDeliveries with the addition of // the ability to pass a context and additional request options. // -// See DescribeSubscriptionFilters for details on how to use this API operation. +// See DescribeDeliveries for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeSubscriptionFiltersWithContext(ctx aws.Context, input *DescribeSubscriptionFiltersInput, opts ...request.Option) (*DescribeSubscriptionFiltersOutput, error) { - req, out := c.DescribeSubscriptionFiltersRequest(input) +func (c *CloudWatchLogs) DescribeDeliveriesWithContext(ctx aws.Context, input *DescribeDeliveriesInput, opts ...request.Option) (*DescribeDeliveriesOutput, error) { + req, out := c.DescribeDeliveriesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// DescribeSubscriptionFiltersPages iterates over the pages of a DescribeSubscriptionFilters operation, +// DescribeDeliveriesPages iterates over the pages of a DescribeDeliveries operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See DescribeSubscriptionFilters method for more information on how to use this operation. +// See DescribeDeliveries method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeSubscriptionFilters operation. -// pageNum := 0 -// err := client.DescribeSubscriptionFiltersPages(params, -// func(page *cloudwatchlogs.DescribeSubscriptionFiltersOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatchLogs) DescribeSubscriptionFiltersPages(input *DescribeSubscriptionFiltersInput, fn func(*DescribeSubscriptionFiltersOutput, bool) bool) error { - return c.DescribeSubscriptionFiltersPagesWithContext(aws.BackgroundContext(), input, fn) +// // Example iterating over at most 3 pages of a DescribeDeliveries operation. +// pageNum := 0 +// err := client.DescribeDeliveriesPages(params, +// func(page *cloudwatchlogs.DescribeDeliveriesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeDeliveriesPages(input *DescribeDeliveriesInput, fn func(*DescribeDeliveriesOutput, bool) bool) error { + return c.DescribeDeliveriesPagesWithContext(aws.BackgroundContext(), input, fn) } -// DescribeSubscriptionFiltersPagesWithContext same as DescribeSubscriptionFiltersPages except +// DescribeDeliveriesPagesWithContext same as DescribeDeliveriesPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DescribeSubscriptionFiltersPagesWithContext(ctx aws.Context, input *DescribeSubscriptionFiltersInput, fn func(*DescribeSubscriptionFiltersOutput, bool) bool, opts ...request.Option) error { +func (c *CloudWatchLogs) DescribeDeliveriesPagesWithContext(ctx aws.Context, input *DescribeDeliveriesInput, fn func(*DescribeDeliveriesOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ EndPageOnSameToken: true, NewRequest: func() (*request.Request, error) { - var inCpy *DescribeSubscriptionFiltersInput + var inCpy *DescribeDeliveriesInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.DescribeSubscriptionFiltersRequest(inCpy) + req, _ := c.DescribeDeliveriesRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -2318,7 +2462,7 @@ func (c *CloudWatchLogs) DescribeSubscriptionFiltersPagesWithContext(ctx aws.Con } for p.Next() { - if !fn(p.Page().(*DescribeSubscriptionFiltersOutput), !p.HasNextPage()) { + if !fn(p.Page().(*DescribeDeliveriesOutput), !p.HasNextPage()) { break } } @@ -2326,245 +2470,284 @@ func (c *CloudWatchLogs) DescribeSubscriptionFiltersPagesWithContext(ctx aws.Con return p.Err() } -const opDisassociateKmsKey = "DisassociateKmsKey" +const opDescribeDeliveryDestinations = "DescribeDeliveryDestinations" -// DisassociateKmsKeyRequest generates a "aws/request.Request" representing the -// client's request for the DisassociateKmsKey operation. The "output" return +// DescribeDeliveryDestinationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDeliveryDestinations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DisassociateKmsKey for more information on using the DisassociateKmsKey +// See DescribeDeliveryDestinations for more information on using the DescribeDeliveryDestinations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDeliveryDestinationsRequest method. +// req, resp := client.DescribeDeliveryDestinationsRequest(params) // -// // Example sending a request using the DisassociateKmsKeyRequest method. -// req, resp := client.DisassociateKmsKeyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DisassociateKmsKey -func (c *CloudWatchLogs) DisassociateKmsKeyRequest(input *DisassociateKmsKeyInput) (req *request.Request, output *DisassociateKmsKeyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDeliveryDestinations +func (c *CloudWatchLogs) DescribeDeliveryDestinationsRequest(input *DescribeDeliveryDestinationsInput) (req *request.Request, output *DescribeDeliveryDestinationsOutput) { op := &request.Operation{ - Name: opDisassociateKmsKey, + Name: opDescribeDeliveryDestinations, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, } if input == nil { - input = &DisassociateKmsKeyInput{} + input = &DescribeDeliveryDestinationsInput{} } - output = &DisassociateKmsKeyOutput{} + output = &DescribeDeliveryDestinationsOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// DisassociateKmsKey API operation for Amazon CloudWatch Logs. -// -// Disassociates the associated AWS Key Management Service (AWS KMS) customer -// master key (CMK) from the specified log group. +// DescribeDeliveryDestinations API operation for Amazon CloudWatch Logs. // -// After the AWS KMS CMK is disassociated from the log group, AWS CloudWatch -// Logs stops encrypting newly ingested data for the log group. All previously -// ingested data remains encrypted, and AWS CloudWatch Logs requires permissions -// for the CMK whenever the encrypted data is requested. -// -// Note that it can take up to 5 minutes for this operation to take effect. +// Retrieves a list of the delivery destinations that have been created in the +// account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation DisassociateKmsKey for usage and error information. +// API operation DescribeDeliveryDestinations for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - ServiceQuotaExceededException +// This request exceeds a service quota. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ValidationException +// One of the parameters for the request is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DisassociateKmsKey -func (c *CloudWatchLogs) DisassociateKmsKey(input *DisassociateKmsKeyInput) (*DisassociateKmsKeyOutput, error) { - req, out := c.DisassociateKmsKeyRequest(input) +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDeliveryDestinations +func (c *CloudWatchLogs) DescribeDeliveryDestinations(input *DescribeDeliveryDestinationsInput) (*DescribeDeliveryDestinationsOutput, error) { + req, out := c.DescribeDeliveryDestinationsRequest(input) return out, req.Send() } -// DisassociateKmsKeyWithContext is the same as DisassociateKmsKey with the addition of +// DescribeDeliveryDestinationsWithContext is the same as DescribeDeliveryDestinations with the addition of // the ability to pass a context and additional request options. // -// See DisassociateKmsKey for details on how to use this API operation. +// See DescribeDeliveryDestinations for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) DisassociateKmsKeyWithContext(ctx aws.Context, input *DisassociateKmsKeyInput, opts ...request.Option) (*DisassociateKmsKeyOutput, error) { - req, out := c.DisassociateKmsKeyRequest(input) +func (c *CloudWatchLogs) DescribeDeliveryDestinationsWithContext(ctx aws.Context, input *DescribeDeliveryDestinationsInput, opts ...request.Option) (*DescribeDeliveryDestinationsOutput, error) { + req, out := c.DescribeDeliveryDestinationsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opFilterLogEvents = "FilterLogEvents" - -// FilterLogEventsRequest generates a "aws/request.Request" representing the -// client's request for the FilterLogEvents operation. The "output" return -// value will be populated with the request's response once the request completes -// successfully. -// -// Use "Send" method on the returned Request to send the API call to the service. -// the "output" return value is not valid until after Send returns without error. -// -// See FilterLogEvents for more information on using the FilterLogEvents -// API call, and error handling. -// -// This method is useful when you want to inject custom logic or configuration -// into the SDK's request lifecycle. Such as custom headers, or retry logic. -// +// DescribeDeliveryDestinationsPages iterates over the pages of a DescribeDeliveryDestinations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. // -// // Example sending a request using the FilterLogEventsRequest method. -// req, resp := client.FilterLogEventsRequest(params) +// See DescribeDeliveryDestinations method for more information on how to use this operation. // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// Note: This operation can generate multiple requests to a service. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilterLogEvents -func (c *CloudWatchLogs) FilterLogEventsRequest(input *FilterLogEventsInput) (req *request.Request, output *FilterLogEventsOutput) { - op := &request.Operation{ - Name: opFilterLogEvents, - HTTPMethod: "POST", - HTTPPath: "/", - Paginator: &request.Paginator{ - InputTokens: []string{"nextToken"}, - OutputTokens: []string{"nextToken"}, - LimitToken: "limit", - TruncationToken: "", - }, - } +// // Example iterating over at most 3 pages of a DescribeDeliveryDestinations operation. +// pageNum := 0 +// err := client.DescribeDeliveryDestinationsPages(params, +// func(page *cloudwatchlogs.DescribeDeliveryDestinationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeDeliveryDestinationsPages(input *DescribeDeliveryDestinationsInput, fn func(*DescribeDeliveryDestinationsOutput, bool) bool) error { + return c.DescribeDeliveryDestinationsPagesWithContext(aws.BackgroundContext(), input, fn) +} - if input == nil { - input = &FilterLogEventsInput{} +// DescribeDeliveryDestinationsPagesWithContext same as DescribeDeliveryDestinationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) DescribeDeliveryDestinationsPagesWithContext(ctx aws.Context, input *DescribeDeliveryDestinationsInput, fn func(*DescribeDeliveryDestinationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeDeliveryDestinationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDeliveryDestinationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, } - output = &FilterLogEventsOutput{} - req = c.newRequest(op, input, output) - return + for p.Next() { + if !fn(p.Page().(*DescribeDeliveryDestinationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() } -// FilterLogEvents API operation for Amazon CloudWatch Logs. +const opDescribeDeliverySources = "DescribeDeliverySources" + +// DescribeDeliverySourcesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDeliverySources operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. // -// Lists log events from the specified log group. You can list all the log events -// or filter the results using a filter pattern, a time range, and the name -// of the log stream. +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. // -// By default, this operation returns as many log events as can fit in 1 MB -// (up to 10,000 log events) or all the events found within the time range that -// you specify. If the results include a token, then there are more log events -// available, and you can get additional results by specifying the token in -// a subsequent call. This operation can return empty results while there are -// more log events available through the token. +// See DescribeDeliverySources for more information on using the DescribeDeliverySources +// API call, and error handling. // -// The returned log events are sorted by event timestamp, the timestamp when -// the event was ingested by CloudWatch Logs, and the ID of the PutLogEvents -// request. +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeDeliverySourcesRequest method. +// req, resp := client.DescribeDeliverySourcesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDeliverySources +func (c *CloudWatchLogs) DescribeDeliverySourcesRequest(input *DescribeDeliverySourcesInput) (req *request.Request, output *DescribeDeliverySourcesOutput) { + op := &request.Operation{ + Name: opDescribeDeliverySources, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeDeliverySourcesInput{} + } + + output = &DescribeDeliverySourcesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeDeliverySources API operation for Amazon CloudWatch Logs. +// +// Retrieves a list of the delivery sources that have been created in the account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation FilterLogEvents for usage and error information. +// API operation DescribeDeliverySources for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceQuotaExceededException +// This request exceeds a service quota. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilterLogEvents -func (c *CloudWatchLogs) FilterLogEvents(input *FilterLogEventsInput) (*FilterLogEventsOutput, error) { - req, out := c.FilterLogEventsRequest(input) +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDeliverySources +func (c *CloudWatchLogs) DescribeDeliverySources(input *DescribeDeliverySourcesInput) (*DescribeDeliverySourcesOutput, error) { + req, out := c.DescribeDeliverySourcesRequest(input) return out, req.Send() } -// FilterLogEventsWithContext is the same as FilterLogEvents with the addition of +// DescribeDeliverySourcesWithContext is the same as DescribeDeliverySources with the addition of // the ability to pass a context and additional request options. // -// See FilterLogEvents for details on how to use this API operation. +// See DescribeDeliverySources for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) FilterLogEventsWithContext(ctx aws.Context, input *FilterLogEventsInput, opts ...request.Option) (*FilterLogEventsOutput, error) { - req, out := c.FilterLogEventsRequest(input) +func (c *CloudWatchLogs) DescribeDeliverySourcesWithContext(ctx aws.Context, input *DescribeDeliverySourcesInput, opts ...request.Option) (*DescribeDeliverySourcesOutput, error) { + req, out := c.DescribeDeliverySourcesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// FilterLogEventsPages iterates over the pages of a FilterLogEvents operation, +// DescribeDeliverySourcesPages iterates over the pages of a DescribeDeliverySources operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See FilterLogEvents method for more information on how to use this operation. +// See DescribeDeliverySources method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a FilterLogEvents operation. -// pageNum := 0 -// err := client.FilterLogEventsPages(params, -// func(page *cloudwatchlogs.FilterLogEventsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatchLogs) FilterLogEventsPages(input *FilterLogEventsInput, fn func(*FilterLogEventsOutput, bool) bool) error { - return c.FilterLogEventsPagesWithContext(aws.BackgroundContext(), input, fn) +// // Example iterating over at most 3 pages of a DescribeDeliverySources operation. +// pageNum := 0 +// err := client.DescribeDeliverySourcesPages(params, +// func(page *cloudwatchlogs.DescribeDeliverySourcesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeDeliverySourcesPages(input *DescribeDeliverySourcesInput, fn func(*DescribeDeliverySourcesOutput, bool) bool) error { + return c.DescribeDeliverySourcesPagesWithContext(aws.BackgroundContext(), input, fn) } -// FilterLogEventsPagesWithContext same as FilterLogEventsPages except +// DescribeDeliverySourcesPagesWithContext same as DescribeDeliverySourcesPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) FilterLogEventsPagesWithContext(ctx aws.Context, input *FilterLogEventsInput, fn func(*FilterLogEventsOutput, bool) bool, opts ...request.Option) error { +func (c *CloudWatchLogs) DescribeDeliverySourcesPagesWithContext(ctx aws.Context, input *DescribeDeliverySourcesInput, fn func(*DescribeDeliverySourcesOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ EndPageOnSameToken: true, NewRequest: func() (*request.Request, error) { - var inCpy *FilterLogEventsInput + var inCpy *DescribeDeliverySourcesInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.FilterLogEventsRequest(inCpy) + req, _ := c.DescribeDeliverySourcesRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -2572,7 +2755,7 @@ func (c *CloudWatchLogs) FilterLogEventsPagesWithContext(ctx aws.Context, input } for p.Next() { - if !fn(p.Page().(*FilterLogEventsOutput), !p.HasNextPage()) { + if !fn(p.Page().(*DescribeDeliverySourcesOutput), !p.HasNextPage()) { break } } @@ -2580,142 +2763,132 @@ func (c *CloudWatchLogs) FilterLogEventsPagesWithContext(ctx aws.Context, input return p.Err() } -const opGetLogEvents = "GetLogEvents" +const opDescribeDestinations = "DescribeDestinations" -// GetLogEventsRequest generates a "aws/request.Request" representing the -// client's request for the GetLogEvents operation. The "output" return +// DescribeDestinationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDestinations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetLogEvents for more information on using the GetLogEvents +// See DescribeDestinations for more information on using the DescribeDestinations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDestinationsRequest method. +// req, resp := client.DescribeDestinationsRequest(params) // -// // Example sending a request using the GetLogEventsRequest method. -// req, resp := client.GetLogEventsRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogEvents -func (c *CloudWatchLogs) GetLogEventsRequest(input *GetLogEventsInput) (req *request.Request, output *GetLogEventsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDestinations +func (c *CloudWatchLogs) DescribeDestinationsRequest(input *DescribeDestinationsInput) (req *request.Request, output *DescribeDestinationsOutput) { op := &request.Operation{ - Name: opGetLogEvents, + Name: opDescribeDestinations, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"nextToken"}, - OutputTokens: []string{"nextForwardToken"}, + OutputTokens: []string{"nextToken"}, LimitToken: "limit", TruncationToken: "", }, } if input == nil { - input = &GetLogEventsInput{} + input = &DescribeDestinationsInput{} } - output = &GetLogEventsOutput{} + output = &DescribeDestinationsOutput{} req = c.newRequest(op, input, output) return } -// GetLogEvents API operation for Amazon CloudWatch Logs. -// -// Lists log events from the specified log stream. You can list all of the log -// events or filter using a time range. +// DescribeDestinations API operation for Amazon CloudWatch Logs. // -// By default, this operation returns as many log events as can fit in a response -// size of 1MB (up to 10,000 log events). You can get additional log events -// by specifying one of the tokens in a subsequent call. This operation can -// return empty results while there are more log events available through the -// token. +// Lists all your destinations. The results are ASCII-sorted by destination +// name. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation GetLogEvents for usage and error information. +// API operation DescribeDestinations for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogEvents -func (c *CloudWatchLogs) GetLogEvents(input *GetLogEventsInput) (*GetLogEventsOutput, error) { - req, out := c.GetLogEventsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeDestinations +func (c *CloudWatchLogs) DescribeDestinations(input *DescribeDestinationsInput) (*DescribeDestinationsOutput, error) { + req, out := c.DescribeDestinationsRequest(input) return out, req.Send() } -// GetLogEventsWithContext is the same as GetLogEvents with the addition of +// DescribeDestinationsWithContext is the same as DescribeDestinations with the addition of // the ability to pass a context and additional request options. // -// See GetLogEvents for details on how to use this API operation. +// See DescribeDestinations for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) GetLogEventsWithContext(ctx aws.Context, input *GetLogEventsInput, opts ...request.Option) (*GetLogEventsOutput, error) { - req, out := c.GetLogEventsRequest(input) +func (c *CloudWatchLogs) DescribeDestinationsWithContext(ctx aws.Context, input *DescribeDestinationsInput, opts ...request.Option) (*DescribeDestinationsOutput, error) { + req, out := c.DescribeDestinationsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// GetLogEventsPages iterates over the pages of a GetLogEvents operation, +// DescribeDestinationsPages iterates over the pages of a DescribeDestinations operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See GetLogEvents method for more information on how to use this operation. +// See DescribeDestinations method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a GetLogEvents operation. -// pageNum := 0 -// err := client.GetLogEventsPages(params, -// func(page *cloudwatchlogs.GetLogEventsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *CloudWatchLogs) GetLogEventsPages(input *GetLogEventsInput, fn func(*GetLogEventsOutput, bool) bool) error { - return c.GetLogEventsPagesWithContext(aws.BackgroundContext(), input, fn) +// // Example iterating over at most 3 pages of a DescribeDestinations operation. +// pageNum := 0 +// err := client.DescribeDestinationsPages(params, +// func(page *cloudwatchlogs.DescribeDestinationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeDestinationsPages(input *DescribeDestinationsInput, fn func(*DescribeDestinationsOutput, bool) bool) error { + return c.DescribeDestinationsPagesWithContext(aws.BackgroundContext(), input, fn) } -// GetLogEventsPagesWithContext same as GetLogEventsPages except +// DescribeDestinationsPagesWithContext same as DescribeDestinationsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) GetLogEventsPagesWithContext(ctx aws.Context, input *GetLogEventsInput, fn func(*GetLogEventsOutput, bool) bool, opts ...request.Option) error { +func (c *CloudWatchLogs) DescribeDestinationsPagesWithContext(ctx aws.Context, input *DescribeDestinationsInput, fn func(*DescribeDestinationsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ EndPageOnSameToken: true, NewRequest: func() (*request.Request, error) { - var inCpy *GetLogEventsInput + var inCpy *DescribeDestinationsInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.GetLogEventsRequest(inCpy) + req, _ := c.DescribeDestinationsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -2723,7 +2896,7 @@ func (c *CloudWatchLogs) GetLogEventsPagesWithContext(ctx aws.Context, input *Ge } for p.Next() { - if !fn(p.Page().(*GetLogEventsOutput), !p.HasNextPage()) { + if !fn(p.Page().(*DescribeDestinationsOutput), !p.HasNextPage()) { break } } @@ -2731,1731 +2904,11018 @@ func (c *CloudWatchLogs) GetLogEventsPagesWithContext(ctx aws.Context, input *Ge return p.Err() } -const opGetLogGroupFields = "GetLogGroupFields" +const opDescribeExportTasks = "DescribeExportTasks" -// GetLogGroupFieldsRequest generates a "aws/request.Request" representing the -// client's request for the GetLogGroupFields operation. The "output" return +// DescribeExportTasksRequest generates a "aws/request.Request" representing the +// client's request for the DescribeExportTasks operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetLogGroupFields for more information on using the GetLogGroupFields +// See DescribeExportTasks for more information on using the DescribeExportTasks // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeExportTasksRequest method. +// req, resp := client.DescribeExportTasksRequest(params) // -// // Example sending a request using the GetLogGroupFieldsRequest method. -// req, resp := client.GetLogGroupFieldsRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogGroupFields -func (c *CloudWatchLogs) GetLogGroupFieldsRequest(input *GetLogGroupFieldsInput) (req *request.Request, output *GetLogGroupFieldsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeExportTasks +func (c *CloudWatchLogs) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req *request.Request, output *DescribeExportTasksOutput) { op := &request.Operation{ - Name: opGetLogGroupFields, + Name: opDescribeExportTasks, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &GetLogGroupFieldsInput{} + input = &DescribeExportTasksInput{} } - output = &GetLogGroupFieldsOutput{} + output = &DescribeExportTasksOutput{} req = c.newRequest(op, input, output) return } -// GetLogGroupFields API operation for Amazon CloudWatch Logs. -// -// Returns a list of the fields that are included in log events in the specified -// log group, along with the percentage of log events that contain each field. -// The search is limited to a time period that you specify. -// -// In the results, fields that start with @ are fields generated by CloudWatch -// Logs. For example, @timestamp is the timestamp of each log event. For more -// information about the fields that are generated by CloudWatch logs, see Supported -// Logs and Discovered Fields (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html). +// DescribeExportTasks API operation for Amazon CloudWatch Logs. // -// The response results are sorted by the frequency percentage, starting with -// the highest percentage. +// Lists the specified export tasks. You can list all your export tasks or filter +// the results based on task ID or task status. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation GetLogGroupFields for usage and error information. +// API operation DescribeExportTasks for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. -// -// * LimitExceededException -// You have reached the maximum number of resources that can be created. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogGroupFields -func (c *CloudWatchLogs) GetLogGroupFields(input *GetLogGroupFieldsInput) (*GetLogGroupFieldsOutput, error) { - req, out := c.GetLogGroupFieldsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeExportTasks +func (c *CloudWatchLogs) DescribeExportTasks(input *DescribeExportTasksInput) (*DescribeExportTasksOutput, error) { + req, out := c.DescribeExportTasksRequest(input) return out, req.Send() } -// GetLogGroupFieldsWithContext is the same as GetLogGroupFields with the addition of +// DescribeExportTasksWithContext is the same as DescribeExportTasks with the addition of // the ability to pass a context and additional request options. // -// See GetLogGroupFields for details on how to use this API operation. +// See DescribeExportTasks for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) GetLogGroupFieldsWithContext(ctx aws.Context, input *GetLogGroupFieldsInput, opts ...request.Option) (*GetLogGroupFieldsOutput, error) { - req, out := c.GetLogGroupFieldsRequest(input) +func (c *CloudWatchLogs) DescribeExportTasksWithContext(ctx aws.Context, input *DescribeExportTasksInput, opts ...request.Option) (*DescribeExportTasksOutput, error) { + req, out := c.DescribeExportTasksRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opGetLogRecord = "GetLogRecord" +const opDescribeLogGroups = "DescribeLogGroups" -// GetLogRecordRequest generates a "aws/request.Request" representing the -// client's request for the GetLogRecord operation. The "output" return +// DescribeLogGroupsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLogGroups operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetLogRecord for more information on using the GetLogRecord +// See DescribeLogGroups for more information on using the DescribeLogGroups // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeLogGroupsRequest method. +// req, resp := client.DescribeLogGroupsRequest(params) // -// // Example sending a request using the GetLogRecordRequest method. -// req, resp := client.GetLogRecordRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogRecord -func (c *CloudWatchLogs) GetLogRecordRequest(input *GetLogRecordInput) (req *request.Request, output *GetLogRecordOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups +func (c *CloudWatchLogs) DescribeLogGroupsRequest(input *DescribeLogGroupsInput) (req *request.Request, output *DescribeLogGroupsOutput) { op := &request.Operation{ - Name: opGetLogRecord, + Name: opDescribeLogGroups, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, } if input == nil { - input = &GetLogRecordInput{} + input = &DescribeLogGroupsInput{} } - output = &GetLogRecordOutput{} + output = &DescribeLogGroupsOutput{} req = c.newRequest(op, input, output) return } -// GetLogRecord API operation for Amazon CloudWatch Logs. +// DescribeLogGroups API operation for Amazon CloudWatch Logs. // -// Retrieves all of the fields and values of a single log event. All fields -// are retrieved, even if the original query that produced the logRecordPointer -// retrieved only a subset of fields. Fields are returned as field name/field -// value pairs. +// Lists the specified log groups. You can list all your log groups or filter +// the results by prefix. The results are ASCII-sorted by log group name. // -// The full unparsed log event is returned within @message. +// CloudWatch Logs doesn’t support IAM policies that control access to the +// DescribeLogGroups action by using the aws:ResourceTag/key-name condition +// key. Other CloudWatch Logs actions do support the use of the aws:ResourceTag/key-name +// condition key to control access. For more information about using tags to +// control access, see Controlling access to Amazon Web Services resources using +// tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html). +// +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account and view data from the linked source accounts. +// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation GetLogRecord for usage and error information. +// API operation DescribeLogGroups for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. -// -// * LimitExceededException -// You have reached the maximum number of resources that can be created. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogRecord -func (c *CloudWatchLogs) GetLogRecord(input *GetLogRecordInput) (*GetLogRecordOutput, error) { - req, out := c.GetLogRecordRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups +func (c *CloudWatchLogs) DescribeLogGroups(input *DescribeLogGroupsInput) (*DescribeLogGroupsOutput, error) { + req, out := c.DescribeLogGroupsRequest(input) return out, req.Send() } -// GetLogRecordWithContext is the same as GetLogRecord with the addition of +// DescribeLogGroupsWithContext is the same as DescribeLogGroups with the addition of // the ability to pass a context and additional request options. // -// See GetLogRecord for details on how to use this API operation. +// See DescribeLogGroups for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) GetLogRecordWithContext(ctx aws.Context, input *GetLogRecordInput, opts ...request.Option) (*GetLogRecordOutput, error) { - req, out := c.GetLogRecordRequest(input) +func (c *CloudWatchLogs) DescribeLogGroupsWithContext(ctx aws.Context, input *DescribeLogGroupsInput, opts ...request.Option) (*DescribeLogGroupsOutput, error) { + req, out := c.DescribeLogGroupsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opGetQueryResults = "GetQueryResults" - -// GetQueryResultsRequest generates a "aws/request.Request" representing the -// client's request for the GetQueryResults operation. The "output" return +// DescribeLogGroupsPages iterates over the pages of a DescribeLogGroups operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLogGroups method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLogGroups operation. +// pageNum := 0 +// err := client.DescribeLogGroupsPages(params, +// func(page *cloudwatchlogs.DescribeLogGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeLogGroupsPages(input *DescribeLogGroupsInput, fn func(*DescribeLogGroupsOutput, bool) bool) error { + return c.DescribeLogGroupsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLogGroupsPagesWithContext same as DescribeLogGroupsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) DescribeLogGroupsPagesWithContext(ctx aws.Context, input *DescribeLogGroupsInput, fn func(*DescribeLogGroupsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLogGroupsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLogGroupsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLogGroupsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeLogStreams = "DescribeLogStreams" + +// DescribeLogStreamsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLogStreams operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See GetQueryResults for more information on using the GetQueryResults +// See DescribeLogStreams for more information on using the DescribeLogStreams // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeLogStreamsRequest method. +// req, resp := client.DescribeLogStreamsRequest(params) // -// // Example sending a request using the GetQueryResultsRequest method. -// req, resp := client.GetQueryResultsRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetQueryResults -func (c *CloudWatchLogs) GetQueryResultsRequest(input *GetQueryResultsInput) (req *request.Request, output *GetQueryResultsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogStreams +func (c *CloudWatchLogs) DescribeLogStreamsRequest(input *DescribeLogStreamsInput) (req *request.Request, output *DescribeLogStreamsOutput) { op := &request.Operation{ - Name: opGetQueryResults, + Name: opDescribeLogStreams, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, } if input == nil { - input = &GetQueryResultsInput{} + input = &DescribeLogStreamsInput{} } - output = &GetQueryResultsOutput{} + output = &DescribeLogStreamsOutput{} req = c.newRequest(op, input, output) return } -// GetQueryResults API operation for Amazon CloudWatch Logs. +// DescribeLogStreams API operation for Amazon CloudWatch Logs. // -// Returns the results from the specified query. +// Lists the log streams for the specified log group. You can list all the log +// streams or filter the results by prefix. You can also control how the results +// are ordered. // -// Only the fields requested in the query are returned, along with a @ptr field, -// which is the identifier for the log record. You can use the value of @ptr -// in a GetLogRecord (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html) -// operation to get the full log record. +// You can specify the log group to search by using either logGroupIdentifier +// or logGroupName. You must include one of these two parameters, but you can't +// include both. // -// GetQueryResults does not start a query execution. To run a query, use StartQuery -// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html). +// This operation has a limit of five transactions per second, after which transactions +// are throttled. // -// If the value of the Status field in the output is Running, this operation -// returns only partial results. If you see a value of Scheduled or Running -// for the status, you can retry the operation later to see the final results. +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account and view data from the linked source accounts. +// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation GetQueryResults for usage and error information. +// API operation DescribeLogStreams for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetQueryResults -func (c *CloudWatchLogs) GetQueryResults(input *GetQueryResultsInput) (*GetQueryResultsOutput, error) { - req, out := c.GetQueryResultsRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogStreams +func (c *CloudWatchLogs) DescribeLogStreams(input *DescribeLogStreamsInput) (*DescribeLogStreamsOutput, error) { + req, out := c.DescribeLogStreamsRequest(input) return out, req.Send() } -// GetQueryResultsWithContext is the same as GetQueryResults with the addition of +// DescribeLogStreamsWithContext is the same as DescribeLogStreams with the addition of // the ability to pass a context and additional request options. // -// See GetQueryResults for details on how to use this API operation. +// See DescribeLogStreams for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) GetQueryResultsWithContext(ctx aws.Context, input *GetQueryResultsInput, opts ...request.Option) (*GetQueryResultsOutput, error) { - req, out := c.GetQueryResultsRequest(input) +func (c *CloudWatchLogs) DescribeLogStreamsWithContext(ctx aws.Context, input *DescribeLogStreamsInput, opts ...request.Option) (*DescribeLogStreamsOutput, error) { + req, out := c.DescribeLogStreamsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opListTagsLogGroup = "ListTagsLogGroup" +// DescribeLogStreamsPages iterates over the pages of a DescribeLogStreams operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLogStreams method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLogStreams operation. +// pageNum := 0 +// err := client.DescribeLogStreamsPages(params, +// func(page *cloudwatchlogs.DescribeLogStreamsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeLogStreamsPages(input *DescribeLogStreamsInput, fn func(*DescribeLogStreamsOutput, bool) bool) error { + return c.DescribeLogStreamsPagesWithContext(aws.BackgroundContext(), input, fn) +} -// ListTagsLogGroupRequest generates a "aws/request.Request" representing the -// client's request for the ListTagsLogGroup operation. The "output" return +// DescribeLogStreamsPagesWithContext same as DescribeLogStreamsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) DescribeLogStreamsPagesWithContext(ctx aws.Context, input *DescribeLogStreamsInput, fn func(*DescribeLogStreamsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLogStreamsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLogStreamsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLogStreamsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeMetricFilters = "DescribeMetricFilters" + +// DescribeMetricFiltersRequest generates a "aws/request.Request" representing the +// client's request for the DescribeMetricFilters operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListTagsLogGroup for more information on using the ListTagsLogGroup +// See DescribeMetricFilters for more information on using the DescribeMetricFilters // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeMetricFiltersRequest method. +// req, resp := client.DescribeMetricFiltersRequest(params) // -// // Example sending a request using the ListTagsLogGroupRequest method. -// req, resp := client.ListTagsLogGroupRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup -func (c *CloudWatchLogs) ListTagsLogGroupRequest(input *ListTagsLogGroupInput) (req *request.Request, output *ListTagsLogGroupOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFilters +func (c *CloudWatchLogs) DescribeMetricFiltersRequest(input *DescribeMetricFiltersInput) (req *request.Request, output *DescribeMetricFiltersOutput) { op := &request.Operation{ - Name: opListTagsLogGroup, + Name: opDescribeMetricFilters, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, } if input == nil { - input = &ListTagsLogGroupInput{} + input = &DescribeMetricFiltersInput{} } - output = &ListTagsLogGroupOutput{} + output = &DescribeMetricFiltersOutput{} req = c.newRequest(op, input, output) return } -// ListTagsLogGroup API operation for Amazon CloudWatch Logs. +// DescribeMetricFilters API operation for Amazon CloudWatch Logs. // -// Lists the tags for the specified log group. +// Lists the specified metric filters. You can list all of the metric filters +// or filter the results by log name, prefix, metric name, or metric namespace. +// The results are ASCII-sorted by filter name. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation ListTagsLogGroup for usage and error information. +// API operation DescribeMetricFilters for usage and error information. // // Returned Error Types: -// * ResourceNotFoundException -// The specified resource does not exist. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup -func (c *CloudWatchLogs) ListTagsLogGroup(input *ListTagsLogGroupInput) (*ListTagsLogGroupOutput, error) { - req, out := c.ListTagsLogGroupRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFilters +func (c *CloudWatchLogs) DescribeMetricFilters(input *DescribeMetricFiltersInput) (*DescribeMetricFiltersOutput, error) { + req, out := c.DescribeMetricFiltersRequest(input) return out, req.Send() } -// ListTagsLogGroupWithContext is the same as ListTagsLogGroup with the addition of +// DescribeMetricFiltersWithContext is the same as DescribeMetricFilters with the addition of // the ability to pass a context and additional request options. // -// See ListTagsLogGroup for details on how to use this API operation. +// See DescribeMetricFilters for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) ListTagsLogGroupWithContext(ctx aws.Context, input *ListTagsLogGroupInput, opts ...request.Option) (*ListTagsLogGroupOutput, error) { - req, out := c.ListTagsLogGroupRequest(input) +func (c *CloudWatchLogs) DescribeMetricFiltersWithContext(ctx aws.Context, input *DescribeMetricFiltersInput, opts ...request.Option) (*DescribeMetricFiltersOutput, error) { + req, out := c.DescribeMetricFiltersRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutDestination = "PutDestination" +// DescribeMetricFiltersPages iterates over the pages of a DescribeMetricFilters operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeMetricFilters method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeMetricFilters operation. +// pageNum := 0 +// err := client.DescribeMetricFiltersPages(params, +// func(page *cloudwatchlogs.DescribeMetricFiltersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeMetricFiltersPages(input *DescribeMetricFiltersInput, fn func(*DescribeMetricFiltersOutput, bool) bool) error { + return c.DescribeMetricFiltersPagesWithContext(aws.BackgroundContext(), input, fn) +} -// PutDestinationRequest generates a "aws/request.Request" representing the -// client's request for the PutDestination operation. The "output" return +// DescribeMetricFiltersPagesWithContext same as DescribeMetricFiltersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) DescribeMetricFiltersPagesWithContext(ctx aws.Context, input *DescribeMetricFiltersInput, fn func(*DescribeMetricFiltersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeMetricFiltersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeMetricFiltersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeMetricFiltersOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeQueries = "DescribeQueries" + +// DescribeQueriesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeQueries operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutDestination for more information on using the PutDestination +// See DescribeQueries for more information on using the DescribeQueries // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeQueriesRequest method. +// req, resp := client.DescribeQueriesRequest(params) // -// // Example sending a request using the PutDestinationRequest method. -// req, resp := client.PutDestinationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination -func (c *CloudWatchLogs) PutDestinationRequest(input *PutDestinationInput) (req *request.Request, output *PutDestinationOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueries +func (c *CloudWatchLogs) DescribeQueriesRequest(input *DescribeQueriesInput) (req *request.Request, output *DescribeQueriesOutput) { op := &request.Operation{ - Name: opPutDestination, + Name: opDescribeQueries, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &PutDestinationInput{} + input = &DescribeQueriesInput{} } - output = &PutDestinationOutput{} + output = &DescribeQueriesOutput{} req = c.newRequest(op, input, output) return } -// PutDestination API operation for Amazon CloudWatch Logs. -// -// Creates or updates a destination. This operation is used only to create destinations -// for cross-account subscriptions. -// -// A destination encapsulates a physical resource (such as an Amazon Kinesis -// stream) and enables you to subscribe to a real-time stream of log events -// for a different account, ingested using PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html). -// -// Through an access policy, a destination controls what is written to it. By -// default, PutDestination does not set any access policy with the destination, -// which means a cross-account user cannot call PutSubscriptionFilter (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html) -// against this destination. To enable this, the destination owner must call -// PutDestinationPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html) -// after PutDestination. +// DescribeQueries API operation for Amazon CloudWatch Logs. // -// To perform a PutDestination operation, you must also have the iam:PassRole -// permission. +// Returns a list of CloudWatch Logs Insights queries that are scheduled, running, +// or have been run recently in this account. You can request all queries or +// limit it to queries of a specific log group or queries with a certain status. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutDestination for usage and error information. +// API operation DescribeQueries for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination -func (c *CloudWatchLogs) PutDestination(input *PutDestinationInput) (*PutDestinationOutput, error) { - req, out := c.PutDestinationRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueries +func (c *CloudWatchLogs) DescribeQueries(input *DescribeQueriesInput) (*DescribeQueriesOutput, error) { + req, out := c.DescribeQueriesRequest(input) return out, req.Send() } -// PutDestinationWithContext is the same as PutDestination with the addition of +// DescribeQueriesWithContext is the same as DescribeQueries with the addition of // the ability to pass a context and additional request options. // -// See PutDestination for details on how to use this API operation. +// See DescribeQueries for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutDestinationWithContext(ctx aws.Context, input *PutDestinationInput, opts ...request.Option) (*PutDestinationOutput, error) { - req, out := c.PutDestinationRequest(input) +func (c *CloudWatchLogs) DescribeQueriesWithContext(ctx aws.Context, input *DescribeQueriesInput, opts ...request.Option) (*DescribeQueriesOutput, error) { + req, out := c.DescribeQueriesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutDestinationPolicy = "PutDestinationPolicy" +const opDescribeQueryDefinitions = "DescribeQueryDefinitions" -// PutDestinationPolicyRequest generates a "aws/request.Request" representing the -// client's request for the PutDestinationPolicy operation. The "output" return +// DescribeQueryDefinitionsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeQueryDefinitions operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutDestinationPolicy for more information on using the PutDestinationPolicy +// See DescribeQueryDefinitions for more information on using the DescribeQueryDefinitions // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeQueryDefinitionsRequest method. +// req, resp := client.DescribeQueryDefinitionsRequest(params) // -// // Example sending a request using the PutDestinationPolicyRequest method. -// req, resp := client.PutDestinationPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy -func (c *CloudWatchLogs) PutDestinationPolicyRequest(input *PutDestinationPolicyInput) (req *request.Request, output *PutDestinationPolicyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueryDefinitions +func (c *CloudWatchLogs) DescribeQueryDefinitionsRequest(input *DescribeQueryDefinitionsInput) (req *request.Request, output *DescribeQueryDefinitionsOutput) { op := &request.Operation{ - Name: opPutDestinationPolicy, + Name: opDescribeQueryDefinitions, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &PutDestinationPolicyInput{} + input = &DescribeQueryDefinitionsInput{} } - output = &PutDestinationPolicyOutput{} + output = &DescribeQueryDefinitionsOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// PutDestinationPolicy API operation for Amazon CloudWatch Logs. +// DescribeQueryDefinitions API operation for Amazon CloudWatch Logs. // -// Creates or updates an access policy associated with an existing destination. -// An access policy is an IAM policy document (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) -// that is used to authorize claims to register a subscription filter against -// a given destination. +// This operation returns a paginated list of your saved CloudWatch Logs Insights +// query definitions. You can retrieve query definitions from the current account +// or from a source account that is linked to the current account. +// +// You can use the queryDefinitionNamePrefix parameter to limit the results +// to only the query definitions that have names that start with a certain string. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutDestinationPolicy for usage and error information. +// API operation DescribeQueryDefinitions for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy -func (c *CloudWatchLogs) PutDestinationPolicy(input *PutDestinationPolicyInput) (*PutDestinationPolicyOutput, error) { - req, out := c.PutDestinationPolicyRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueryDefinitions +func (c *CloudWatchLogs) DescribeQueryDefinitions(input *DescribeQueryDefinitionsInput) (*DescribeQueryDefinitionsOutput, error) { + req, out := c.DescribeQueryDefinitionsRequest(input) return out, req.Send() } -// PutDestinationPolicyWithContext is the same as PutDestinationPolicy with the addition of +// DescribeQueryDefinitionsWithContext is the same as DescribeQueryDefinitions with the addition of // the ability to pass a context and additional request options. // -// See PutDestinationPolicy for details on how to use this API operation. +// See DescribeQueryDefinitions for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutDestinationPolicyWithContext(ctx aws.Context, input *PutDestinationPolicyInput, opts ...request.Option) (*PutDestinationPolicyOutput, error) { - req, out := c.PutDestinationPolicyRequest(input) +func (c *CloudWatchLogs) DescribeQueryDefinitionsWithContext(ctx aws.Context, input *DescribeQueryDefinitionsInput, opts ...request.Option) (*DescribeQueryDefinitionsOutput, error) { + req, out := c.DescribeQueryDefinitionsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutLogEvents = "PutLogEvents" +const opDescribeResourcePolicies = "DescribeResourcePolicies" -// PutLogEventsRequest generates a "aws/request.Request" representing the -// client's request for the PutLogEvents operation. The "output" return +// DescribeResourcePoliciesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeResourcePolicies operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutLogEvents for more information on using the PutLogEvents +// See DescribeResourcePolicies for more information on using the DescribeResourcePolicies // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeResourcePoliciesRequest method. +// req, resp := client.DescribeResourcePoliciesRequest(params) // -// // Example sending a request using the PutLogEventsRequest method. -// req, resp := client.PutLogEventsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents -func (c *CloudWatchLogs) PutLogEventsRequest(input *PutLogEventsInput) (req *request.Request, output *PutLogEventsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeResourcePolicies +func (c *CloudWatchLogs) DescribeResourcePoliciesRequest(input *DescribeResourcePoliciesInput) (req *request.Request, output *DescribeResourcePoliciesOutput) { op := &request.Operation{ - Name: opPutLogEvents, + Name: opDescribeResourcePolicies, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &PutLogEventsInput{} + input = &DescribeResourcePoliciesInput{} } - output = &PutLogEventsOutput{} + output = &DescribeResourcePoliciesOutput{} req = c.newRequest(op, input, output) return } -// PutLogEvents API operation for Amazon CloudWatch Logs. -// -// Uploads a batch of log events to the specified log stream. -// -// You must include the sequence token obtained from the response of the previous -// call. An upload in a newly created log stream does not require a sequence -// token. You can also get the sequence token in the expectedSequenceToken field -// from InvalidSequenceTokenException. If you call PutLogEvents twice within -// a narrow time period using the same value for sequenceToken, both calls might -// be successful or one might be rejected. -// -// The batch of events must satisfy the following constraints: -// -// * The maximum batch size is 1,048,576 bytes. This size is calculated as -// the sum of all event messages in UTF-8, plus 26 bytes for each log event. -// -// * None of the log events in the batch can be more than 2 hours in the -// future. -// -// * None of the log events in the batch can be older than 14 days or older -// than the retention period of the log group. -// -// * The log events in the batch must be in chronological order by their -// timestamp. The timestamp is the time the event occurred, expressed as -// the number of milliseconds after Jan 1, 1970 00:00:00 UTC. (In AWS Tools -// for PowerShell and the AWS SDK for .NET, the timestamp is specified in -// .NET format: yyyy-mm-ddThh:mm:ss. For example, 2017-09-15T13:45:30.) -// -// * A batch of log events in a single request cannot span more than 24 hours. -// Otherwise, the operation fails. -// -// * The maximum number of log events in a batch is 10,000. -// -// * There is a quota of 5 requests per second per log stream. Additional -// requests are throttled. This quota can't be changed. +// DescribeResourcePolicies API operation for Amazon CloudWatch Logs. // -// If a call to PutLogEvents returns "UnrecognizedClientException" the most -// likely cause is an invalid AWS access key ID or secret key. +// Lists the resource policies in this account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutLogEvents for usage and error information. +// API operation DescribeResourcePolicies for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. -// -// * InvalidSequenceTokenException -// The sequence token is not valid. You can get the correct sequence token in -// the expectedSequenceToken field in the InvalidSequenceTokenException message. -// -// * DataAlreadyAcceptedException -// The event was already logged. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * UnrecognizedClientException -// The most likely cause is an invalid AWS access key ID or secret key. -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents -func (c *CloudWatchLogs) PutLogEvents(input *PutLogEventsInput) (*PutLogEventsOutput, error) { - req, out := c.PutLogEventsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeResourcePolicies +func (c *CloudWatchLogs) DescribeResourcePolicies(input *DescribeResourcePoliciesInput) (*DescribeResourcePoliciesOutput, error) { + req, out := c.DescribeResourcePoliciesRequest(input) return out, req.Send() } -// PutLogEventsWithContext is the same as PutLogEvents with the addition of +// DescribeResourcePoliciesWithContext is the same as DescribeResourcePolicies with the addition of // the ability to pass a context and additional request options. // -// See PutLogEvents for details on how to use this API operation. +// See DescribeResourcePolicies for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutLogEventsWithContext(ctx aws.Context, input *PutLogEventsInput, opts ...request.Option) (*PutLogEventsOutput, error) { - req, out := c.PutLogEventsRequest(input) +func (c *CloudWatchLogs) DescribeResourcePoliciesWithContext(ctx aws.Context, input *DescribeResourcePoliciesInput, opts ...request.Option) (*DescribeResourcePoliciesOutput, error) { + req, out := c.DescribeResourcePoliciesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutMetricFilter = "PutMetricFilter" +const opDescribeSubscriptionFilters = "DescribeSubscriptionFilters" -// PutMetricFilterRequest generates a "aws/request.Request" representing the -// client's request for the PutMetricFilter operation. The "output" return +// DescribeSubscriptionFiltersRequest generates a "aws/request.Request" representing the +// client's request for the DescribeSubscriptionFilters operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutMetricFilter for more information on using the PutMetricFilter +// See DescribeSubscriptionFilters for more information on using the DescribeSubscriptionFilters // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeSubscriptionFiltersRequest method. +// req, resp := client.DescribeSubscriptionFiltersRequest(params) // -// // Example sending a request using the PutMetricFilterRequest method. -// req, resp := client.PutMetricFilterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter -func (c *CloudWatchLogs) PutMetricFilterRequest(input *PutMetricFilterInput) (req *request.Request, output *PutMetricFilterOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeSubscriptionFilters +func (c *CloudWatchLogs) DescribeSubscriptionFiltersRequest(input *DescribeSubscriptionFiltersInput) (req *request.Request, output *DescribeSubscriptionFiltersOutput) { op := &request.Operation{ - Name: opPutMetricFilter, + Name: opDescribeSubscriptionFilters, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, } if input == nil { - input = &PutMetricFilterInput{} + input = &DescribeSubscriptionFiltersInput{} } - output = &PutMetricFilterOutput{} + output = &DescribeSubscriptionFiltersOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// PutMetricFilter API operation for Amazon CloudWatch Logs. -// -// Creates or updates a metric filter and associates it with the specified log -// group. Metric filters allow you to configure rules to extract metric data -// from log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html). +// DescribeSubscriptionFilters API operation for Amazon CloudWatch Logs. // -// The maximum number of metric filters that can be associated with a log group -// is 100. +// Lists the subscription filters for the specified log group. You can list +// all the subscription filters or filter the results by prefix. The results +// are ASCII-sorted by filter name. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutMetricFilter for usage and error information. +// API operation DescribeSubscriptionFilters for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. -// -// * ResourceNotFoundException -// The specified resource does not exist. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * LimitExceededException -// You have reached the maximum number of resources that can be created. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceUnavailableException +// The service cannot complete the request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter -func (c *CloudWatchLogs) PutMetricFilter(input *PutMetricFilterInput) (*PutMetricFilterOutput, error) { - req, out := c.PutMetricFilterRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeSubscriptionFilters +func (c *CloudWatchLogs) DescribeSubscriptionFilters(input *DescribeSubscriptionFiltersInput) (*DescribeSubscriptionFiltersOutput, error) { + req, out := c.DescribeSubscriptionFiltersRequest(input) return out, req.Send() } -// PutMetricFilterWithContext is the same as PutMetricFilter with the addition of +// DescribeSubscriptionFiltersWithContext is the same as DescribeSubscriptionFilters with the addition of // the ability to pass a context and additional request options. // -// See PutMetricFilter for details on how to use this API operation. +// See DescribeSubscriptionFilters for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutMetricFilterWithContext(ctx aws.Context, input *PutMetricFilterInput, opts ...request.Option) (*PutMetricFilterOutput, error) { - req, out := c.PutMetricFilterRequest(input) +func (c *CloudWatchLogs) DescribeSubscriptionFiltersWithContext(ctx aws.Context, input *DescribeSubscriptionFiltersInput, opts ...request.Option) (*DescribeSubscriptionFiltersOutput, error) { + req, out := c.DescribeSubscriptionFiltersRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutQueryDefinition = "PutQueryDefinition" +// DescribeSubscriptionFiltersPages iterates over the pages of a DescribeSubscriptionFilters operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeSubscriptionFilters method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeSubscriptionFilters operation. +// pageNum := 0 +// err := client.DescribeSubscriptionFiltersPages(params, +// func(page *cloudwatchlogs.DescribeSubscriptionFiltersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) DescribeSubscriptionFiltersPages(input *DescribeSubscriptionFiltersInput, fn func(*DescribeSubscriptionFiltersOutput, bool) bool) error { + return c.DescribeSubscriptionFiltersPagesWithContext(aws.BackgroundContext(), input, fn) +} -// PutQueryDefinitionRequest generates a "aws/request.Request" representing the -// client's request for the PutQueryDefinition operation. The "output" return +// DescribeSubscriptionFiltersPagesWithContext same as DescribeSubscriptionFiltersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) DescribeSubscriptionFiltersPagesWithContext(ctx aws.Context, input *DescribeSubscriptionFiltersInput, fn func(*DescribeSubscriptionFiltersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeSubscriptionFiltersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeSubscriptionFiltersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeSubscriptionFiltersOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDisassociateKmsKey = "DisassociateKmsKey" + +// DisassociateKmsKeyRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateKmsKey operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutQueryDefinition for more information on using the PutQueryDefinition +// See DisassociateKmsKey for more information on using the DisassociateKmsKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DisassociateKmsKeyRequest method. +// req, resp := client.DisassociateKmsKeyRequest(params) // -// // Example sending a request using the PutQueryDefinitionRequest method. -// req, resp := client.PutQueryDefinitionRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutQueryDefinition -func (c *CloudWatchLogs) PutQueryDefinitionRequest(input *PutQueryDefinitionInput) (req *request.Request, output *PutQueryDefinitionOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DisassociateKmsKey +func (c *CloudWatchLogs) DisassociateKmsKeyRequest(input *DisassociateKmsKeyInput) (req *request.Request, output *DisassociateKmsKeyOutput) { op := &request.Operation{ - Name: opPutQueryDefinition, + Name: opDisassociateKmsKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &PutQueryDefinitionInput{} + input = &DisassociateKmsKeyInput{} } - output = &PutQueryDefinitionOutput{} + output = &DisassociateKmsKeyOutput{} req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// PutQueryDefinition API operation for Amazon CloudWatch Logs. +// DisassociateKmsKey API operation for Amazon CloudWatch Logs. // -// Creates or updates a query definition for CloudWatch Logs Insights. For more -// information, see Analyzing Log Data with CloudWatch Logs Insights (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html). +// Disassociates the specified KMS key from the specified log group or from +// all CloudWatch Logs Insights query results in the account. +// +// When you use DisassociateKmsKey, you specify either the logGroupName parameter +// or the resourceIdentifier parameter. You can't specify both of those parameters +// in the same operation. +// +// - Specify the logGroupName parameter to stop using the KMS key to encrypt +// future log events ingested and stored in the log group. Instead, they +// will be encrypted with the default CloudWatch Logs method. The log events +// that were ingested while the key was associated with the log group are +// still encrypted with that key. Therefore, CloudWatch Logs will need permissions +// for the key whenever that data is accessed. +// +// - Specify the resourceIdentifier parameter with the query-result resource +// to stop using the KMS key to encrypt the results of all future StartQuery +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html) +// operations in the account. They will instead be encrypted with the default +// CloudWatch Logs method. The results from queries that ran while the key +// was associated with the account are still encrypted with that key. Therefore, +// CloudWatch Logs will need permissions for the key whenever that data is +// accessed. // -// To update a query definition, specify its queryDefinitionId in your request. -// The values of name, queryString, and logGroupNames are changed to the values -// that you specify in your update operation. No current values are retained -// from the current query definition. For example, if you update a current query -// definition that includes log groups, and you don't specify the logGroupNames -// parameter in your update operation, the query definition changes to contain -// no log groups. -// -// You must have the logs:PutQueryDefinition permission to be able to perform -// this operation. +// It can take up to 5 minutes for this operation to take effect. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutQueryDefinition for usage and error information. +// API operation DisassociateKmsKey for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutQueryDefinition -func (c *CloudWatchLogs) PutQueryDefinition(input *PutQueryDefinitionInput) (*PutQueryDefinitionOutput, error) { - req, out := c.PutQueryDefinitionRequest(input) +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DisassociateKmsKey +func (c *CloudWatchLogs) DisassociateKmsKey(input *DisassociateKmsKeyInput) (*DisassociateKmsKeyOutput, error) { + req, out := c.DisassociateKmsKeyRequest(input) return out, req.Send() } -// PutQueryDefinitionWithContext is the same as PutQueryDefinition with the addition of +// DisassociateKmsKeyWithContext is the same as DisassociateKmsKey with the addition of // the ability to pass a context and additional request options. // -// See PutQueryDefinition for details on how to use this API operation. +// See DisassociateKmsKey for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutQueryDefinitionWithContext(ctx aws.Context, input *PutQueryDefinitionInput, opts ...request.Option) (*PutQueryDefinitionOutput, error) { - req, out := c.PutQueryDefinitionRequest(input) +func (c *CloudWatchLogs) DisassociateKmsKeyWithContext(ctx aws.Context, input *DisassociateKmsKeyInput, opts ...request.Option) (*DisassociateKmsKeyOutput, error) { + req, out := c.DisassociateKmsKeyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutResourcePolicy = "PutResourcePolicy" +const opFilterLogEvents = "FilterLogEvents" -// PutResourcePolicyRequest generates a "aws/request.Request" representing the -// client's request for the PutResourcePolicy operation. The "output" return +// FilterLogEventsRequest generates a "aws/request.Request" representing the +// client's request for the FilterLogEvents operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutResourcePolicy for more information on using the PutResourcePolicy +// See FilterLogEvents for more information on using the FilterLogEvents // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the FilterLogEventsRequest method. +// req, resp := client.FilterLogEventsRequest(params) // -// // Example sending a request using the PutResourcePolicyRequest method. -// req, resp := client.PutResourcePolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy -func (c *CloudWatchLogs) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilterLogEvents +func (c *CloudWatchLogs) FilterLogEventsRequest(input *FilterLogEventsInput) (req *request.Request, output *FilterLogEventsOutput) { op := &request.Operation{ - Name: opPutResourcePolicy, + Name: opFilterLogEvents, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, } if input == nil { - input = &PutResourcePolicyInput{} + input = &FilterLogEventsInput{} } - output = &PutResourcePolicyOutput{} + output = &FilterLogEventsOutput{} req = c.newRequest(op, input, output) return } -// PutResourcePolicy API operation for Amazon CloudWatch Logs. +// FilterLogEvents API operation for Amazon CloudWatch Logs. +// +// Lists log events from the specified log group. You can list all the log events +// or filter the results using a filter pattern, a time range, and the name +// of the log stream. +// +// You must have the logs:FilterLogEvents permission to perform this operation. +// +// You can specify the log group to search by using either logGroupIdentifier +// or logGroupName. You must include one of these two parameters, but you can't +// include both. +// +// By default, this operation returns as many log events as can fit in 1 MB +// (up to 10,000 log events) or all the events found within the specified time +// range. If the results include a token, that means there are more log events +// available. You can get additional results by specifying the token in a subsequent +// call. This operation can return empty results while there are more log events +// available through the token. +// +// The returned log events are sorted by event timestamp, the timestamp when +// the event was ingested by CloudWatch Logs, and the ID of the PutLogEvents +// request. // -// Creates or updates a resource policy allowing other AWS services to put log -// events to this account, such as Amazon Route 53. An account can have up to -// 10 resource policies per AWS Region. +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account and view data from the linked source accounts. +// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutResourcePolicy for usage and error information. +// API operation FilterLogEvents for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * LimitExceededException -// You have reached the maximum number of resources that can be created. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy -func (c *CloudWatchLogs) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { - req, out := c.PutResourcePolicyRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FilterLogEvents +func (c *CloudWatchLogs) FilterLogEvents(input *FilterLogEventsInput) (*FilterLogEventsOutput, error) { + req, out := c.FilterLogEventsRequest(input) return out, req.Send() } -// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of +// FilterLogEventsWithContext is the same as FilterLogEvents with the addition of // the ability to pass a context and additional request options. // -// See PutResourcePolicy for details on how to use this API operation. +// See FilterLogEvents for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { - req, out := c.PutResourcePolicyRequest(input) +func (c *CloudWatchLogs) FilterLogEventsWithContext(ctx aws.Context, input *FilterLogEventsInput, opts ...request.Option) (*FilterLogEventsOutput, error) { + req, out := c.FilterLogEventsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutRetentionPolicy = "PutRetentionPolicy" +// FilterLogEventsPages iterates over the pages of a FilterLogEvents operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See FilterLogEvents method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a FilterLogEvents operation. +// pageNum := 0 +// err := client.FilterLogEventsPages(params, +// func(page *cloudwatchlogs.FilterLogEventsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) FilterLogEventsPages(input *FilterLogEventsInput, fn func(*FilterLogEventsOutput, bool) bool) error { + return c.FilterLogEventsPagesWithContext(aws.BackgroundContext(), input, fn) +} -// PutRetentionPolicyRequest generates a "aws/request.Request" representing the -// client's request for the PutRetentionPolicy operation. The "output" return +// FilterLogEventsPagesWithContext same as FilterLogEventsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) FilterLogEventsPagesWithContext(ctx aws.Context, input *FilterLogEventsInput, fn func(*FilterLogEventsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *FilterLogEventsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.FilterLogEventsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*FilterLogEventsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opGetDataProtectionPolicy = "GetDataProtectionPolicy" + +// GetDataProtectionPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetDataProtectionPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutRetentionPolicy for more information on using the PutRetentionPolicy +// See GetDataProtectionPolicy for more information on using the GetDataProtectionPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetDataProtectionPolicyRequest method. +// req, resp := client.GetDataProtectionPolicyRequest(params) // -// // Example sending a request using the PutRetentionPolicyRequest method. -// req, resp := client.PutRetentionPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy -func (c *CloudWatchLogs) PutRetentionPolicyRequest(input *PutRetentionPolicyInput) (req *request.Request, output *PutRetentionPolicyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDataProtectionPolicy +func (c *CloudWatchLogs) GetDataProtectionPolicyRequest(input *GetDataProtectionPolicyInput) (req *request.Request, output *GetDataProtectionPolicyOutput) { op := &request.Operation{ - Name: opPutRetentionPolicy, + Name: opGetDataProtectionPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &PutRetentionPolicyInput{} + input = &GetDataProtectionPolicyInput{} } - output = &PutRetentionPolicyOutput{} + output = &GetDataProtectionPolicyOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// PutRetentionPolicy API operation for Amazon CloudWatch Logs. +// GetDataProtectionPolicy API operation for Amazon CloudWatch Logs. // -// Sets the retention of the specified log group. A retention policy allows -// you to configure the number of days for which to retain log events in the -// specified log group. +// Returns information about a log group data protection policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutRetentionPolicy for usage and error information. +// API operation GetDataProtectionPolicy for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy -func (c *CloudWatchLogs) PutRetentionPolicy(input *PutRetentionPolicyInput) (*PutRetentionPolicyOutput, error) { - req, out := c.PutRetentionPolicyRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDataProtectionPolicy +func (c *CloudWatchLogs) GetDataProtectionPolicy(input *GetDataProtectionPolicyInput) (*GetDataProtectionPolicyOutput, error) { + req, out := c.GetDataProtectionPolicyRequest(input) return out, req.Send() } -// PutRetentionPolicyWithContext is the same as PutRetentionPolicy with the addition of +// GetDataProtectionPolicyWithContext is the same as GetDataProtectionPolicy with the addition of // the ability to pass a context and additional request options. // -// See PutRetentionPolicy for details on how to use this API operation. +// See GetDataProtectionPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutRetentionPolicyWithContext(ctx aws.Context, input *PutRetentionPolicyInput, opts ...request.Option) (*PutRetentionPolicyOutput, error) { - req, out := c.PutRetentionPolicyRequest(input) +func (c *CloudWatchLogs) GetDataProtectionPolicyWithContext(ctx aws.Context, input *GetDataProtectionPolicyInput, opts ...request.Option) (*GetDataProtectionPolicyOutput, error) { + req, out := c.GetDataProtectionPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opPutSubscriptionFilter = "PutSubscriptionFilter" +const opGetDelivery = "GetDelivery" -// PutSubscriptionFilterRequest generates a "aws/request.Request" representing the -// client's request for the PutSubscriptionFilter operation. The "output" return +// GetDeliveryRequest generates a "aws/request.Request" representing the +// client's request for the GetDelivery operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutSubscriptionFilter for more information on using the PutSubscriptionFilter +// See GetDelivery for more information on using the GetDelivery // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetDeliveryRequest method. +// req, resp := client.GetDeliveryRequest(params) // -// // Example sending a request using the PutSubscriptionFilterRequest method. -// req, resp := client.PutSubscriptionFilterRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter -func (c *CloudWatchLogs) PutSubscriptionFilterRequest(input *PutSubscriptionFilterInput) (req *request.Request, output *PutSubscriptionFilterOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDelivery +func (c *CloudWatchLogs) GetDeliveryRequest(input *GetDeliveryInput) (req *request.Request, output *GetDeliveryOutput) { op := &request.Operation{ - Name: opPutSubscriptionFilter, + Name: opGetDelivery, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &PutSubscriptionFilterInput{} + input = &GetDeliveryInput{} } - output = &PutSubscriptionFilterOutput{} + output = &GetDeliveryOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// PutSubscriptionFilter API operation for Amazon CloudWatch Logs. +// GetDelivery API operation for Amazon CloudWatch Logs. // -// Creates or updates a subscription filter and associates it with the specified -// log group. Subscription filters allow you to subscribe to a real-time stream -// of log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html) -// and have them delivered to a specific destination. When log events are sent -// to the receiving service, they are Base64 encoded and compressed with the -// gzip format. -// -// The following destinations are supported for subscription filters: -// -// * An Amazon Kinesis stream belonging to the same account as the subscription -// filter, for same-account delivery. -// -// * A logical destination that belongs to a different account, for cross-account -// delivery. +// Returns complete information about one logical delivery. A delivery is a +// connection between a delivery source (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) +// and a delivery destination (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html). // -// * An Amazon Kinesis Firehose delivery stream that belongs to the same -// account as the subscription filter, for same-account delivery. +// A delivery source represents an Amazon Web Services resource that sends logs +// to an logs delivery destination. The destination can be CloudWatch Logs, +// Amazon S3, or Firehose. Only some Amazon Web Services services support being +// configured as a delivery source. These services are listed in Enable logging +// from Amazon Web Services services. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) // -// * An AWS Lambda function that belongs to the same account as the subscription -// filter, for same-account delivery. -// -// There can only be one subscription filter associated with a log group. If -// you are updating an existing filter, you must specify the correct name in -// filterName. Otherwise, the call fails because you cannot associate a second -// filter with a log group. -// -// To perform a PutSubscriptionFilter operation, you must also have the iam:PassRole -// permission. +// You need to specify the delivery id in this operation. You can find the IDs +// of the deliveries in your account with the DescribeDeliveries (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html) +// operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation PutSubscriptionFilter for usage and error information. +// API operation GetDelivery for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ResourceNotFoundException +// The specified resource does not exist. // -// * OperationAbortedException -// Multiple requests to update the same resource were in conflict. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * LimitExceededException -// You have reached the maximum number of resources that can be created. +// - ValidationException +// One of the parameters for the request is not valid. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ServiceQuotaExceededException +// This request exceeds a service quota. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter -func (c *CloudWatchLogs) PutSubscriptionFilter(input *PutSubscriptionFilterInput) (*PutSubscriptionFilterOutput, error) { - req, out := c.PutSubscriptionFilterRequest(input) +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDelivery +func (c *CloudWatchLogs) GetDelivery(input *GetDeliveryInput) (*GetDeliveryOutput, error) { + req, out := c.GetDeliveryRequest(input) return out, req.Send() } -// PutSubscriptionFilterWithContext is the same as PutSubscriptionFilter with the addition of +// GetDeliveryWithContext is the same as GetDelivery with the addition of // the ability to pass a context and additional request options. // -// See PutSubscriptionFilter for details on how to use this API operation. +// See GetDelivery for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) PutSubscriptionFilterWithContext(ctx aws.Context, input *PutSubscriptionFilterInput, opts ...request.Option) (*PutSubscriptionFilterOutput, error) { - req, out := c.PutSubscriptionFilterRequest(input) +func (c *CloudWatchLogs) GetDeliveryWithContext(ctx aws.Context, input *GetDeliveryInput, opts ...request.Option) (*GetDeliveryOutput, error) { + req, out := c.GetDeliveryRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opStartQuery = "StartQuery" +const opGetDeliveryDestination = "GetDeliveryDestination" -// StartQueryRequest generates a "aws/request.Request" representing the -// client's request for the StartQuery operation. The "output" return +// GetDeliveryDestinationRequest generates a "aws/request.Request" representing the +// client's request for the GetDeliveryDestination operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See StartQuery for more information on using the StartQuery +// See GetDeliveryDestination for more information on using the GetDeliveryDestination // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetDeliveryDestinationRequest method. +// req, resp := client.GetDeliveryDestinationRequest(params) // -// // Example sending a request using the StartQueryRequest method. -// req, resp := client.StartQueryRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartQuery -func (c *CloudWatchLogs) StartQueryRequest(input *StartQueryInput) (req *request.Request, output *StartQueryOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDeliveryDestination +func (c *CloudWatchLogs) GetDeliveryDestinationRequest(input *GetDeliveryDestinationInput) (req *request.Request, output *GetDeliveryDestinationOutput) { op := &request.Operation{ - Name: opStartQuery, + Name: opGetDeliveryDestination, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &StartQueryInput{} + input = &GetDeliveryDestinationInput{} } - output = &StartQueryOutput{} + output = &GetDeliveryDestinationOutput{} req = c.newRequest(op, input, output) return } -// StartQuery API operation for Amazon CloudWatch Logs. -// -// Schedules a query of a log group using CloudWatch Logs Insights. You specify -// the log group and time range to query and the query string to use. -// -// For more information, see CloudWatch Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). +// GetDeliveryDestination API operation for Amazon CloudWatch Logs. // -// Queries time out after 15 minutes of execution. If your queries are timing -// out, reduce the time range being searched or partition your query into a -// number of queries. +// Retrieves complete information about one delivery destination. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation StartQuery for usage and error information. +// API operation GetDeliveryDestination for usage and error information. // // Returned Error Types: -// * MalformedQueryException -// The query string is not valid. Details about this error are displayed in -// a QueryCompileError object. For more information, see QueryCompileError (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_QueryCompileError.html). // -// For more information about valid query syntax, see CloudWatch Logs Insights -// Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). +// - ResourceNotFoundException +// The specified resource does not exist. // -// * InvalidParameterException -// A parameter is specified incorrectly. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * LimitExceededException -// You have reached the maximum number of resources that can be created. +// - ValidationException +// One of the parameters for the request is not valid. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ServiceQuotaExceededException +// This request exceeds a service quota. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ThrottlingException +// The request was throttled because of quota limits. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartQuery -func (c *CloudWatchLogs) StartQuery(input *StartQueryInput) (*StartQueryOutput, error) { - req, out := c.StartQueryRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDeliveryDestination +func (c *CloudWatchLogs) GetDeliveryDestination(input *GetDeliveryDestinationInput) (*GetDeliveryDestinationOutput, error) { + req, out := c.GetDeliveryDestinationRequest(input) return out, req.Send() } -// StartQueryWithContext is the same as StartQuery with the addition of +// GetDeliveryDestinationWithContext is the same as GetDeliveryDestination with the addition of // the ability to pass a context and additional request options. // -// See StartQuery for details on how to use this API operation. +// See GetDeliveryDestination for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) StartQueryWithContext(ctx aws.Context, input *StartQueryInput, opts ...request.Option) (*StartQueryOutput, error) { - req, out := c.StartQueryRequest(input) +func (c *CloudWatchLogs) GetDeliveryDestinationWithContext(ctx aws.Context, input *GetDeliveryDestinationInput, opts ...request.Option) (*GetDeliveryDestinationOutput, error) { + req, out := c.GetDeliveryDestinationRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opStopQuery = "StopQuery" +const opGetDeliveryDestinationPolicy = "GetDeliveryDestinationPolicy" -// StopQueryRequest generates a "aws/request.Request" representing the -// client's request for the StopQuery operation. The "output" return +// GetDeliveryDestinationPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetDeliveryDestinationPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See StopQuery for more information on using the StopQuery +// See GetDeliveryDestinationPolicy for more information on using the GetDeliveryDestinationPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetDeliveryDestinationPolicyRequest method. +// req, resp := client.GetDeliveryDestinationPolicyRequest(params) // -// // Example sending a request using the StopQueryRequest method. -// req, resp := client.StopQueryRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StopQuery -func (c *CloudWatchLogs) StopQueryRequest(input *StopQueryInput) (req *request.Request, output *StopQueryOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDeliveryDestinationPolicy +func (c *CloudWatchLogs) GetDeliveryDestinationPolicyRequest(input *GetDeliveryDestinationPolicyInput) (req *request.Request, output *GetDeliveryDestinationPolicyOutput) { op := &request.Operation{ - Name: opStopQuery, + Name: opGetDeliveryDestinationPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &StopQueryInput{} + input = &GetDeliveryDestinationPolicyInput{} } - output = &StopQueryOutput{} + output = &GetDeliveryDestinationPolicyOutput{} req = c.newRequest(op, input, output) return } -// StopQuery API operation for Amazon CloudWatch Logs. +// GetDeliveryDestinationPolicy API operation for Amazon CloudWatch Logs. // -// Stops a CloudWatch Logs Insights query that is in progress. If the query -// has already ended, the operation returns an error indicating that the specified -// query is not running. +// Retrieves the delivery destination policy assigned to the delivery destination +// that you specify. For more information about delivery destinations and their +// policies, see PutDeliveryDestinationPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation StopQuery for usage and error information. +// API operation GetDeliveryDestinationPolicy for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ResourceNotFoundException -// The specified resource does not exist. +// - ServiceUnavailableException +// The service cannot complete the request. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - ValidationException +// One of the parameters for the request is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StopQuery -func (c *CloudWatchLogs) StopQuery(input *StopQueryInput) (*StopQueryOutput, error) { - req, out := c.StopQueryRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDeliveryDestinationPolicy +func (c *CloudWatchLogs) GetDeliveryDestinationPolicy(input *GetDeliveryDestinationPolicyInput) (*GetDeliveryDestinationPolicyOutput, error) { + req, out := c.GetDeliveryDestinationPolicyRequest(input) return out, req.Send() } -// StopQueryWithContext is the same as StopQuery with the addition of +// GetDeliveryDestinationPolicyWithContext is the same as GetDeliveryDestinationPolicy with the addition of // the ability to pass a context and additional request options. // -// See StopQuery for details on how to use this API operation. +// See GetDeliveryDestinationPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) StopQueryWithContext(ctx aws.Context, input *StopQueryInput, opts ...request.Option) (*StopQueryOutput, error) { - req, out := c.StopQueryRequest(input) +func (c *CloudWatchLogs) GetDeliveryDestinationPolicyWithContext(ctx aws.Context, input *GetDeliveryDestinationPolicyInput, opts ...request.Option) (*GetDeliveryDestinationPolicyOutput, error) { + req, out := c.GetDeliveryDestinationPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opTagLogGroup = "TagLogGroup" +const opGetDeliverySource = "GetDeliverySource" -// TagLogGroupRequest generates a "aws/request.Request" representing the -// client's request for the TagLogGroup operation. The "output" return +// GetDeliverySourceRequest generates a "aws/request.Request" representing the +// client's request for the GetDeliverySource operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See TagLogGroup for more information on using the TagLogGroup +// See GetDeliverySource for more information on using the GetDeliverySource // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetDeliverySourceRequest method. +// req, resp := client.GetDeliverySourceRequest(params) // -// // Example sending a request using the TagLogGroupRequest method. -// req, resp := client.TagLogGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup -func (c *CloudWatchLogs) TagLogGroupRequest(input *TagLogGroupInput) (req *request.Request, output *TagLogGroupOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDeliverySource +func (c *CloudWatchLogs) GetDeliverySourceRequest(input *GetDeliverySourceInput) (req *request.Request, output *GetDeliverySourceOutput) { op := &request.Operation{ - Name: opTagLogGroup, + Name: opGetDeliverySource, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &TagLogGroupInput{} + input = &GetDeliverySourceInput{} } - output = &TagLogGroupOutput{} + output = &GetDeliverySourceOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// TagLogGroup API operation for Amazon CloudWatch Logs. -// -// Adds or updates the specified tags for the specified log group. -// -// To list the tags for a log group, use ListTagsLogGroup (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsLogGroup.html). -// To remove tags, use UntagLogGroup (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagLogGroup.html). +// GetDeliverySource API operation for Amazon CloudWatch Logs. // -// For more information about tags, see Tag Log Groups in Amazon CloudWatch -// Logs (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging) -// in the Amazon CloudWatch Logs User Guide. +// Retrieves complete information about one delivery source. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation TagLogGroup for usage and error information. +// API operation GetDeliverySource for usage and error information. // // Returned Error Types: -// * ResourceNotFoundException -// The specified resource does not exist. // -// * InvalidParameterException -// A parameter is specified incorrectly. +// - ResourceNotFoundException +// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup -func (c *CloudWatchLogs) TagLogGroup(input *TagLogGroupInput) (*TagLogGroupOutput, error) { - req, out := c.TagLogGroupRequest(input) +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ServiceQuotaExceededException +// This request exceeds a service quota. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDeliverySource +func (c *CloudWatchLogs) GetDeliverySource(input *GetDeliverySourceInput) (*GetDeliverySourceOutput, error) { + req, out := c.GetDeliverySourceRequest(input) return out, req.Send() } -// TagLogGroupWithContext is the same as TagLogGroup with the addition of +// GetDeliverySourceWithContext is the same as GetDeliverySource with the addition of // the ability to pass a context and additional request options. // -// See TagLogGroup for details on how to use this API operation. +// See GetDeliverySource for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) TagLogGroupWithContext(ctx aws.Context, input *TagLogGroupInput, opts ...request.Option) (*TagLogGroupOutput, error) { - req, out := c.TagLogGroupRequest(input) +func (c *CloudWatchLogs) GetDeliverySourceWithContext(ctx aws.Context, input *GetDeliverySourceInput, opts ...request.Option) (*GetDeliverySourceOutput, error) { + req, out := c.GetDeliverySourceRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opTestMetricFilter = "TestMetricFilter" +const opGetLogAnomalyDetector = "GetLogAnomalyDetector" -// TestMetricFilterRequest generates a "aws/request.Request" representing the -// client's request for the TestMetricFilter operation. The "output" return +// GetLogAnomalyDetectorRequest generates a "aws/request.Request" representing the +// client's request for the GetLogAnomalyDetector operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See TestMetricFilter for more information on using the TestMetricFilter +// See GetLogAnomalyDetector for more information on using the GetLogAnomalyDetector // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetLogAnomalyDetectorRequest method. +// req, resp := client.GetLogAnomalyDetectorRequest(params) // -// // Example sending a request using the TestMetricFilterRequest method. -// req, resp := client.TestMetricFilterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter -func (c *CloudWatchLogs) TestMetricFilterRequest(input *TestMetricFilterInput) (req *request.Request, output *TestMetricFilterOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogAnomalyDetector +func (c *CloudWatchLogs) GetLogAnomalyDetectorRequest(input *GetLogAnomalyDetectorInput) (req *request.Request, output *GetLogAnomalyDetectorOutput) { op := &request.Operation{ - Name: opTestMetricFilter, + Name: opGetLogAnomalyDetector, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &TestMetricFilterInput{} + input = &GetLogAnomalyDetectorInput{} } - output = &TestMetricFilterOutput{} + output = &GetLogAnomalyDetectorOutput{} req = c.newRequest(op, input, output) return } -// TestMetricFilter API operation for Amazon CloudWatch Logs. +// GetLogAnomalyDetector API operation for Amazon CloudWatch Logs. // -// Tests the filter pattern of a metric filter against a sample of log event -// messages. You can use this operation to validate the correctness of a metric -// filter pattern. +// Retrieves information about the log anomaly detector that you specify. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation TestMetricFilter for usage and error information. +// API operation GetLogAnomalyDetector for usage and error information. // // Returned Error Types: -// * InvalidParameterException -// A parameter is specified incorrectly. // -// * ServiceUnavailableException -// The service cannot complete the request. +// - InvalidParameterException +// A parameter is specified incorrectly. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter -func (c *CloudWatchLogs) TestMetricFilter(input *TestMetricFilterInput) (*TestMetricFilterOutput, error) { - req, out := c.TestMetricFilterRequest(input) +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogAnomalyDetector +func (c *CloudWatchLogs) GetLogAnomalyDetector(input *GetLogAnomalyDetectorInput) (*GetLogAnomalyDetectorOutput, error) { + req, out := c.GetLogAnomalyDetectorRequest(input) return out, req.Send() } -// TestMetricFilterWithContext is the same as TestMetricFilter with the addition of +// GetLogAnomalyDetectorWithContext is the same as GetLogAnomalyDetector with the addition of // the ability to pass a context and additional request options. // -// See TestMetricFilter for details on how to use this API operation. +// See GetLogAnomalyDetector for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) TestMetricFilterWithContext(ctx aws.Context, input *TestMetricFilterInput, opts ...request.Option) (*TestMetricFilterOutput, error) { - req, out := c.TestMetricFilterRequest(input) +func (c *CloudWatchLogs) GetLogAnomalyDetectorWithContext(ctx aws.Context, input *GetLogAnomalyDetectorInput, opts ...request.Option) (*GetLogAnomalyDetectorOutput, error) { + req, out := c.GetLogAnomalyDetectorRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opUntagLogGroup = "UntagLogGroup" +const opGetLogEvents = "GetLogEvents" -// UntagLogGroupRequest generates a "aws/request.Request" representing the -// client's request for the UntagLogGroup operation. The "output" return +// GetLogEventsRequest generates a "aws/request.Request" representing the +// client's request for the GetLogEvents operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See UntagLogGroup for more information on using the UntagLogGroup +// See GetLogEvents for more information on using the GetLogEvents // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetLogEventsRequest method. +// req, resp := client.GetLogEventsRequest(params) // -// // Example sending a request using the UntagLogGroupRequest method. -// req, resp := client.UntagLogGroupRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup -func (c *CloudWatchLogs) UntagLogGroupRequest(input *UntagLogGroupInput) (req *request.Request, output *UntagLogGroupOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogEvents +func (c *CloudWatchLogs) GetLogEventsRequest(input *GetLogEventsInput) (req *request.Request, output *GetLogEventsOutput) { op := &request.Operation{ - Name: opUntagLogGroup, + Name: opGetLogEvents, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextForwardToken"}, + LimitToken: "limit", + TruncationToken: "", + }, } if input == nil { - input = &UntagLogGroupInput{} + input = &GetLogEventsInput{} } - output = &UntagLogGroupOutput{} + output = &GetLogEventsOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// UntagLogGroup API operation for Amazon CloudWatch Logs. +// GetLogEvents API operation for Amazon CloudWatch Logs. // -// Removes the specified tags from the specified log group. +// Lists log events from the specified log stream. You can list all of the log +// events or filter using a time range. +// +// By default, this operation returns as many log events as can fit in a response +// size of 1MB (up to 10,000 log events). You can get additional log events +// by specifying one of the tokens in a subsequent call. This operation can +// return empty results while there are more log events available through the +// token. +// +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account and view data from the linked source accounts. +// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). // -// To list the tags for a log group, use ListTagsLogGroup (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsLogGroup.html). -// To add tags, use TagLogGroup (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagLogGroup.html). +// You can specify the log group to search by using either logGroupIdentifier +// or logGroupName. You must include one of these two parameters, but you can't +// include both. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon CloudWatch Logs's -// API operation UntagLogGroup for usage and error information. +// API operation GetLogEvents for usage and error information. // // Returned Error Types: -// * ResourceNotFoundException -// The specified resource does not exist. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup -func (c *CloudWatchLogs) UntagLogGroup(input *UntagLogGroupInput) (*UntagLogGroupOutput, error) { - req, out := c.UntagLogGroupRequest(input) +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogEvents +func (c *CloudWatchLogs) GetLogEvents(input *GetLogEventsInput) (*GetLogEventsOutput, error) { + req, out := c.GetLogEventsRequest(input) return out, req.Send() } -// UntagLogGroupWithContext is the same as UntagLogGroup with the addition of +// GetLogEventsWithContext is the same as GetLogEvents with the addition of // the ability to pass a context and additional request options. // -// See UntagLogGroup for details on how to use this API operation. +// See GetLogEvents for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *CloudWatchLogs) UntagLogGroupWithContext(ctx aws.Context, input *UntagLogGroupInput, opts ...request.Option) (*UntagLogGroupOutput, error) { - req, out := c.UntagLogGroupRequest(input) +func (c *CloudWatchLogs) GetLogEventsWithContext(ctx aws.Context, input *GetLogEventsInput, opts ...request.Option) (*GetLogEventsOutput, error) { + req, out := c.GetLogEventsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -type AssociateKmsKeyInput struct { - _ struct{} `type:"structure"` +// GetLogEventsPages iterates over the pages of a GetLogEvents operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetLogEvents method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetLogEvents operation. +// pageNum := 0 +// err := client.GetLogEventsPages(params, +// func(page *cloudwatchlogs.GetLogEventsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) GetLogEventsPages(input *GetLogEventsInput, fn func(*GetLogEventsOutput, bool) bool) error { + return c.GetLogEventsPagesWithContext(aws.BackgroundContext(), input, fn) +} - // The Amazon Resource Name (ARN) of the CMK to use when encrypting log data. - // This must be a symmetric CMK. For more information, see Amazon Resource Names - // - AWS Key Management Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) - // and Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html). - // - // KmsKeyId is a required field - KmsKeyId *string `locationName:"kmsKeyId" type:"string" required:"true"` +// GetLogEventsPagesWithContext same as GetLogEventsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) GetLogEventsPagesWithContext(ctx aws.Context, input *GetLogEventsInput, fn func(*GetLogEventsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *GetLogEventsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetLogEventsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` -} + for p.Next() { + if !fn(p.Page().(*GetLogEventsOutput), !p.HasNextPage()) { + break + } + } -// String returns the string representation -func (s AssociateKmsKeyInput) String() string { - return awsutil.Prettify(s) + return p.Err() } -// GoString returns the string representation -func (s AssociateKmsKeyInput) GoString() string { - return s.String() -} +const opGetLogGroupFields = "GetLogGroupFields" -// Validate inspects the fields of the type to determine if they are valid. -func (s *AssociateKmsKeyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AssociateKmsKeyInput"} - if s.KmsKeyId == nil { - invalidParams.Add(request.NewErrParamRequired("KmsKeyId")) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) +// GetLogGroupFieldsRequest generates a "aws/request.Request" representing the +// client's request for the GetLogGroupFields operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetLogGroupFields for more information on using the GetLogGroupFields +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetLogGroupFieldsRequest method. +// req, resp := client.GetLogGroupFieldsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogGroupFields +func (c *CloudWatchLogs) GetLogGroupFieldsRequest(input *GetLogGroupFieldsInput) (req *request.Request, output *GetLogGroupFieldsOutput) { + op := &request.Operation{ + Name: opGetLogGroupFields, + HTTPMethod: "POST", + HTTPPath: "/", } - if invalidParams.Len() > 0 { - return invalidParams + if input == nil { + input = &GetLogGroupFieldsInput{} } - return nil -} - -// SetKmsKeyId sets the KmsKeyId field's value. -func (s *AssociateKmsKeyInput) SetKmsKeyId(v string) *AssociateKmsKeyInput { - s.KmsKeyId = &v - return s -} - -// SetLogGroupName sets the LogGroupName field's value. -func (s *AssociateKmsKeyInput) SetLogGroupName(v string) *AssociateKmsKeyInput { - s.LogGroupName = &v - return s -} -type AssociateKmsKeyOutput struct { - _ struct{} `type:"structure"` + output = &GetLogGroupFieldsOutput{} + req = c.newRequest(op, input, output) + return } -// String returns the string representation -func (s AssociateKmsKeyOutput) String() string { - return awsutil.Prettify(s) +// GetLogGroupFields API operation for Amazon CloudWatch Logs. +// +// Returns a list of the fields that are included in log events in the specified +// log group. Includes the percentage of log events that contain each field. +// The search is limited to a time period that you specify. +// +// You can specify the log group to search by using either logGroupIdentifier +// or logGroupName. You must specify one of these parameters, but you can't +// specify both. +// +// In the results, fields that start with @ are fields generated by CloudWatch +// Logs. For example, @timestamp is the timestamp of each log event. For more +// information about the fields that are generated by CloudWatch logs, see Supported +// Logs and Discovered Fields (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html). +// +// The response results are sorted by the frequency percentage, starting with +// the highest percentage. +// +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account and view data from the linked source accounts. +// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation GetLogGroupFields for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogGroupFields +func (c *CloudWatchLogs) GetLogGroupFields(input *GetLogGroupFieldsInput) (*GetLogGroupFieldsOutput, error) { + req, out := c.GetLogGroupFieldsRequest(input) + return out, req.Send() } -// GoString returns the string representation -func (s AssociateKmsKeyOutput) GoString() string { - return s.String() +// GetLogGroupFieldsWithContext is the same as GetLogGroupFields with the addition of +// the ability to pass a context and additional request options. +// +// See GetLogGroupFields for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) GetLogGroupFieldsWithContext(ctx aws.Context, input *GetLogGroupFieldsInput, opts ...request.Option) (*GetLogGroupFieldsOutput, error) { + req, out := c.GetLogGroupFieldsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() } -type CancelExportTaskInput struct { - _ struct{} `type:"structure"` - - // The ID of the export task. - // - // TaskId is a required field - TaskId *string `locationName:"taskId" min:"1" type:"string" required:"true"` -} +const opGetLogRecord = "GetLogRecord" -// String returns the string representation +// GetLogRecordRequest generates a "aws/request.Request" representing the +// client's request for the GetLogRecord operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetLogRecord for more information on using the GetLogRecord +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetLogRecordRequest method. +// req, resp := client.GetLogRecordRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogRecord +func (c *CloudWatchLogs) GetLogRecordRequest(input *GetLogRecordInput) (req *request.Request, output *GetLogRecordOutput) { + op := &request.Operation{ + Name: opGetLogRecord, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetLogRecordInput{} + } + + output = &GetLogRecordOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetLogRecord API operation for Amazon CloudWatch Logs. +// +// Retrieves all of the fields and values of a single log event. All fields +// are retrieved, even if the original query that produced the logRecordPointer +// retrieved only a subset of fields. Fields are returned as field name/field +// value pairs. +// +// The full unparsed log event is returned within @message. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation GetLogRecord for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogRecord +func (c *CloudWatchLogs) GetLogRecord(input *GetLogRecordInput) (*GetLogRecordOutput, error) { + req, out := c.GetLogRecordRequest(input) + return out, req.Send() +} + +// GetLogRecordWithContext is the same as GetLogRecord with the addition of +// the ability to pass a context and additional request options. +// +// See GetLogRecord for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) GetLogRecordWithContext(ctx aws.Context, input *GetLogRecordInput, opts ...request.Option) (*GetLogRecordOutput, error) { + req, out := c.GetLogRecordRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetQueryResults = "GetQueryResults" + +// GetQueryResultsRequest generates a "aws/request.Request" representing the +// client's request for the GetQueryResults operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetQueryResults for more information on using the GetQueryResults +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetQueryResultsRequest method. +// req, resp := client.GetQueryResultsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetQueryResults +func (c *CloudWatchLogs) GetQueryResultsRequest(input *GetQueryResultsInput) (req *request.Request, output *GetQueryResultsOutput) { + op := &request.Operation{ + Name: opGetQueryResults, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetQueryResultsInput{} + } + + output = &GetQueryResultsOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetQueryResults API operation for Amazon CloudWatch Logs. +// +// Returns the results from the specified query. +// +// Only the fields requested in the query are returned, along with a @ptr field, +// which is the identifier for the log record. You can use the value of @ptr +// in a GetLogRecord (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html) +// operation to get the full log record. +// +// GetQueryResults does not start running a query. To run a query, use StartQuery +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html). +// For more information about how long results of previous queries are available, +// see CloudWatch Logs quotas (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html). +// +// If the value of the Status field in the output is Running, this operation +// returns only partial results. If you see a value of Scheduled or Running +// for the status, you can retry the operation later to see the final results. +// +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account to start queries in linked source accounts. +// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation GetQueryResults for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetQueryResults +func (c *CloudWatchLogs) GetQueryResults(input *GetQueryResultsInput) (*GetQueryResultsOutput, error) { + req, out := c.GetQueryResultsRequest(input) + return out, req.Send() +} + +// GetQueryResultsWithContext is the same as GetQueryResults with the addition of +// the ability to pass a context and additional request options. +// +// See GetQueryResults for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) GetQueryResultsWithContext(ctx aws.Context, input *GetQueryResultsInput, opts ...request.Option) (*GetQueryResultsOutput, error) { + req, out := c.GetQueryResultsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListAnomalies = "ListAnomalies" + +// ListAnomaliesRequest generates a "aws/request.Request" representing the +// client's request for the ListAnomalies operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAnomalies for more information on using the ListAnomalies +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListAnomaliesRequest method. +// req, resp := client.ListAnomaliesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListAnomalies +func (c *CloudWatchLogs) ListAnomaliesRequest(input *ListAnomaliesInput) (req *request.Request, output *ListAnomaliesOutput) { + op := &request.Operation{ + Name: opListAnomalies, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAnomaliesInput{} + } + + output = &ListAnomaliesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListAnomalies API operation for Amazon CloudWatch Logs. +// +// Returns a list of anomalies that log anomaly detectors have found. For details +// about the structure format of each anomaly object that is returned, see the +// example in this section. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation ListAnomalies for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListAnomalies +func (c *CloudWatchLogs) ListAnomalies(input *ListAnomaliesInput) (*ListAnomaliesOutput, error) { + req, out := c.ListAnomaliesRequest(input) + return out, req.Send() +} + +// ListAnomaliesWithContext is the same as ListAnomalies with the addition of +// the ability to pass a context and additional request options. +// +// See ListAnomalies for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) ListAnomaliesWithContext(ctx aws.Context, input *ListAnomaliesInput, opts ...request.Option) (*ListAnomaliesOutput, error) { + req, out := c.ListAnomaliesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAnomaliesPages iterates over the pages of a ListAnomalies operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAnomalies method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAnomalies operation. +// pageNum := 0 +// err := client.ListAnomaliesPages(params, +// func(page *cloudwatchlogs.ListAnomaliesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) ListAnomaliesPages(input *ListAnomaliesInput, fn func(*ListAnomaliesOutput, bool) bool) error { + return c.ListAnomaliesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAnomaliesPagesWithContext same as ListAnomaliesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) ListAnomaliesPagesWithContext(ctx aws.Context, input *ListAnomaliesInput, fn func(*ListAnomaliesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *ListAnomaliesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAnomaliesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListAnomaliesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListLogAnomalyDetectors = "ListLogAnomalyDetectors" + +// ListLogAnomalyDetectorsRequest generates a "aws/request.Request" representing the +// client's request for the ListLogAnomalyDetectors operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListLogAnomalyDetectors for more information on using the ListLogAnomalyDetectors +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListLogAnomalyDetectorsRequest method. +// req, resp := client.ListLogAnomalyDetectorsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListLogAnomalyDetectors +func (c *CloudWatchLogs) ListLogAnomalyDetectorsRequest(input *ListLogAnomalyDetectorsInput) (req *request.Request, output *ListLogAnomalyDetectorsOutput) { + op := &request.Operation{ + Name: opListLogAnomalyDetectors, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "limit", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListLogAnomalyDetectorsInput{} + } + + output = &ListLogAnomalyDetectorsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListLogAnomalyDetectors API operation for Amazon CloudWatch Logs. +// +// Retrieves a list of the log anomaly detectors in the account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation ListLogAnomalyDetectors for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListLogAnomalyDetectors +func (c *CloudWatchLogs) ListLogAnomalyDetectors(input *ListLogAnomalyDetectorsInput) (*ListLogAnomalyDetectorsOutput, error) { + req, out := c.ListLogAnomalyDetectorsRequest(input) + return out, req.Send() +} + +// ListLogAnomalyDetectorsWithContext is the same as ListLogAnomalyDetectors with the addition of +// the ability to pass a context and additional request options. +// +// See ListLogAnomalyDetectors for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) ListLogAnomalyDetectorsWithContext(ctx aws.Context, input *ListLogAnomalyDetectorsInput, opts ...request.Option) (*ListLogAnomalyDetectorsOutput, error) { + req, out := c.ListLogAnomalyDetectorsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListLogAnomalyDetectorsPages iterates over the pages of a ListLogAnomalyDetectors operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListLogAnomalyDetectors method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListLogAnomalyDetectors operation. +// pageNum := 0 +// err := client.ListLogAnomalyDetectorsPages(params, +// func(page *cloudwatchlogs.ListLogAnomalyDetectorsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *CloudWatchLogs) ListLogAnomalyDetectorsPages(input *ListLogAnomalyDetectorsInput, fn func(*ListLogAnomalyDetectorsOutput, bool) bool) error { + return c.ListLogAnomalyDetectorsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListLogAnomalyDetectorsPagesWithContext same as ListLogAnomalyDetectorsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) ListLogAnomalyDetectorsPagesWithContext(ctx aws.Context, input *ListLogAnomalyDetectorsInput, fn func(*ListLogAnomalyDetectorsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + EndPageOnSameToken: true, + NewRequest: func() (*request.Request, error) { + var inCpy *ListLogAnomalyDetectorsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListLogAnomalyDetectorsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListLogAnomalyDetectorsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListTagsForResource = "ListTagsForResource" + +// ListTagsForResourceRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsForResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsForResource for more information on using the ListTagsForResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsForResource +func (c *CloudWatchLogs) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { + op := &request.Operation{ + Name: opListTagsForResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ListTagsForResourceInput{} + } + + output = &ListTagsForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsForResource API operation for Amazon CloudWatch Logs. +// +// Displays the tags associated with a CloudWatch Logs resource. Currently, +// log groups and destinations support tagging. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation ListTagsForResource for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsForResource +func (c *CloudWatchLogs) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + return out, req.Send() +} + +// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of +// the ability to pass a context and additional request options. +// +// See ListTagsForResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListTagsLogGroup = "ListTagsLogGroup" + +// ListTagsLogGroupRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsLogGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsLogGroup for more information on using the ListTagsLogGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListTagsLogGroupRequest method. +// req, resp := client.ListTagsLogGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup +// +// Deprecated: Please use the generic tagging API ListTagsForResource +func (c *CloudWatchLogs) ListTagsLogGroupRequest(input *ListTagsLogGroupInput) (req *request.Request, output *ListTagsLogGroupOutput) { + if c.Client.Config.Logger != nil { + c.Client.Config.Logger.Log("This operation, ListTagsLogGroup, has been deprecated") + } + op := &request.Operation{ + Name: opListTagsLogGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ListTagsLogGroupInput{} + } + + output = &ListTagsLogGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsLogGroup API operation for Amazon CloudWatch Logs. +// +// The ListTagsLogGroup operation is on the path to deprecation. We recommend +// that you use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html) +// instead. +// +// Lists the tags for the specified log group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation ListTagsLogGroup for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListTagsLogGroup +// +// Deprecated: Please use the generic tagging API ListTagsForResource +func (c *CloudWatchLogs) ListTagsLogGroup(input *ListTagsLogGroupInput) (*ListTagsLogGroupOutput, error) { + req, out := c.ListTagsLogGroupRequest(input) + return out, req.Send() +} + +// ListTagsLogGroupWithContext is the same as ListTagsLogGroup with the addition of +// the ability to pass a context and additional request options. +// +// See ListTagsLogGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +// +// Deprecated: Please use the generic tagging API ListTagsForResource +func (c *CloudWatchLogs) ListTagsLogGroupWithContext(ctx aws.Context, input *ListTagsLogGroupInput, opts ...request.Option) (*ListTagsLogGroupOutput, error) { + req, out := c.ListTagsLogGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutAccountPolicy = "PutAccountPolicy" + +// PutAccountPolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutAccountPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutAccountPolicy for more information on using the PutAccountPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutAccountPolicyRequest method. +// req, resp := client.PutAccountPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicy +func (c *CloudWatchLogs) PutAccountPolicyRequest(input *PutAccountPolicyInput) (req *request.Request, output *PutAccountPolicyOutput) { + op := &request.Operation{ + Name: opPutAccountPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutAccountPolicyInput{} + } + + output = &PutAccountPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutAccountPolicy API operation for Amazon CloudWatch Logs. +// +// Creates an account-level data protection policy or subscription filter policy +// that applies to all log groups or a subset of log groups in the account. +// +// # Data protection policy +// +// A data protection policy can help safeguard sensitive data that's ingested +// by your log groups by auditing and masking the sensitive log data. Each account +// can have only one account-level data protection policy. +// +// Sensitive data is detected and masked when it is ingested into a log group. +// When you set a data protection policy, log events ingested into the log groups +// before that time are not masked. +// +// If you use PutAccountPolicy to create a data protection policy for your whole +// account, it applies to both existing log groups and all log groups that are +// created later in this account. The account-level policy is applied to existing +// log groups with eventual consistency. It might take up to 5 minutes before +// sensitive data in existing log groups begins to be masked. +// +// By default, when a user views a log event that includes masked data, the +// sensitive data is replaced by asterisks. A user who has the logs:Unmask permission +// can use a GetLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) +// or FilterLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) +// operation with the unmask parameter set to true to view the unmasked log +// events. Users with the logs:Unmask can also view unmasked data in the CloudWatch +// Logs console by running a CloudWatch Logs Insights query with the unmask +// query command. +// +// For more information, including a list of types of data that can be audited +// and masked, see Protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html). +// +// To use the PutAccountPolicy operation for a data protection policy, you must +// be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy +// permissions. +// +// The PutAccountPolicy operation applies to all log groups in the account. +// You can use PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html) +// to create a data protection policy that applies to just one log group. If +// a log group has its own data protection policy and the account also has an +// account-level data protection policy, then the two policies are cumulative. +// Any sensitive term specified in either policy is masked. +// +// # Subscription filter policy +// +// A subscription filter policy sets up a real-time feed of log events from +// CloudWatch Logs to other Amazon Web Services services. Account-level subscription +// filter policies apply to both existing log groups and log groups that are +// created later in this account. Supported destinations are Kinesis Data Streams, +// Firehose, and Lambda. When log events are sent to the receiving service, +// they are Base64 encoded and compressed with the GZIP format. +// +// The following destinations are supported for subscription filters: +// +// - An Kinesis Data Streams data stream in the same account as the subscription +// policy, for same-account delivery. +// +// - An Firehose data stream in the same account as the subscription policy, +// for same-account delivery. +// +// - A Lambda function in the same account as the subscription policy, for +// same-account delivery. +// +// - A logical destination in a different account created with PutDestination +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html), +// for cross-account delivery. Kinesis Data Streams and Firehose are supported +// as logical destinations. +// +// Each account can have one account-level subscription filter policy. If you +// are updating an existing filter, you must specify the correct name in PolicyName. +// To perform a PutAccountPolicy subscription filter operation for any destination +// except a Lambda function, you must also have the iam:PassRole permission. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutAccountPolicy for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicy +func (c *CloudWatchLogs) PutAccountPolicy(input *PutAccountPolicyInput) (*PutAccountPolicyOutput, error) { + req, out := c.PutAccountPolicyRequest(input) + return out, req.Send() +} + +// PutAccountPolicyWithContext is the same as PutAccountPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutAccountPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutAccountPolicyWithContext(ctx aws.Context, input *PutAccountPolicyInput, opts ...request.Option) (*PutAccountPolicyOutput, error) { + req, out := c.PutAccountPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutDataProtectionPolicy = "PutDataProtectionPolicy" + +// PutDataProtectionPolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutDataProtectionPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutDataProtectionPolicy for more information on using the PutDataProtectionPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutDataProtectionPolicyRequest method. +// req, resp := client.PutDataProtectionPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDataProtectionPolicy +func (c *CloudWatchLogs) PutDataProtectionPolicyRequest(input *PutDataProtectionPolicyInput) (req *request.Request, output *PutDataProtectionPolicyOutput) { + op := &request.Operation{ + Name: opPutDataProtectionPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutDataProtectionPolicyInput{} + } + + output = &PutDataProtectionPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutDataProtectionPolicy API operation for Amazon CloudWatch Logs. +// +// Creates a data protection policy for the specified log group. A data protection +// policy can help safeguard sensitive data that's ingested by the log group +// by auditing and masking the sensitive log data. +// +// Sensitive data is detected and masked when it is ingested into the log group. +// When you set a data protection policy, log events ingested into the log group +// before that time are not masked. +// +// By default, when a user views a log event that includes masked data, the +// sensitive data is replaced by asterisks. A user who has the logs:Unmask permission +// can use a GetLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) +// or FilterLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) +// operation with the unmask parameter set to true to view the unmasked log +// events. Users with the logs:Unmask can also view unmasked data in the CloudWatch +// Logs console by running a CloudWatch Logs Insights query with the unmask +// query command. +// +// For more information, including a list of types of data that can be audited +// and masked, see Protect sensitive log data with masking (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html). +// +// The PutDataProtectionPolicy operation applies to only the specified log group. +// You can also use PutAccountPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html) +// to create an account-level data protection policy that applies to all log +// groups in the account, including both existing log groups and log groups +// that are created level. If a log group has its own data protection policy +// and the account also has an account-level data protection policy, then the +// two policies are cumulative. Any sensitive term specified in either policy +// is masked. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutDataProtectionPolicy for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDataProtectionPolicy +func (c *CloudWatchLogs) PutDataProtectionPolicy(input *PutDataProtectionPolicyInput) (*PutDataProtectionPolicyOutput, error) { + req, out := c.PutDataProtectionPolicyRequest(input) + return out, req.Send() +} + +// PutDataProtectionPolicyWithContext is the same as PutDataProtectionPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutDataProtectionPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutDataProtectionPolicyWithContext(ctx aws.Context, input *PutDataProtectionPolicyInput, opts ...request.Option) (*PutDataProtectionPolicyOutput, error) { + req, out := c.PutDataProtectionPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutDeliveryDestination = "PutDeliveryDestination" + +// PutDeliveryDestinationRequest generates a "aws/request.Request" representing the +// client's request for the PutDeliveryDestination operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutDeliveryDestination for more information on using the PutDeliveryDestination +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutDeliveryDestinationRequest method. +// req, resp := client.PutDeliveryDestinationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDeliveryDestination +func (c *CloudWatchLogs) PutDeliveryDestinationRequest(input *PutDeliveryDestinationInput) (req *request.Request, output *PutDeliveryDestinationOutput) { + op := &request.Operation{ + Name: opPutDeliveryDestination, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutDeliveryDestinationInput{} + } + + output = &PutDeliveryDestinationOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutDeliveryDestination API operation for Amazon CloudWatch Logs. +// +// Creates or updates a logical delivery destination. A delivery destination +// is an Amazon Web Services resource that represents an Amazon Web Services +// service that logs can be sent to. CloudWatch Logs, Amazon S3, and Firehose +// are supported as logs delivery destinations. +// +// To configure logs delivery between a supported Amazon Web Services service +// and a destination, you must do the following: +// +// - Create a delivery source, which is a logical object that represents +// the resource that is actually sending the logs. For more information, +// see PutDeliverySource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html). +// +// - Use PutDeliveryDestination to create a delivery destination, which is +// a logical object that represents the actual delivery destination. +// +// - If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) +// in the destination account to assign an IAM policy to the destination. +// This policy allows delivery to that destination. +// +// - Use CreateDelivery to create a delivery by pairing exactly one delivery +// source and one delivery destination. For more information, see CreateDelivery +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). +// +// You can configure a single delivery source to send logs to multiple destinations +// by creating multiple deliveries. You can also create multiple deliveries +// to configure multiple delivery sources to send logs to the same delivery +// destination. +// +// Only some Amazon Web Services services support being configured as a delivery +// source. These services are listed as Supported [V2 Permissions] in the table +// at Enabling logging from Amazon Web Services services. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) +// +// If you use this operation to update an existing delivery destination, all +// the current delivery destination parameters are overwritten with the new +// parameter values that you specify. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutDeliveryDestination for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ConflictException +// This operation attempted to create a resource that already exists. +// +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ServiceQuotaExceededException +// This request exceeds a service quota. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDeliveryDestination +func (c *CloudWatchLogs) PutDeliveryDestination(input *PutDeliveryDestinationInput) (*PutDeliveryDestinationOutput, error) { + req, out := c.PutDeliveryDestinationRequest(input) + return out, req.Send() +} + +// PutDeliveryDestinationWithContext is the same as PutDeliveryDestination with the addition of +// the ability to pass a context and additional request options. +// +// See PutDeliveryDestination for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutDeliveryDestinationWithContext(ctx aws.Context, input *PutDeliveryDestinationInput, opts ...request.Option) (*PutDeliveryDestinationOutput, error) { + req, out := c.PutDeliveryDestinationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutDeliveryDestinationPolicy = "PutDeliveryDestinationPolicy" + +// PutDeliveryDestinationPolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutDeliveryDestinationPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutDeliveryDestinationPolicy for more information on using the PutDeliveryDestinationPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutDeliveryDestinationPolicyRequest method. +// req, resp := client.PutDeliveryDestinationPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDeliveryDestinationPolicy +func (c *CloudWatchLogs) PutDeliveryDestinationPolicyRequest(input *PutDeliveryDestinationPolicyInput) (req *request.Request, output *PutDeliveryDestinationPolicyOutput) { + op := &request.Operation{ + Name: opPutDeliveryDestinationPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutDeliveryDestinationPolicyInput{} + } + + output = &PutDeliveryDestinationPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutDeliveryDestinationPolicy API operation for Amazon CloudWatch Logs. +// +// Creates and assigns an IAM policy that grants permissions to CloudWatch Logs +// to deliver logs cross-account to a specified destination in this account. +// To configure the delivery of logs from an Amazon Web Services service in +// another account to a logs delivery destination in the current account, you +// must do the following: +// +// - Create a delivery source, which is a logical object that represents +// the resource that is actually sending the logs. For more information, +// see PutDeliverySource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html). +// +// - Create a delivery destination, which is a logical object that represents +// the actual delivery destination. For more information, see PutDeliveryDestination +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html). +// +// - Use this operation in the destination account to assign an IAM policy +// to the destination. This policy allows delivery to that destination. +// +// - Create a delivery by pairing exactly one delivery source and one delivery +// destination. For more information, see CreateDelivery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). +// +// Only some Amazon Web Services services support being configured as a delivery +// source. These services are listed as Supported [V2 Permissions] in the table +// at Enabling logging from Amazon Web Services services. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) +// +// The contents of the policy must include two statements. One statement enables +// general logs delivery, and the other allows delivery to the chosen destination. +// See the examples for the needed policies. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutDeliveryDestinationPolicy for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ConflictException +// This operation attempted to create a resource that already exists. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDeliveryDestinationPolicy +func (c *CloudWatchLogs) PutDeliveryDestinationPolicy(input *PutDeliveryDestinationPolicyInput) (*PutDeliveryDestinationPolicyOutput, error) { + req, out := c.PutDeliveryDestinationPolicyRequest(input) + return out, req.Send() +} + +// PutDeliveryDestinationPolicyWithContext is the same as PutDeliveryDestinationPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutDeliveryDestinationPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutDeliveryDestinationPolicyWithContext(ctx aws.Context, input *PutDeliveryDestinationPolicyInput, opts ...request.Option) (*PutDeliveryDestinationPolicyOutput, error) { + req, out := c.PutDeliveryDestinationPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutDeliverySource = "PutDeliverySource" + +// PutDeliverySourceRequest generates a "aws/request.Request" representing the +// client's request for the PutDeliverySource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutDeliverySource for more information on using the PutDeliverySource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutDeliverySourceRequest method. +// req, resp := client.PutDeliverySourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDeliverySource +func (c *CloudWatchLogs) PutDeliverySourceRequest(input *PutDeliverySourceInput) (req *request.Request, output *PutDeliverySourceOutput) { + op := &request.Operation{ + Name: opPutDeliverySource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutDeliverySourceInput{} + } + + output = &PutDeliverySourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutDeliverySource API operation for Amazon CloudWatch Logs. +// +// Creates or updates a logical delivery source. A delivery source represents +// an Amazon Web Services resource that sends logs to an logs delivery destination. +// The destination can be CloudWatch Logs, Amazon S3, or Firehose. +// +// To configure logs delivery between a delivery destination and an Amazon Web +// Services service that is supported as a delivery source, you must do the +// following: +// +// - Use PutDeliverySource to create a delivery source, which is a logical +// object that represents the resource that is actually sending the logs. +// +// - Use PutDeliveryDestination to create a delivery destination, which is +// a logical object that represents the actual delivery destination. For +// more information, see PutDeliveryDestination (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html). +// +// - If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) +// in the destination account to assign an IAM policy to the destination. +// This policy allows delivery to that destination. +// +// - Use CreateDelivery to create a delivery by pairing exactly one delivery +// source and one delivery destination. For more information, see CreateDelivery +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). +// +// You can configure a single delivery source to send logs to multiple destinations +// by creating multiple deliveries. You can also create multiple deliveries +// to configure multiple delivery sources to send logs to the same delivery +// destination. +// +// Only some Amazon Web Services services support being configured as a delivery +// source. These services are listed as Supported [V2 Permissions] in the table +// at Enabling logging from Amazon Web Services services. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) +// +// If you use this operation to update an existing delivery source, all the +// current delivery source parameters are overwritten with the new parameter +// values that you specify. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutDeliverySource for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ConflictException +// This operation attempted to create a resource that already exists. +// +// - ValidationException +// One of the parameters for the request is not valid. +// +// - ServiceQuotaExceededException +// This request exceeds a service quota. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ThrottlingException +// The request was throttled because of quota limits. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDeliverySource +func (c *CloudWatchLogs) PutDeliverySource(input *PutDeliverySourceInput) (*PutDeliverySourceOutput, error) { + req, out := c.PutDeliverySourceRequest(input) + return out, req.Send() +} + +// PutDeliverySourceWithContext is the same as PutDeliverySource with the addition of +// the ability to pass a context and additional request options. +// +// See PutDeliverySource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutDeliverySourceWithContext(ctx aws.Context, input *PutDeliverySourceInput, opts ...request.Option) (*PutDeliverySourceOutput, error) { + req, out := c.PutDeliverySourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutDestination = "PutDestination" + +// PutDestinationRequest generates a "aws/request.Request" representing the +// client's request for the PutDestination operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutDestination for more information on using the PutDestination +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutDestinationRequest method. +// req, resp := client.PutDestinationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination +func (c *CloudWatchLogs) PutDestinationRequest(input *PutDestinationInput) (req *request.Request, output *PutDestinationOutput) { + op := &request.Operation{ + Name: opPutDestination, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutDestinationInput{} + } + + output = &PutDestinationOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutDestination API operation for Amazon CloudWatch Logs. +// +// Creates or updates a destination. This operation is used only to create destinations +// for cross-account subscriptions. +// +// A destination encapsulates a physical resource (such as an Amazon Kinesis +// stream). With a destination, you can subscribe to a real-time stream of log +// events for a different account, ingested using PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html). +// +// Through an access policy, a destination controls what is written to it. By +// default, PutDestination does not set any access policy with the destination, +// which means a cross-account user cannot call PutSubscriptionFilter (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutSubscriptionFilter.html) +// against this destination. To enable this, the destination owner must call +// PutDestinationPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html) +// after PutDestination. +// +// To perform a PutDestination operation, you must also have the iam:PassRole +// permission. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutDestination for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestination +func (c *CloudWatchLogs) PutDestination(input *PutDestinationInput) (*PutDestinationOutput, error) { + req, out := c.PutDestinationRequest(input) + return out, req.Send() +} + +// PutDestinationWithContext is the same as PutDestination with the addition of +// the ability to pass a context and additional request options. +// +// See PutDestination for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutDestinationWithContext(ctx aws.Context, input *PutDestinationInput, opts ...request.Option) (*PutDestinationOutput, error) { + req, out := c.PutDestinationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutDestinationPolicy = "PutDestinationPolicy" + +// PutDestinationPolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutDestinationPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutDestinationPolicy for more information on using the PutDestinationPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutDestinationPolicyRequest method. +// req, resp := client.PutDestinationPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy +func (c *CloudWatchLogs) PutDestinationPolicyRequest(input *PutDestinationPolicyInput) (req *request.Request, output *PutDestinationPolicyOutput) { + op := &request.Operation{ + Name: opPutDestinationPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutDestinationPolicyInput{} + } + + output = &PutDestinationPolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// PutDestinationPolicy API operation for Amazon CloudWatch Logs. +// +// Creates or updates an access policy associated with an existing destination. +// An access policy is an IAM policy document (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies_overview.html) +// that is used to authorize claims to register a subscription filter against +// a given destination. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutDestinationPolicy for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationPolicy +func (c *CloudWatchLogs) PutDestinationPolicy(input *PutDestinationPolicyInput) (*PutDestinationPolicyOutput, error) { + req, out := c.PutDestinationPolicyRequest(input) + return out, req.Send() +} + +// PutDestinationPolicyWithContext is the same as PutDestinationPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutDestinationPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutDestinationPolicyWithContext(ctx aws.Context, input *PutDestinationPolicyInput, opts ...request.Option) (*PutDestinationPolicyOutput, error) { + req, out := c.PutDestinationPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutLogEvents = "PutLogEvents" + +// PutLogEventsRequest generates a "aws/request.Request" representing the +// client's request for the PutLogEvents operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutLogEvents for more information on using the PutLogEvents +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutLogEventsRequest method. +// req, resp := client.PutLogEventsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents +func (c *CloudWatchLogs) PutLogEventsRequest(input *PutLogEventsInput) (req *request.Request, output *PutLogEventsOutput) { + op := &request.Operation{ + Name: opPutLogEvents, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutLogEventsInput{} + } + + output = &PutLogEventsOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutLogEvents API operation for Amazon CloudWatch Logs. +// +// Uploads a batch of log events to the specified log stream. +// +// The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions +// are always accepted and never return InvalidSequenceTokenException or DataAlreadyAcceptedException +// even if the sequence token is not valid. You can use parallel PutLogEvents +// actions on the same log stream. +// +// The batch of events must satisfy the following constraints: +// +// - The maximum batch size is 1,048,576 bytes. This size is calculated as +// the sum of all event messages in UTF-8, plus 26 bytes for each log event. +// +// - None of the log events in the batch can be more than 2 hours in the +// future. +// +// - None of the log events in the batch can be more than 14 days in the +// past. Also, none of the log events can be from earlier than the retention +// period of the log group. +// +// - The log events in the batch must be in chronological order by their +// timestamp. The timestamp is the time that the event occurred, expressed +// as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. (In Amazon +// Web Services Tools for PowerShell and the Amazon Web Services SDK for +// .NET, the timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss. +// For example, 2017-09-15T13:45:30.) +// +// - A batch of log events in a single request cannot span more than 24 hours. +// Otherwise, the operation fails. +// +// - Each log event can be no larger than 256 KB. +// +// - The maximum number of log events in a batch is 10,000. +// +// - The quota of five requests per second per log stream has been removed. +// Instead, PutLogEvents actions are throttled based on a per-second per-account +// quota. You can request an increase to the per-second throttling quota +// by using the Service Quotas service. +// +// If a call to PutLogEvents returns "UnrecognizedClientException" the most +// likely cause is a non-valid Amazon Web Services access key ID or secret key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutLogEvents for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - InvalidSequenceTokenException +// The sequence token is not valid. You can get the correct sequence token in +// the expectedSequenceToken field in the InvalidSequenceTokenException message. +// +// PutLogEvents actions are now always accepted and never return InvalidSequenceTokenException +// regardless of receiving an invalid sequence token. +// +// - DataAlreadyAcceptedException +// The event was already logged. +// +// PutLogEvents actions are now always accepted and never return DataAlreadyAcceptedException +// regardless of whether a given batch of log events has already been accepted. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - UnrecognizedClientException +// The most likely cause is an Amazon Web Services access key ID or secret key +// that's not valid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEvents +func (c *CloudWatchLogs) PutLogEvents(input *PutLogEventsInput) (*PutLogEventsOutput, error) { + req, out := c.PutLogEventsRequest(input) + return out, req.Send() +} + +// PutLogEventsWithContext is the same as PutLogEvents with the addition of +// the ability to pass a context and additional request options. +// +// See PutLogEvents for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutLogEventsWithContext(ctx aws.Context, input *PutLogEventsInput, opts ...request.Option) (*PutLogEventsOutput, error) { + req, out := c.PutLogEventsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutMetricFilter = "PutMetricFilter" + +// PutMetricFilterRequest generates a "aws/request.Request" representing the +// client's request for the PutMetricFilter operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutMetricFilter for more information on using the PutMetricFilter +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutMetricFilterRequest method. +// req, resp := client.PutMetricFilterRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter +func (c *CloudWatchLogs) PutMetricFilterRequest(input *PutMetricFilterInput) (req *request.Request, output *PutMetricFilterOutput) { + op := &request.Operation{ + Name: opPutMetricFilter, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutMetricFilterInput{} + } + + output = &PutMetricFilterOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// PutMetricFilter API operation for Amazon CloudWatch Logs. +// +// Creates or updates a metric filter and associates it with the specified log +// group. With metric filters, you can configure rules to extract metric data +// from log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html). +// +// The maximum number of metric filters that can be associated with a log group +// is 100. +// +// When you create a metric filter, you can also optionally assign a unit and +// dimensions to the metric that is created. +// +// Metrics extracted from log events are charged as custom metrics. To prevent +// unexpected high charges, do not specify high-cardinality fields such as IPAddress +// or requestID as dimensions. Each different value found for a dimension is +// treated as a separate metric and accrues charges as a separate custom metric. +// +// CloudWatch Logs might disable a metric filter if it generates 1,000 different +// name/value pairs for your specified dimensions within one hour. +// +// You can also set up a billing alarm to alert you if your charges are higher +// than expected. For more information, see Creating a Billing Alarm to Monitor +// Your Estimated Amazon Web Services Charges (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutMetricFilter for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter +func (c *CloudWatchLogs) PutMetricFilter(input *PutMetricFilterInput) (*PutMetricFilterOutput, error) { + req, out := c.PutMetricFilterRequest(input) + return out, req.Send() +} + +// PutMetricFilterWithContext is the same as PutMetricFilter with the addition of +// the ability to pass a context and additional request options. +// +// See PutMetricFilter for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutMetricFilterWithContext(ctx aws.Context, input *PutMetricFilterInput, opts ...request.Option) (*PutMetricFilterOutput, error) { + req, out := c.PutMetricFilterRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutQueryDefinition = "PutQueryDefinition" + +// PutQueryDefinitionRequest generates a "aws/request.Request" representing the +// client's request for the PutQueryDefinition operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutQueryDefinition for more information on using the PutQueryDefinition +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutQueryDefinitionRequest method. +// req, resp := client.PutQueryDefinitionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutQueryDefinition +func (c *CloudWatchLogs) PutQueryDefinitionRequest(input *PutQueryDefinitionInput) (req *request.Request, output *PutQueryDefinitionOutput) { + op := &request.Operation{ + Name: opPutQueryDefinition, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutQueryDefinitionInput{} + } + + output = &PutQueryDefinitionOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutQueryDefinition API operation for Amazon CloudWatch Logs. +// +// Creates or updates a query definition for CloudWatch Logs Insights. For more +// information, see Analyzing Log Data with CloudWatch Logs Insights (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html). +// +// To update a query definition, specify its queryDefinitionId in your request. +// The values of name, queryString, and logGroupNames are changed to the values +// that you specify in your update operation. No current values are retained +// from the current query definition. For example, imagine updating a current +// query definition that includes log groups. If you don't specify the logGroupNames +// parameter in your update operation, the query definition changes to contain +// no log groups. +// +// You must have the logs:PutQueryDefinition permission to be able to perform +// this operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutQueryDefinition for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutQueryDefinition +func (c *CloudWatchLogs) PutQueryDefinition(input *PutQueryDefinitionInput) (*PutQueryDefinitionOutput, error) { + req, out := c.PutQueryDefinitionRequest(input) + return out, req.Send() +} + +// PutQueryDefinitionWithContext is the same as PutQueryDefinition with the addition of +// the ability to pass a context and additional request options. +// +// See PutQueryDefinition for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutQueryDefinitionWithContext(ctx aws.Context, input *PutQueryDefinitionInput, opts ...request.Option) (*PutQueryDefinitionOutput, error) { + req, out := c.PutQueryDefinitionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutResourcePolicy = "PutResourcePolicy" + +// PutResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutResourcePolicy for more information on using the PutResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutResourcePolicyRequest method. +// req, resp := client.PutResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy +func (c *CloudWatchLogs) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { + op := &request.Operation{ + Name: opPutResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutResourcePolicyInput{} + } + + output = &PutResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutResourcePolicy API operation for Amazon CloudWatch Logs. +// +// Creates or updates a resource policy allowing other Amazon Web Services services +// to put log events to this account, such as Amazon Route 53. An account can +// have up to 10 resource policies per Amazon Web Services Region. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutResourcePolicy +func (c *CloudWatchLogs) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + return out, req.Send() +} + +// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutRetentionPolicy = "PutRetentionPolicy" + +// PutRetentionPolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutRetentionPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutRetentionPolicy for more information on using the PutRetentionPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutRetentionPolicyRequest method. +// req, resp := client.PutRetentionPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy +func (c *CloudWatchLogs) PutRetentionPolicyRequest(input *PutRetentionPolicyInput) (req *request.Request, output *PutRetentionPolicyOutput) { + op := &request.Operation{ + Name: opPutRetentionPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutRetentionPolicyInput{} + } + + output = &PutRetentionPolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// PutRetentionPolicy API operation for Amazon CloudWatch Logs. +// +// Sets the retention of the specified log group. With a retention policy, you +// can configure the number of days for which to retain log events in the specified +// log group. +// +// CloudWatch Logs doesn’t immediately delete log events when they reach their +// retention setting. It typically takes up to 72 hours after that before log +// events are deleted, but in rare situations might take longer. +// +// To illustrate, imagine that you change a log group to have a longer retention +// setting when it contains log events that are past the expiration date, but +// haven’t been deleted. Those log events will take up to 72 hours to be deleted +// after the new retention date is reached. To make sure that log data is deleted +// permanently, keep a log group at its lower retention setting until 72 hours +// after the previous retention period ends. Alternatively, wait to change the +// retention setting until you confirm that the earlier log events are deleted. +// +// When log events reach their retention setting they are marked for deletion. +// After they are marked for deletion, they do not add to your archival storage +// costs anymore, even if they are not actually deleted until later. These log +// events marked for deletion are also not included when you use an API to retrieve +// the storedBytes value to see how many bytes a log group is storing. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutRetentionPolicy for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutRetentionPolicy +func (c *CloudWatchLogs) PutRetentionPolicy(input *PutRetentionPolicyInput) (*PutRetentionPolicyOutput, error) { + req, out := c.PutRetentionPolicyRequest(input) + return out, req.Send() +} + +// PutRetentionPolicyWithContext is the same as PutRetentionPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutRetentionPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutRetentionPolicyWithContext(ctx aws.Context, input *PutRetentionPolicyInput, opts ...request.Option) (*PutRetentionPolicyOutput, error) { + req, out := c.PutRetentionPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutSubscriptionFilter = "PutSubscriptionFilter" + +// PutSubscriptionFilterRequest generates a "aws/request.Request" representing the +// client's request for the PutSubscriptionFilter operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutSubscriptionFilter for more information on using the PutSubscriptionFilter +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutSubscriptionFilterRequest method. +// req, resp := client.PutSubscriptionFilterRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter +func (c *CloudWatchLogs) PutSubscriptionFilterRequest(input *PutSubscriptionFilterInput) (req *request.Request, output *PutSubscriptionFilterOutput) { + op := &request.Operation{ + Name: opPutSubscriptionFilter, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutSubscriptionFilterInput{} + } + + output = &PutSubscriptionFilterOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// PutSubscriptionFilter API operation for Amazon CloudWatch Logs. +// +// Creates or updates a subscription filter and associates it with the specified +// log group. With subscription filters, you can subscribe to a real-time stream +// of log events ingested through PutLogEvents (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html) +// and have them delivered to a specific destination. When log events are sent +// to the receiving service, they are Base64 encoded and compressed with the +// GZIP format. +// +// The following destinations are supported for subscription filters: +// +// - An Amazon Kinesis data stream belonging to the same account as the subscription +// filter, for same-account delivery. +// +// - A logical destination created with PutDestination (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html) +// that belongs to a different account, for cross-account delivery. We currently +// support Kinesis Data Streams and Firehose as logical destinations. +// +// - An Amazon Kinesis Data Firehose delivery stream that belongs to the +// same account as the subscription filter, for same-account delivery. +// +// - An Lambda function that belongs to the same account as the subscription +// filter, for same-account delivery. +// +// Each log group can have up to two subscription filters associated with it. +// If you are updating an existing filter, you must specify the correct name +// in filterName. +// +// To perform a PutSubscriptionFilter operation for any destination except a +// Lambda function, you must also have the iam:PassRole permission. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation PutSubscriptionFilter for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter +func (c *CloudWatchLogs) PutSubscriptionFilter(input *PutSubscriptionFilterInput) (*PutSubscriptionFilterOutput, error) { + req, out := c.PutSubscriptionFilterRequest(input) + return out, req.Send() +} + +// PutSubscriptionFilterWithContext is the same as PutSubscriptionFilter with the addition of +// the ability to pass a context and additional request options. +// +// See PutSubscriptionFilter for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) PutSubscriptionFilterWithContext(ctx aws.Context, input *PutSubscriptionFilterInput, opts ...request.Option) (*PutSubscriptionFilterOutput, error) { + req, out := c.PutSubscriptionFilterRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStartLiveTail = "StartLiveTail" + +// StartLiveTailRequest generates a "aws/request.Request" representing the +// client's request for the StartLiveTail operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartLiveTail for more information on using the StartLiveTail +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StartLiveTailRequest method. +// req, resp := client.StartLiveTailRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartLiveTail +func (c *CloudWatchLogs) StartLiveTailRequest(input *StartLiveTailInput) (req *request.Request, output *StartLiveTailOutput) { + op := &request.Operation{ + Name: opStartLiveTail, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StartLiveTailInput{} + } + + output = &StartLiveTailOutput{} + req = c.newRequest(op, input, output) + + es := NewStartLiveTailEventStream() + output.eventStream = es + + req.Handlers.Send.Swap(client.LogHTTPResponseHandler.Name, client.LogHTTPResponseHeaderHandler) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, rest.UnmarshalHandler) + req.Handlers.Unmarshal.PushBack(es.runOutputStream) + es.output = output + req.Handlers.Unmarshal.PushBack(es.recvInitialEvent) + req.Handlers.Unmarshal.PushBack(es.runOnStreamPartClose) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("streaming-", nil)) + req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) + return +} + +// StartLiveTail API operation for Amazon CloudWatch Logs. +// +// Starts a Live Tail streaming session for one or more log groups. A Live Tail +// session returns a stream of log events that have been recently ingested in +// the log groups. For more information, see Use Live Tail to view logs in near +// real time (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html). +// +// The response to this operation is a response stream, over which the server +// sends live log events and the client receives them. +// +// The following objects are sent over the stream: +// +// - A single LiveTailSessionStart (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionStart.html) +// object is sent at the start of the session. +// +// - Every second, a LiveTailSessionUpdate (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionUpdate.html) +// object is sent. Each of these objects contains an array of the actual +// log events. If no new log events were ingested in the past second, the +// LiveTailSessionUpdate object will contain an empty array. The array of +// log events contained in a LiveTailSessionUpdate can include as many as +// 500 log events. If the number of log events matching the request exceeds +// 500 per second, the log events are sampled down to 500 log events to be +// included in each LiveTailSessionUpdate object. If your client consumes +// the log events slower than the server produces them, CloudWatch Logs buffers +// up to 10 LiveTailSessionUpdate events or 5000 log events, after which +// it starts dropping the oldest events. +// +// - A SessionStreamingException (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_SessionStreamingException.html) +// object is returned if an unknown error occurs on the server side. +// +// - A SessionTimeoutException (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_SessionTimeoutException.html) +// object is returned when the session times out, after it has been kept +// open for three hours. +// +// You can end a session before it times out by closing the session stream or +// by closing the client that is receiving the stream. The session also ends +// if the established connection between the client and the server breaks. +// +// For examples of using an SDK to start a Live Tail session, see Start a Live +// Tail session using an Amazon Web Services SDK (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation StartLiveTail for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You don't have sufficient permissions to perform this action. +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - InvalidOperationException +// The operation is not valid on the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartLiveTail +func (c *CloudWatchLogs) StartLiveTail(input *StartLiveTailInput) (*StartLiveTailOutput, error) { + req, out := c.StartLiveTailRequest(input) + return out, req.Send() +} + +// StartLiveTailWithContext is the same as StartLiveTail with the addition of +// the ability to pass a context and additional request options. +// +// See StartLiveTail for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) StartLiveTailWithContext(ctx aws.Context, input *StartLiveTailInput, opts ...request.Option) (*StartLiveTailOutput, error) { + req, out := c.StartLiveTailRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +var _ awserr.Error +var _ time.Time + +// StartLiveTailEventStream provides the event stream handling for the StartLiveTail. +// +// For testing and mocking the event stream this type should be initialized via +// the NewStartLiveTailEventStream constructor function. Using the functional options +// to pass in nested mock behavior. +type StartLiveTailEventStream struct { + + // Reader is the EventStream reader for the StartLiveTailResponseStream + // events. This value is automatically set by the SDK when the API call is made + // Use this member when unit testing your code with the SDK to mock out the + // EventStream Reader. + // + // Must not be nil. + Reader StartLiveTailResponseStreamReader + + outputReader io.ReadCloser + output *StartLiveTailOutput + + done chan struct{} + closeOnce sync.Once + err *eventstreamapi.OnceError +} + +// NewStartLiveTailEventStream initializes an StartLiveTailEventStream. +// This function should only be used for testing and mocking the StartLiveTailEventStream +// stream within your application. +// +// The Reader member must be set before reading events from the stream. +// +// es := NewStartLiveTailEventStream(func(o *StartLiveTailEventStream){ +// es.Reader = myMockStreamReader +// }) +func NewStartLiveTailEventStream(opts ...func(*StartLiveTailEventStream)) *StartLiveTailEventStream { + es := &StartLiveTailEventStream{ + done: make(chan struct{}), + err: eventstreamapi.NewOnceError(), + } + + for _, fn := range opts { + fn(es) + } + + return es +} + +func (es *StartLiveTailEventStream) runOnStreamPartClose(r *request.Request) { + if es.done == nil { + return + } + go es.waitStreamPartClose() + +} + +func (es *StartLiveTailEventStream) waitStreamPartClose() { + var outputErrCh <-chan struct{} + if v, ok := es.Reader.(interface{ ErrorSet() <-chan struct{} }); ok { + outputErrCh = v.ErrorSet() + } + var outputClosedCh <-chan struct{} + if v, ok := es.Reader.(interface{ Closed() <-chan struct{} }); ok { + outputClosedCh = v.Closed() + } + + select { + case <-es.done: + case <-outputErrCh: + es.err.SetError(es.Reader.Err()) + es.Close() + case <-outputClosedCh: + if err := es.Reader.Err(); err != nil { + es.err.SetError(es.Reader.Err()) + } + es.Close() + } +} + +type eventTypeForStartLiveTailEventStreamOutputEvent struct { + unmarshalerForEvent func(string) (eventstreamapi.Unmarshaler, error) + output *StartLiveTailOutput +} + +func (e eventTypeForStartLiveTailEventStreamOutputEvent) UnmarshalerForEventName(eventType string) (eventstreamapi.Unmarshaler, error) { + if eventType == "initial-response" { + return e.output, nil + } + return e.unmarshalerForEvent(eventType) +} + +// Events returns a channel to read events from. +// +// These events are: +// +// - LiveTailSessionStart +// - LiveTailSessionUpdate +// - StartLiveTailResponseStreamUnknownEvent +func (es *StartLiveTailEventStream) Events() <-chan StartLiveTailResponseStreamEvent { + return es.Reader.Events() +} + +func (es *StartLiveTailEventStream) runOutputStream(r *request.Request) { + var opts []func(*eventstream.Decoder) + if r.Config.Logger != nil && r.Config.LogLevel.Matches(aws.LogDebugWithEventStreamBody) { + opts = append(opts, eventstream.DecodeWithLogger(r.Config.Logger)) + } + + unmarshalerForEvent := unmarshalerForStartLiveTailResponseStreamEvent{ + metadata: protocol.ResponseMetadata{ + StatusCode: r.HTTPResponse.StatusCode, + RequestID: r.RequestID, + }, + }.UnmarshalerForEventName + unmarshalerForEvent = eventTypeForStartLiveTailEventStreamOutputEvent{ + unmarshalerForEvent: unmarshalerForEvent, + output: es.output, + }.UnmarshalerForEventName + + decoder := eventstream.NewDecoder(r.HTTPResponse.Body, opts...) + eventReader := eventstreamapi.NewEventReader(decoder, + protocol.HandlerPayloadUnmarshal{ + Unmarshalers: r.Handlers.UnmarshalStream, + }, + unmarshalerForEvent, + ) + + es.outputReader = r.HTTPResponse.Body + es.Reader = newReadStartLiveTailResponseStream(eventReader) +} +func (es *StartLiveTailEventStream) recvInitialEvent(r *request.Request) { + // Wait for the initial response event, which must be the first + // event to be received from the API. + select { + case event, ok := <-es.Events(): + if !ok { + return + } + + v, ok := event.(*StartLiveTailOutput) + if !ok || v == nil { + r.Error = awserr.New( + request.ErrCodeSerialization, + fmt.Sprintf("invalid event, %T, expect %T, %v", + event, (*StartLiveTailOutput)(nil), v), + nil, + ) + return + } + + *es.output = *v + es.output.eventStream = es + } +} + +// Close closes the stream. This will also cause the stream to be closed. +// Close must be called when done using the stream API. Not calling Close +// may result in resource leaks. +// +// You can use the closing of the Reader's Events channel to terminate your +// application's read from the API's stream. +func (es *StartLiveTailEventStream) Close() (err error) { + es.closeOnce.Do(es.safeClose) + return es.Err() +} + +func (es *StartLiveTailEventStream) safeClose() { + if es.done != nil { + close(es.done) + } + + es.Reader.Close() + if es.outputReader != nil { + es.outputReader.Close() + } +} + +// Err returns any error that occurred while reading or writing EventStream +// Events from the service API's response. Returns nil if there were no errors. +func (es *StartLiveTailEventStream) Err() error { + if err := es.err.Err(); err != nil { + return err + } + if err := es.Reader.Err(); err != nil { + return err + } + + return nil +} + +const opStartQuery = "StartQuery" + +// StartQueryRequest generates a "aws/request.Request" representing the +// client's request for the StartQuery operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartQuery for more information on using the StartQuery +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StartQueryRequest method. +// req, resp := client.StartQueryRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartQuery +func (c *CloudWatchLogs) StartQueryRequest(input *StartQueryInput) (req *request.Request, output *StartQueryOutput) { + op := &request.Operation{ + Name: opStartQuery, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StartQueryInput{} + } + + output = &StartQueryOutput{} + req = c.newRequest(op, input, output) + return +} + +// StartQuery API operation for Amazon CloudWatch Logs. +// +// Schedules a query of a log group using CloudWatch Logs Insights. You specify +// the log group and time range to query and the query string to use. +// +// For more information, see CloudWatch Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). +// +// After you run a query using StartQuery, the query results are stored by CloudWatch +// Logs. You can use GetQueryResults (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html) +// to retrieve the results of a query, using the queryId that StartQuery returns. +// +// If you have associated a KMS key with the query results in this account, +// then StartQuery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html) +// uses that key to encrypt the results when it stores them. If no key is associated +// with query results, the query results are encrypted with the default CloudWatch +// Logs encryption method. +// +// Queries time out after 60 minutes of runtime. If your queries are timing +// out, reduce the time range being searched or partition your query into a +// number of queries. +// +// If you are using CloudWatch cross-account observability, you can use this +// operation in a monitoring account to start a query in a linked source account. +// For more information, see CloudWatch cross-account observability (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html). +// For a cross-account StartQuery operation, the query definition must be defined +// in the monitoring account. +// +// You can have up to 30 concurrent CloudWatch Logs insights queries, including +// queries that have been added to dashboards. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation StartQuery for usage and error information. +// +// Returned Error Types: +// +// - MalformedQueryException +// The query string is not valid. Details about this error are displayed in +// a QueryCompileError object. For more information, see QueryCompileError (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_QueryCompileError.html). +// +// For more information about valid query syntax, see CloudWatch Logs Insights +// Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - LimitExceededException +// You have reached the maximum number of resources that can be created. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartQuery +func (c *CloudWatchLogs) StartQuery(input *StartQueryInput) (*StartQueryOutput, error) { + req, out := c.StartQueryRequest(input) + return out, req.Send() +} + +// StartQueryWithContext is the same as StartQuery with the addition of +// the ability to pass a context and additional request options. +// +// See StartQuery for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) StartQueryWithContext(ctx aws.Context, input *StartQueryInput, opts ...request.Option) (*StartQueryOutput, error) { + req, out := c.StartQueryRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStopQuery = "StopQuery" + +// StopQueryRequest generates a "aws/request.Request" representing the +// client's request for the StopQuery operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StopQuery for more information on using the StopQuery +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StopQueryRequest method. +// req, resp := client.StopQueryRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StopQuery +func (c *CloudWatchLogs) StopQueryRequest(input *StopQueryInput) (req *request.Request, output *StopQueryOutput) { + op := &request.Operation{ + Name: opStopQuery, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StopQueryInput{} + } + + output = &StopQueryOutput{} + req = c.newRequest(op, input, output) + return +} + +// StopQuery API operation for Amazon CloudWatch Logs. +// +// Stops a CloudWatch Logs Insights query that is in progress. If the query +// has already ended, the operation returns an error indicating that the specified +// query is not running. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation StopQuery for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StopQuery +func (c *CloudWatchLogs) StopQuery(input *StopQueryInput) (*StopQueryOutput, error) { + req, out := c.StopQueryRequest(input) + return out, req.Send() +} + +// StopQueryWithContext is the same as StopQuery with the addition of +// the ability to pass a context and additional request options. +// +// See StopQuery for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) StopQueryWithContext(ctx aws.Context, input *StopQueryInput, opts ...request.Option) (*StopQueryOutput, error) { + req, out := c.StopQueryRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTagLogGroup = "TagLogGroup" + +// TagLogGroupRequest generates a "aws/request.Request" representing the +// client's request for the TagLogGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagLogGroup for more information on using the TagLogGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the TagLogGroupRequest method. +// req, resp := client.TagLogGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup +// +// Deprecated: Please use the generic tagging API TagResource +func (c *CloudWatchLogs) TagLogGroupRequest(input *TagLogGroupInput) (req *request.Request, output *TagLogGroupOutput) { + if c.Client.Config.Logger != nil { + c.Client.Config.Logger.Log("This operation, TagLogGroup, has been deprecated") + } + op := &request.Operation{ + Name: opTagLogGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &TagLogGroupInput{} + } + + output = &TagLogGroupOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagLogGroup API operation for Amazon CloudWatch Logs. +// +// The TagLogGroup operation is on the path to deprecation. We recommend that +// you use TagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html) +// instead. +// +// Adds or updates the specified tags for the specified log group. +// +// To list the tags for a log group, use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html). +// To remove tags, use UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html). +// +// For more information about tags, see Tag Log Groups in Amazon CloudWatch +// Logs (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#log-group-tagging) +// in the Amazon CloudWatch Logs User Guide. +// +// CloudWatch Logs doesn’t support IAM policies that prevent users from assigning +// specified tags to log groups using the aws:Resource/key-name or aws:TagKeys +// condition keys. For more information about using tags to control access, +// see Controlling access to Amazon Web Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation TagLogGroup for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagLogGroup +// +// Deprecated: Please use the generic tagging API TagResource +func (c *CloudWatchLogs) TagLogGroup(input *TagLogGroupInput) (*TagLogGroupOutput, error) { + req, out := c.TagLogGroupRequest(input) + return out, req.Send() +} + +// TagLogGroupWithContext is the same as TagLogGroup with the addition of +// the ability to pass a context and additional request options. +// +// See TagLogGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +// +// Deprecated: Please use the generic tagging API TagResource +func (c *CloudWatchLogs) TagLogGroupWithContext(ctx aws.Context, input *TagLogGroupInput, opts ...request.Option) (*TagLogGroupOutput, error) { + req, out := c.TagLogGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTagResource = "TagResource" + +// TagResourceRequest generates a "aws/request.Request" representing the +// client's request for the TagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagResource for more information on using the TagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagResource +func (c *CloudWatchLogs) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { + op := &request.Operation{ + Name: opTagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &TagResourceInput{} + } + + output = &TagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagResource API operation for Amazon CloudWatch Logs. +// +// Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs +// resource. Currently, the only CloudWatch Logs resources that can be tagged +// are log groups and destinations. +// +// Tags can help you organize and categorize your resources. You can also use +// them to scope user permissions by granting a user permission to access or +// change only resources with certain tag values. +// +// Tags don't have any semantic meaning to Amazon Web Services and are interpreted +// strictly as strings of characters. +// +// You can use the TagResource action with a resource that already has tags. +// If you specify a new tag key for the alarm, this tag is appended to the list +// of tags associated with the alarm. If you specify a tag key that is already +// associated with the alarm, the new tag value that you specify replaces the +// previous value for that tag. +// +// You can associate as many as 50 tags with a CloudWatch Logs resource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation TagResource for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - TooManyTagsException +// A resource can have no more than 50 tags. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TagResource +func (c *CloudWatchLogs) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + return out, req.Send() +} + +// TagResourceWithContext is the same as TagResource with the addition of +// the ability to pass a context and additional request options. +// +// See TagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTestMetricFilter = "TestMetricFilter" + +// TestMetricFilterRequest generates a "aws/request.Request" representing the +// client's request for the TestMetricFilter operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TestMetricFilter for more information on using the TestMetricFilter +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the TestMetricFilterRequest method. +// req, resp := client.TestMetricFilterRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter +func (c *CloudWatchLogs) TestMetricFilterRequest(input *TestMetricFilterInput) (req *request.Request, output *TestMetricFilterOutput) { + op := &request.Operation{ + Name: opTestMetricFilter, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &TestMetricFilterInput{} + } + + output = &TestMetricFilterOutput{} + req = c.newRequest(op, input, output) + return +} + +// TestMetricFilter API operation for Amazon CloudWatch Logs. +// +// Tests the filter pattern of a metric filter against a sample of log event +// messages. You can use this operation to validate the correctness of a metric +// filter pattern. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation TestMetricFilter for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestMetricFilter +func (c *CloudWatchLogs) TestMetricFilter(input *TestMetricFilterInput) (*TestMetricFilterOutput, error) { + req, out := c.TestMetricFilterRequest(input) + return out, req.Send() +} + +// TestMetricFilterWithContext is the same as TestMetricFilter with the addition of +// the ability to pass a context and additional request options. +// +// See TestMetricFilter for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) TestMetricFilterWithContext(ctx aws.Context, input *TestMetricFilterInput, opts ...request.Option) (*TestMetricFilterOutput, error) { + req, out := c.TestMetricFilterRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagLogGroup = "UntagLogGroup" + +// UntagLogGroupRequest generates a "aws/request.Request" representing the +// client's request for the UntagLogGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagLogGroup for more information on using the UntagLogGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UntagLogGroupRequest method. +// req, resp := client.UntagLogGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup +// +// Deprecated: Please use the generic tagging API UntagResource +func (c *CloudWatchLogs) UntagLogGroupRequest(input *UntagLogGroupInput) (req *request.Request, output *UntagLogGroupOutput) { + if c.Client.Config.Logger != nil { + c.Client.Config.Logger.Log("This operation, UntagLogGroup, has been deprecated") + } + op := &request.Operation{ + Name: opUntagLogGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UntagLogGroupInput{} + } + + output = &UntagLogGroupOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagLogGroup API operation for Amazon CloudWatch Logs. +// +// The UntagLogGroup operation is on the path to deprecation. We recommend that +// you use UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html) +// instead. +// +// Removes the specified tags from the specified log group. +// +// To list the tags for a log group, use ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html). +// To add tags, use TagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html). +// +// CloudWatch Logs doesn’t support IAM policies that prevent users from assigning +// specified tags to log groups using the aws:Resource/key-name or aws:TagKeys +// condition keys. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation UntagLogGroup for usage and error information. +// +// Returned Error Types: +// - ResourceNotFoundException +// The specified resource does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagLogGroup +// +// Deprecated: Please use the generic tagging API UntagResource +func (c *CloudWatchLogs) UntagLogGroup(input *UntagLogGroupInput) (*UntagLogGroupOutput, error) { + req, out := c.UntagLogGroupRequest(input) + return out, req.Send() +} + +// UntagLogGroupWithContext is the same as UntagLogGroup with the addition of +// the ability to pass a context and additional request options. +// +// See UntagLogGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +// +// Deprecated: Please use the generic tagging API UntagResource +func (c *CloudWatchLogs) UntagLogGroupWithContext(ctx aws.Context, input *UntagLogGroupInput, opts ...request.Option) (*UntagLogGroupOutput, error) { + req, out := c.UntagLogGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagResource = "UntagResource" + +// UntagResourceRequest generates a "aws/request.Request" representing the +// client's request for the UntagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagResource for more information on using the UntagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagResource +func (c *CloudWatchLogs) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { + op := &request.Operation{ + Name: opUntagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UntagResourceInput{} + } + + output = &UntagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagResource API operation for Amazon CloudWatch Logs. +// +// Removes one or more tags from the specified resource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation UntagResource for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UntagResource +func (c *CloudWatchLogs) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + return out, req.Send() +} + +// UntagResourceWithContext is the same as UntagResource with the addition of +// the ability to pass a context and additional request options. +// +// See UntagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateAnomaly = "UpdateAnomaly" + +// UpdateAnomalyRequest generates a "aws/request.Request" representing the +// client's request for the UpdateAnomaly operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateAnomaly for more information on using the UpdateAnomaly +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateAnomalyRequest method. +// req, resp := client.UpdateAnomalyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UpdateAnomaly +func (c *CloudWatchLogs) UpdateAnomalyRequest(input *UpdateAnomalyInput) (req *request.Request, output *UpdateAnomalyOutput) { + op := &request.Operation{ + Name: opUpdateAnomaly, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateAnomalyInput{} + } + + output = &UpdateAnomalyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UpdateAnomaly API operation for Amazon CloudWatch Logs. +// +// Use this operation to suppress anomaly detection for a specified anomaly +// or pattern. If you suppress an anomaly, CloudWatch Logs won’t report new +// occurrences of that anomaly and won't update that anomaly with new data. +// If you suppress a pattern, CloudWatch Logs won’t report any anomalies related +// to that pattern. +// +// You must specify either anomalyId or patternId, but you can't specify both +// parameters in the same operation. +// +// If you have previously used this operation to suppress detection of a pattern +// or anomaly, you can use it again to cause CloudWatch Logs to end the suppression. +// To do this, use this operation and specify the anomaly or pattern to stop +// suppressing, and omit the suppressionType and suppressionPeriod parameters. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation UpdateAnomaly for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UpdateAnomaly +func (c *CloudWatchLogs) UpdateAnomaly(input *UpdateAnomalyInput) (*UpdateAnomalyOutput, error) { + req, out := c.UpdateAnomalyRequest(input) + return out, req.Send() +} + +// UpdateAnomalyWithContext is the same as UpdateAnomaly with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateAnomaly for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) UpdateAnomalyWithContext(ctx aws.Context, input *UpdateAnomalyInput, opts ...request.Option) (*UpdateAnomalyOutput, error) { + req, out := c.UpdateAnomalyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateLogAnomalyDetector = "UpdateLogAnomalyDetector" + +// UpdateLogAnomalyDetectorRequest generates a "aws/request.Request" representing the +// client's request for the UpdateLogAnomalyDetector operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateLogAnomalyDetector for more information on using the UpdateLogAnomalyDetector +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateLogAnomalyDetectorRequest method. +// req, resp := client.UpdateLogAnomalyDetectorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UpdateLogAnomalyDetector +func (c *CloudWatchLogs) UpdateLogAnomalyDetectorRequest(input *UpdateLogAnomalyDetectorInput) (req *request.Request, output *UpdateLogAnomalyDetectorOutput) { + op := &request.Operation{ + Name: opUpdateLogAnomalyDetector, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateLogAnomalyDetectorInput{} + } + + output = &UpdateLogAnomalyDetectorOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UpdateLogAnomalyDetector API operation for Amazon CloudWatch Logs. +// +// Updates an existing log anomaly detector. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudWatch Logs's +// API operation UpdateLogAnomalyDetector for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// A parameter is specified incorrectly. +// +// - ResourceNotFoundException +// The specified resource does not exist. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - OperationAbortedException +// Multiple concurrent requests to update the same resource were in conflict. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UpdateLogAnomalyDetector +func (c *CloudWatchLogs) UpdateLogAnomalyDetector(input *UpdateLogAnomalyDetectorInput) (*UpdateLogAnomalyDetectorOutput, error) { + req, out := c.UpdateLogAnomalyDetectorRequest(input) + return out, req.Send() +} + +// UpdateLogAnomalyDetectorWithContext is the same as UpdateLogAnomalyDetector with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateLogAnomalyDetector for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudWatchLogs) UpdateLogAnomalyDetectorWithContext(ctx aws.Context, input *UpdateLogAnomalyDetectorInput, opts ...request.Option) (*UpdateLogAnomalyDetectorOutput, error) { + req, out := c.UpdateLogAnomalyDetectorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// You don't have sufficient permissions to perform this action. +type AccessDeniedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) GoString() string { + return s.String() +} + +func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { + return &AccessDeniedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AccessDeniedException) Code() string { + return "AccessDeniedException" +} + +// Message returns the exception's message. +func (s *AccessDeniedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AccessDeniedException) OrigErr() error { + return nil +} + +func (s *AccessDeniedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AccessDeniedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AccessDeniedException) RequestID() string { + return s.RespMetadata.RequestID +} + +// A structure that contains information about one CloudWatch Logs account policy. +type AccountPolicy struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services account ID that the policy applies to. + AccountId *string `locationName:"accountId" min:"12" type:"string"` + + // The date and time that this policy was most recently updated. + LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"` + + // The policy document for this account policy. + // + // The JSON specified in policyDocument can be up to 30,720 characters. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The name of the account policy. + PolicyName *string `locationName:"policyName" type:"string"` + + // The type of policy for this account policy. + PolicyType *string `locationName:"policyType" type:"string" enum:"PolicyType"` + + // The scope of the account policy. + Scope *string `locationName:"scope" type:"string" enum:"Scope"` + + // The log group selection criteria for this subscription filter policy. + SelectionCriteria *string `locationName:"selectionCriteria" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountPolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountPolicy) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *AccountPolicy) SetAccountId(v string) *AccountPolicy { + s.AccountId = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *AccountPolicy) SetLastUpdatedTime(v int64) *AccountPolicy { + s.LastUpdatedTime = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *AccountPolicy) SetPolicyDocument(v string) *AccountPolicy { + s.PolicyDocument = &v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *AccountPolicy) SetPolicyName(v string) *AccountPolicy { + s.PolicyName = &v + return s +} + +// SetPolicyType sets the PolicyType field's value. +func (s *AccountPolicy) SetPolicyType(v string) *AccountPolicy { + s.PolicyType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *AccountPolicy) SetScope(v string) *AccountPolicy { + s.Scope = &v + return s +} + +// SetSelectionCriteria sets the SelectionCriteria field's value. +func (s *AccountPolicy) SetSelectionCriteria(v string) *AccountPolicy { + s.SelectionCriteria = &v + return s +} + +// This structure represents one anomaly that has been found by a logs anomaly +// detector. +// +// For more information about patterns and anomalies, see CreateLogAnomalyDetector +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html). +type Anomaly struct { + _ struct{} `type:"structure"` + + // Specifies whether this anomaly is still ongoing. + // + // Active is a required field + Active *bool `locationName:"active" type:"boolean" required:"true"` + + // The ARN of the anomaly detector that identified this anomaly. + // + // AnomalyDetectorArn is a required field + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string" required:"true"` + + // The unique ID that CloudWatch Logs assigned to this anomaly. + // + // AnomalyId is a required field + AnomalyId *string `locationName:"anomalyId" min:"36" type:"string" required:"true"` + + // A human-readable description of the anomaly. This description is generated + // by CloudWatch Logs. + // + // Description is a required field + Description *string `locationName:"description" min:"1" type:"string" required:"true"` + + // The date and time when the anomaly detector first saw this anomaly. It is + // specified as epoch time, which is the number of seconds since January 1, + // 1970, 00:00:00 UTC. + // + // FirstSeen is a required field + FirstSeen *int64 `locationName:"firstSeen" type:"long" required:"true"` + + // A map showing times when the anomaly detector ran, and the number of occurrences + // of this anomaly that were detected at each of those runs. The times are specified + // in epoch time, which is the number of seconds since January 1, 1970, 00:00:00 + // UTC. + // + // Histogram is a required field + Histogram map[string]*int64 `locationName:"histogram" type:"map" required:"true"` + + // If this anomaly is suppressed, this field is true if the suppression is because + // the pattern is suppressed. If false, then only this particular anomaly is + // suppressed. + IsPatternLevelSuppression *bool `locationName:"isPatternLevelSuppression" type:"boolean"` + + // The date and time when the anomaly detector most recently saw this anomaly. + // It is specified as epoch time, which is the number of seconds since January + // 1, 1970, 00:00:00 UTC. + // + // LastSeen is a required field + LastSeen *int64 `locationName:"lastSeen" type:"long" required:"true"` + + // An array of ARNS of the log groups that contained log events considered to + // be part of this anomaly. + // + // LogGroupArnList is a required field + LogGroupArnList []*string `locationName:"logGroupArnList" type:"list" required:"true"` + + // An array of sample log event messages that are considered to be part of this + // anomaly. + // + // LogSamples is a required field + LogSamples []*LogEvent `locationName:"logSamples" type:"list" required:"true"` + + // The ID of the pattern used to help identify this anomaly. + // + // PatternId is a required field + PatternId *string `locationName:"patternId" min:"32" type:"string" required:"true"` + + // The pattern used to help identify this anomaly, in regular expression format. + PatternRegex *string `locationName:"patternRegex" min:"1" type:"string"` + + // The pattern used to help identify this anomaly, in string format. + // + // PatternString is a required field + PatternString *string `locationName:"patternString" min:"1" type:"string" required:"true"` + + // An array of structures where each structure contains information about one + // token that makes up the pattern. + // + // PatternTokens is a required field + PatternTokens []*PatternToken `locationName:"patternTokens" type:"list" required:"true"` + + // The priority level of this anomaly, as determined by CloudWatch Logs. Priority + // is computed based on log severity labels such as FATAL and ERROR and the + // amount of deviation from the baseline. Possible values are HIGH, MEDIUM, + // and LOW. + Priority *string `locationName:"priority" min:"1" type:"string"` + + // Indicates the current state of this anomaly. If it is still being treated + // as an anomaly, the value is Active. If you have suppressed this anomaly by + // using the UpdateAnomaly (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateAnomaly.html) + // operation, the value is Suppressed. If this behavior is now considered to + // be normal, the value is Baseline. + // + // State is a required field + State *string `locationName:"state" type:"string" required:"true" enum:"State"` + + // Indicates whether this anomaly is currently suppressed. To suppress an anomaly, + // use UpdateAnomaly (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateAnomaly.html). + Suppressed *bool `locationName:"suppressed" type:"boolean"` + + // If the anomaly is suppressed, this indicates when it was suppressed. + SuppressedDate *int64 `locationName:"suppressedDate" type:"long"` + + // If the anomaly is suppressed, this indicates when the suppression will end. + // If this value is 0, the anomaly was suppressed with no expiration, with the + // INFINITE value. + SuppressedUntil *int64 `locationName:"suppressedUntil" type:"long"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Anomaly) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Anomaly) GoString() string { + return s.String() +} + +// SetActive sets the Active field's value. +func (s *Anomaly) SetActive(v bool) *Anomaly { + s.Active = &v + return s +} + +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *Anomaly) SetAnomalyDetectorArn(v string) *Anomaly { + s.AnomalyDetectorArn = &v + return s +} + +// SetAnomalyId sets the AnomalyId field's value. +func (s *Anomaly) SetAnomalyId(v string) *Anomaly { + s.AnomalyId = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *Anomaly) SetDescription(v string) *Anomaly { + s.Description = &v + return s +} + +// SetFirstSeen sets the FirstSeen field's value. +func (s *Anomaly) SetFirstSeen(v int64) *Anomaly { + s.FirstSeen = &v + return s +} + +// SetHistogram sets the Histogram field's value. +func (s *Anomaly) SetHistogram(v map[string]*int64) *Anomaly { + s.Histogram = v + return s +} + +// SetIsPatternLevelSuppression sets the IsPatternLevelSuppression field's value. +func (s *Anomaly) SetIsPatternLevelSuppression(v bool) *Anomaly { + s.IsPatternLevelSuppression = &v + return s +} + +// SetLastSeen sets the LastSeen field's value. +func (s *Anomaly) SetLastSeen(v int64) *Anomaly { + s.LastSeen = &v + return s +} + +// SetLogGroupArnList sets the LogGroupArnList field's value. +func (s *Anomaly) SetLogGroupArnList(v []*string) *Anomaly { + s.LogGroupArnList = v + return s +} + +// SetLogSamples sets the LogSamples field's value. +func (s *Anomaly) SetLogSamples(v []*LogEvent) *Anomaly { + s.LogSamples = v + return s +} + +// SetPatternId sets the PatternId field's value. +func (s *Anomaly) SetPatternId(v string) *Anomaly { + s.PatternId = &v + return s +} + +// SetPatternRegex sets the PatternRegex field's value. +func (s *Anomaly) SetPatternRegex(v string) *Anomaly { + s.PatternRegex = &v + return s +} + +// SetPatternString sets the PatternString field's value. +func (s *Anomaly) SetPatternString(v string) *Anomaly { + s.PatternString = &v + return s +} + +// SetPatternTokens sets the PatternTokens field's value. +func (s *Anomaly) SetPatternTokens(v []*PatternToken) *Anomaly { + s.PatternTokens = v + return s +} + +// SetPriority sets the Priority field's value. +func (s *Anomaly) SetPriority(v string) *Anomaly { + s.Priority = &v + return s +} + +// SetState sets the State field's value. +func (s *Anomaly) SetState(v string) *Anomaly { + s.State = &v + return s +} + +// SetSuppressed sets the Suppressed field's value. +func (s *Anomaly) SetSuppressed(v bool) *Anomaly { + s.Suppressed = &v + return s +} + +// SetSuppressedDate sets the SuppressedDate field's value. +func (s *Anomaly) SetSuppressedDate(v int64) *Anomaly { + s.SuppressedDate = &v + return s +} + +// SetSuppressedUntil sets the SuppressedUntil field's value. +func (s *Anomaly) SetSuppressedUntil(v int64) *Anomaly { + s.SuppressedUntil = &v + return s +} + +// Contains information about one anomaly detector in the account. +type AnomalyDetector struct { + _ struct{} `type:"structure"` + + // The ARN of the anomaly detector. + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string"` + + // Specifies the current status of the anomaly detector. To pause an anomaly + // detector, use the enabled parameter in the UpdateLogAnomalyDetector (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateLogAnomalyDetector.html) + // operation. + AnomalyDetectorStatus *string `locationName:"anomalyDetectorStatus" type:"string" enum:"AnomalyDetectorStatus"` + + // The number of days used as the life cycle of anomalies. After this time, + // anomalies are automatically baselined and the anomaly detector model will + // treat new occurrences of similar event as normal. + AnomalyVisibilityTime *int64 `locationName:"anomalyVisibilityTime" min:"7" type:"long"` + + // The date and time when this anomaly detector was created. + CreationTimeStamp *int64 `locationName:"creationTimeStamp" type:"long"` + + // The name of the anomaly detector. + DetectorName *string `locationName:"detectorName" min:"1" type:"string"` + + // Specifies how often the anomaly detector runs and look for anomalies. + EvaluationFrequency *string `locationName:"evaluationFrequency" type:"string" enum:"EvaluationFrequency"` + + // A symbolic description of how CloudWatch Logs should interpret the data in + // each log event. For example, a log event can contain timestamps, IP addresses, + // strings, and so on. You use the filter pattern to specify what to look for + // in the log event message. + FilterPattern *string `locationName:"filterPattern" type:"string"` + + // The ID of the KMS key assigned to this anomaly detector, if any. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + + // The date and time when this anomaly detector was most recently modified. + LastModifiedTimeStamp *int64 `locationName:"lastModifiedTimeStamp" type:"long"` + + // A list of the ARNs of the log groups that this anomaly detector watches. + LogGroupArnList []*string `locationName:"logGroupArnList" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnomalyDetector) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnomalyDetector) GoString() string { + return s.String() +} + +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *AnomalyDetector) SetAnomalyDetectorArn(v string) *AnomalyDetector { + s.AnomalyDetectorArn = &v + return s +} + +// SetAnomalyDetectorStatus sets the AnomalyDetectorStatus field's value. +func (s *AnomalyDetector) SetAnomalyDetectorStatus(v string) *AnomalyDetector { + s.AnomalyDetectorStatus = &v + return s +} + +// SetAnomalyVisibilityTime sets the AnomalyVisibilityTime field's value. +func (s *AnomalyDetector) SetAnomalyVisibilityTime(v int64) *AnomalyDetector { + s.AnomalyVisibilityTime = &v + return s +} + +// SetCreationTimeStamp sets the CreationTimeStamp field's value. +func (s *AnomalyDetector) SetCreationTimeStamp(v int64) *AnomalyDetector { + s.CreationTimeStamp = &v + return s +} + +// SetDetectorName sets the DetectorName field's value. +func (s *AnomalyDetector) SetDetectorName(v string) *AnomalyDetector { + s.DetectorName = &v + return s +} + +// SetEvaluationFrequency sets the EvaluationFrequency field's value. +func (s *AnomalyDetector) SetEvaluationFrequency(v string) *AnomalyDetector { + s.EvaluationFrequency = &v + return s +} + +// SetFilterPattern sets the FilterPattern field's value. +func (s *AnomalyDetector) SetFilterPattern(v string) *AnomalyDetector { + s.FilterPattern = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *AnomalyDetector) SetKmsKeyId(v string) *AnomalyDetector { + s.KmsKeyId = &v + return s +} + +// SetLastModifiedTimeStamp sets the LastModifiedTimeStamp field's value. +func (s *AnomalyDetector) SetLastModifiedTimeStamp(v int64) *AnomalyDetector { + s.LastModifiedTimeStamp = &v + return s +} + +// SetLogGroupArnList sets the LogGroupArnList field's value. +func (s *AnomalyDetector) SetLogGroupArnList(v []*string) *AnomalyDetector { + s.LogGroupArnList = v + return s +} + +type AssociateKmsKeyInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the KMS key to use when encrypting log + // data. This must be a symmetric KMS key. For more information, see Amazon + // Resource Names (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) + // and Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html). + // + // KmsKeyId is a required field + KmsKeyId *string `locationName:"kmsKeyId" type:"string" required:"true"` + + // The name of the log group. + // + // In your AssociateKmsKey operation, you must specify either the resourceIdentifier + // parameter or the logGroup parameter, but you can't specify both. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // Specifies the target for this operation. You must specify one of the following: + // + // * Specify the following ARN to have future GetQueryResults (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html) + // operations in this account encrypt the results with the specified KMS + // key. Replace REGION and ACCOUNT_ID with your Region and account ID. arn:aws:logs:REGION:ACCOUNT_ID:query-result:* + // + // * Specify the ARN of a log group to have CloudWatch Logs use the KMS key + // to encrypt log events that are ingested and stored by that log group. + // The log group ARN must be in the following format. Replace REGION and + // ACCOUNT_ID with your Region and account ID. arn:aws:logs:REGION:ACCOUNT_ID:log-group:LOG_GROUP_NAME + // + // In your AssociateKmsKey operation, you must specify either the resourceIdentifier + // parameter or the logGroup parameter, but you can't specify both. + ResourceIdentifier *string `locationName:"resourceIdentifier" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateKmsKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateKmsKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateKmsKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateKmsKeyInput"} + if s.KmsKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KmsKeyId")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.ResourceIdentifier != nil && len(*s.ResourceIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *AssociateKmsKeyInput) SetKmsKeyId(v string) *AssociateKmsKeyInput { + s.KmsKeyId = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *AssociateKmsKeyInput) SetLogGroupName(v string) *AssociateKmsKeyInput { + s.LogGroupName = &v + return s +} + +// SetResourceIdentifier sets the ResourceIdentifier field's value. +func (s *AssociateKmsKeyInput) SetResourceIdentifier(v string) *AssociateKmsKeyInput { + s.ResourceIdentifier = &v + return s +} + +type AssociateKmsKeyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateKmsKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateKmsKeyOutput) GoString() string { + return s.String() +} + +type CancelExportTaskInput struct { + _ struct{} `type:"structure"` + + // The ID of the export task. + // + // TaskId is a required field + TaskId *string `locationName:"taskId" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelExportTaskInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CancelExportTaskInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelExportTaskInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CancelExportTaskInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CancelExportTaskInput"} + if s.TaskId == nil { + invalidParams.Add(request.NewErrParamRequired("TaskId")) + } + if s.TaskId != nil && len(*s.TaskId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TaskId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTaskId sets the TaskId field's value. +func (s *CancelExportTaskInput) SetTaskId(v string) *CancelExportTaskInput { + s.TaskId = &v + return s +} + +type CancelExportTaskOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelExportTaskOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelExportTaskOutput) GoString() string { + return s.String() +} + +// This operation attempted to create a resource that already exists. +type ConflictException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) GoString() string { + return s.String() +} + +func newErrorConflictException(v protocol.ResponseMetadata) error { + return &ConflictException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ConflictException) Code() string { + return "ConflictException" +} + +// Message returns the exception's message. +func (s *ConflictException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ConflictException) OrigErr() error { + return nil +} + +func (s *ConflictException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ConflictException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ConflictException) RequestID() string { + return s.RespMetadata.RequestID +} + +type CreateDeliveryInput struct { + _ struct{} `type:"structure"` + + // The ARN of the delivery destination to use for this delivery. + // + // DeliveryDestinationArn is a required field + DeliveryDestinationArn *string `locationName:"deliveryDestinationArn" type:"string" required:"true"` + + // The name of the delivery source to use for this delivery. + // + // DeliverySourceName is a required field + DeliverySourceName *string `locationName:"deliverySourceName" min:"1" type:"string" required:"true"` + + // An optional list of key-value pairs to associate with the resource. + // + // For more information about tagging, see Tagging Amazon Web Services resources + // (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDeliveryInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDeliveryInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateDeliveryInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateDeliveryInput"} + if s.DeliveryDestinationArn == nil { + invalidParams.Add(request.NewErrParamRequired("DeliveryDestinationArn")) + } + if s.DeliverySourceName == nil { + invalidParams.Add(request.NewErrParamRequired("DeliverySourceName")) + } + if s.DeliverySourceName != nil && len(*s.DeliverySourceName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DeliverySourceName", 1)) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDeliveryDestinationArn sets the DeliveryDestinationArn field's value. +func (s *CreateDeliveryInput) SetDeliveryDestinationArn(v string) *CreateDeliveryInput { + s.DeliveryDestinationArn = &v + return s +} + +// SetDeliverySourceName sets the DeliverySourceName field's value. +func (s *CreateDeliveryInput) SetDeliverySourceName(v string) *CreateDeliveryInput { + s.DeliverySourceName = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateDeliveryInput) SetTags(v map[string]*string) *CreateDeliveryInput { + s.Tags = v + return s +} + +type CreateDeliveryOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains information about the delivery that you just created. + Delivery *Delivery `locationName:"delivery" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDeliveryOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDeliveryOutput) GoString() string { + return s.String() +} + +// SetDelivery sets the Delivery field's value. +func (s *CreateDeliveryOutput) SetDelivery(v *Delivery) *CreateDeliveryOutput { + s.Delivery = v + return s +} + +type CreateExportTaskInput struct { + _ struct{} `type:"structure"` + + // The name of S3 bucket for the exported log data. The bucket must be in the + // same Amazon Web Services Region. + // + // Destination is a required field + Destination *string `locationName:"destination" min:"1" type:"string" required:"true"` + + // The prefix used as the start of the key for every object exported. If you + // don't specify a value, the default is exportedlogs. + DestinationPrefix *string `locationName:"destinationPrefix" type:"string"` + + // The start time of the range for the request, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. Events with a timestamp earlier than this + // time are not exported. + // + // From is a required field + From *int64 `locationName:"from" type:"long" required:"true"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + + // Export only log streams that match the provided prefix. If you don't specify + // a value, no prefix filter is applied. + LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"` + + // The name of the export task. + TaskName *string `locationName:"taskName" min:"1" type:"string"` + + // The end time of the range for the request, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time + // are not exported. + // + // You must specify a time that is not earlier than when this log group was + // created. + // + // To is a required field + To *int64 `locationName:"to" type:"long" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateExportTaskInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateExportTaskInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateExportTaskInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateExportTaskInput"} + if s.Destination == nil { + invalidParams.Add(request.NewErrParamRequired("Destination")) + } + if s.Destination != nil && len(*s.Destination) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Destination", 1)) + } + if s.From == nil { + invalidParams.Add(request.NewErrParamRequired("From")) + } + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1)) + } + if s.TaskName != nil && len(*s.TaskName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TaskName", 1)) + } + if s.To == nil { + invalidParams.Add(request.NewErrParamRequired("To")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestination sets the Destination field's value. +func (s *CreateExportTaskInput) SetDestination(v string) *CreateExportTaskInput { + s.Destination = &v + return s +} + +// SetDestinationPrefix sets the DestinationPrefix field's value. +func (s *CreateExportTaskInput) SetDestinationPrefix(v string) *CreateExportTaskInput { + s.DestinationPrefix = &v + return s +} + +// SetFrom sets the From field's value. +func (s *CreateExportTaskInput) SetFrom(v int64) *CreateExportTaskInput { + s.From = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *CreateExportTaskInput) SetLogGroupName(v string) *CreateExportTaskInput { + s.LogGroupName = &v + return s +} + +// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value. +func (s *CreateExportTaskInput) SetLogStreamNamePrefix(v string) *CreateExportTaskInput { + s.LogStreamNamePrefix = &v + return s +} + +// SetTaskName sets the TaskName field's value. +func (s *CreateExportTaskInput) SetTaskName(v string) *CreateExportTaskInput { + s.TaskName = &v + return s +} + +// SetTo sets the To field's value. +func (s *CreateExportTaskInput) SetTo(v int64) *CreateExportTaskInput { + s.To = &v + return s +} + +type CreateExportTaskOutput struct { + _ struct{} `type:"structure"` + + // The ID of the export task. + TaskId *string `locationName:"taskId" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateExportTaskOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateExportTaskOutput) GoString() string { + return s.String() +} + +// SetTaskId sets the TaskId field's value. +func (s *CreateExportTaskOutput) SetTaskId(v string) *CreateExportTaskOutput { + s.TaskId = &v + return s +} + +type CreateLogAnomalyDetectorInput struct { + _ struct{} `type:"structure"` + + // The number of days to have visibility on an anomaly. After this time period + // has elapsed for an anomaly, it will be automatically baselined and the anomaly + // detector will treat new occurrences of a similar anomaly as normal. Therefore, + // if you do not correct the cause of an anomaly during the time period specified + // in anomalyVisibilityTime, it will be considered normal going forward and + // will not be detected as an anomaly. + AnomalyVisibilityTime *int64 `locationName:"anomalyVisibilityTime" min:"7" type:"long"` + + // A name for this anomaly detector. + DetectorName *string `locationName:"detectorName" min:"1" type:"string"` + + // Specifies how often the anomaly detector is to run and look for anomalies. + // Set this value according to the frequency that the log group receives new + // logs. For example, if the log group receives new log events every 10 minutes, + // then 15 minutes might be a good setting for evaluationFrequency . + EvaluationFrequency *string `locationName:"evaluationFrequency" type:"string" enum:"EvaluationFrequency"` + + // You can use this parameter to limit the anomaly detection model to examine + // only log events that match the pattern you specify here. For more information, + // see Filter and Pattern Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). + FilterPattern *string `locationName:"filterPattern" type:"string"` + + // Optionally assigns a KMS key to secure this anomaly detector and its findings. + // If a key is assigned, the anomalies found and the model used by this detector + // are encrypted at rest with the key. If a key is assigned to an anomaly detector, + // a user must have permissions for both this key and for the anomaly detector + // to retrieve information about the anomalies that it finds. + // + // For more information about using a KMS key and to see the required IAM policy, + // see Use a KMS key with an anomaly detector (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/LogsAnomalyDetection-KMS.html). + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + + // An array containing the ARN of the log group that this anomaly detector will + // watch. You can specify only one log group ARN. + // + // LogGroupArnList is a required field + LogGroupArnList []*string `locationName:"logGroupArnList" type:"list" required:"true"` + + // An optional list of key-value pairs to associate with the resource. + // + // For more information about tagging, see Tagging Amazon Web Services resources + // (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogAnomalyDetectorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogAnomalyDetectorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateLogAnomalyDetectorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateLogAnomalyDetectorInput"} + if s.AnomalyVisibilityTime != nil && *s.AnomalyVisibilityTime < 7 { + invalidParams.Add(request.NewErrParamMinValue("AnomalyVisibilityTime", 7)) + } + if s.DetectorName != nil && len(*s.DetectorName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DetectorName", 1)) + } + if s.LogGroupArnList == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupArnList")) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAnomalyVisibilityTime sets the AnomalyVisibilityTime field's value. +func (s *CreateLogAnomalyDetectorInput) SetAnomalyVisibilityTime(v int64) *CreateLogAnomalyDetectorInput { + s.AnomalyVisibilityTime = &v + return s +} + +// SetDetectorName sets the DetectorName field's value. +func (s *CreateLogAnomalyDetectorInput) SetDetectorName(v string) *CreateLogAnomalyDetectorInput { + s.DetectorName = &v + return s +} + +// SetEvaluationFrequency sets the EvaluationFrequency field's value. +func (s *CreateLogAnomalyDetectorInput) SetEvaluationFrequency(v string) *CreateLogAnomalyDetectorInput { + s.EvaluationFrequency = &v + return s +} + +// SetFilterPattern sets the FilterPattern field's value. +func (s *CreateLogAnomalyDetectorInput) SetFilterPattern(v string) *CreateLogAnomalyDetectorInput { + s.FilterPattern = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *CreateLogAnomalyDetectorInput) SetKmsKeyId(v string) *CreateLogAnomalyDetectorInput { + s.KmsKeyId = &v + return s +} + +// SetLogGroupArnList sets the LogGroupArnList field's value. +func (s *CreateLogAnomalyDetectorInput) SetLogGroupArnList(v []*string) *CreateLogAnomalyDetectorInput { + s.LogGroupArnList = v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateLogAnomalyDetectorInput) SetTags(v map[string]*string) *CreateLogAnomalyDetectorInput { + s.Tags = v + return s +} + +type CreateLogAnomalyDetectorOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the log anomaly detector that you just created. + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogAnomalyDetectorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogAnomalyDetectorOutput) GoString() string { + return s.String() +} + +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *CreateLogAnomalyDetectorOutput) SetAnomalyDetectorArn(v string) *CreateLogAnomalyDetectorOutput { + s.AnomalyDetectorArn = &v + return s +} + +type CreateLogGroupInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the KMS key to use when encrypting log + // data. For more information, see Amazon Resource Names (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms). + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + + // Use this parameter to specify the log group class for this log group. There + // are two classes: + // + // * The Standard log class supports all CloudWatch Logs features. + // + // * The Infrequent Access log class supports a subset of CloudWatch Logs + // features and incurs lower costs. + // + // If you omit this parameter, the default of STANDARD is used. + // + // The value of logGroupClass can't be changed after a log group is created. + // + // For details about the features supported by each class, see Log classes (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html) + LogGroupClass *string `locationName:"logGroupClass" type:"string" enum:"LogGroupClass"` + + // A name for the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + + // The key-value pairs to use for the tags. + // + // You can grant users access to certain log groups while preventing them from + // accessing other log groups. To do so, tag your groups and use IAM policies + // that refer to those tags. To assign tags when you create a log group, you + // must have either the logs:TagResource or logs:TagLogGroup permission. For + // more information about tagging, see Tagging Amazon Web Services resources + // (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html). For more + // information about using tags to control access, see Controlling access to + // Amazon Web Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html). + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateLogGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateLogGroupInput"} + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *CreateLogGroupInput) SetKmsKeyId(v string) *CreateLogGroupInput { + s.KmsKeyId = &v + return s +} + +// SetLogGroupClass sets the LogGroupClass field's value. +func (s *CreateLogGroupInput) SetLogGroupClass(v string) *CreateLogGroupInput { + s.LogGroupClass = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *CreateLogGroupInput) SetLogGroupName(v string) *CreateLogGroupInput { + s.LogGroupName = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateLogGroupInput) SetTags(v map[string]*string) *CreateLogGroupInput { + s.Tags = v + return s +} + +type CreateLogGroupOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogGroupOutput) GoString() string { + return s.String() +} + +type CreateLogStreamInput struct { + _ struct{} `type:"structure"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + + // The name of the log stream. + // + // LogStreamName is a required field + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogStreamInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogStreamInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateLogStreamInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateLogStreamInput"} + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.LogStreamName == nil { + invalidParams.Add(request.NewErrParamRequired("LogStreamName")) + } + if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *CreateLogStreamInput) SetLogGroupName(v string) *CreateLogStreamInput { + s.LogGroupName = &v + return s +} + +// SetLogStreamName sets the LogStreamName field's value. +func (s *CreateLogStreamInput) SetLogStreamName(v string) *CreateLogStreamInput { + s.LogStreamName = &v + return s +} + +type CreateLogStreamOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogStreamOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateLogStreamOutput) GoString() string { + return s.String() +} + +// The event was already logged. +// +// PutLogEvents actions are now always accepted and never return DataAlreadyAcceptedException +// regardless of whether a given batch of log events has already been accepted. +type DataAlreadyAcceptedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + ExpectedSequenceToken *string `locationName:"expectedSequenceToken" min:"1" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataAlreadyAcceptedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataAlreadyAcceptedException) GoString() string { + return s.String() +} + +func newErrorDataAlreadyAcceptedException(v protocol.ResponseMetadata) error { + return &DataAlreadyAcceptedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *DataAlreadyAcceptedException) Code() string { + return "DataAlreadyAcceptedException" +} + +// Message returns the exception's message. +func (s *DataAlreadyAcceptedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *DataAlreadyAcceptedException) OrigErr() error { + return nil +} + +func (s *DataAlreadyAcceptedException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *DataAlreadyAcceptedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *DataAlreadyAcceptedException) RequestID() string { + return s.RespMetadata.RequestID +} + +type DeleteAccountPolicyInput struct { + _ struct{} `type:"structure"` + + // The name of the policy to delete. + // + // PolicyName is a required field + PolicyName *string `locationName:"policyName" type:"string" required:"true"` + + // The type of policy to delete. + // + // PolicyType is a required field + PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAccountPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAccountPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteAccountPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteAccountPolicyInput"} + if s.PolicyName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyName")) + } + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPolicyName sets the PolicyName field's value. +func (s *DeleteAccountPolicyInput) SetPolicyName(v string) *DeleteAccountPolicyInput { + s.PolicyName = &v + return s +} + +// SetPolicyType sets the PolicyType field's value. +func (s *DeleteAccountPolicyInput) SetPolicyType(v string) *DeleteAccountPolicyInput { + s.PolicyType = &v + return s +} + +type DeleteAccountPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAccountPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAccountPolicyOutput) GoString() string { + return s.String() +} + +type DeleteDataProtectionPolicyInput struct { + _ struct{} `type:"structure"` + + // The name or ARN of the log group that you want to delete the data protection + // policy for. + // + // LogGroupIdentifier is a required field + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDataProtectionPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDataProtectionPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDataProtectionPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDataProtectionPolicyInput"} + if s.LogGroupIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupIdentifier")) + } + if s.LogGroupIdentifier != nil && len(*s.LogGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *DeleteDataProtectionPolicyInput) SetLogGroupIdentifier(v string) *DeleteDataProtectionPolicyInput { + s.LogGroupIdentifier = &v + return s +} + +type DeleteDataProtectionPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDataProtectionPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDataProtectionPolicyOutput) GoString() string { + return s.String() +} + +type DeleteDeliveryDestinationInput struct { + _ struct{} `type:"structure"` + + // The name of the delivery destination that you want to delete. You can find + // a list of delivery destionation names by using the DescribeDeliveryDestinations + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveryDestinations.html) + // operation. + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDeliveryDestinationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDeliveryDestinationInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *DeleteDeliveryDestinationInput) SetName(v string) *DeleteDeliveryDestinationInput { + s.Name = &v + return s +} + +type DeleteDeliveryDestinationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationOutput) GoString() string { + return s.String() +} + +type DeleteDeliveryDestinationPolicyInput struct { + _ struct{} `type:"structure"` + + // The name of the delivery destination that you want to delete the policy for. + // + // DeliveryDestinationName is a required field + DeliveryDestinationName *string `locationName:"deliveryDestinationName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDeliveryDestinationPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDeliveryDestinationPolicyInput"} + if s.DeliveryDestinationName == nil { + invalidParams.Add(request.NewErrParamRequired("DeliveryDestinationName")) + } + if s.DeliveryDestinationName != nil && len(*s.DeliveryDestinationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DeliveryDestinationName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDeliveryDestinationName sets the DeliveryDestinationName field's value. +func (s *DeleteDeliveryDestinationPolicyInput) SetDeliveryDestinationName(v string) *DeleteDeliveryDestinationPolicyInput { + s.DeliveryDestinationName = &v + return s +} + +type DeleteDeliveryDestinationPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryDestinationPolicyOutput) GoString() string { + return s.String() +} + +type DeleteDeliveryInput struct { + _ struct{} `type:"structure"` + + // The unique ID of the delivery to delete. You can find the ID of a delivery + // with the DescribeDeliveries (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDeliveries.html) + // operation. + // + // Id is a required field + Id *string `locationName:"id" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDeliveryInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDeliveryInput"} + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetId sets the Id field's value. +func (s *DeleteDeliveryInput) SetId(v string) *DeleteDeliveryInput { + s.Id = &v + return s +} + +type DeleteDeliveryOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliveryOutput) GoString() string { + return s.String() +} + +type DeleteDeliverySourceInput struct { + _ struct{} `type:"structure"` + + // The name of the delivery source that you want to delete. + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliverySourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliverySourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDeliverySourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDeliverySourceInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *DeleteDeliverySourceInput) SetName(v string) *DeleteDeliverySourceInput { + s.Name = &v + return s +} + +type DeleteDeliverySourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliverySourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDeliverySourceOutput) GoString() string { + return s.String() +} + +type DeleteDestinationInput struct { + _ struct{} `type:"structure"` + + // The name of the destination. + // + // DestinationName is a required field + DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDestinationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDestinationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDestinationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDestinationInput"} + if s.DestinationName == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationName")) + } + if s.DestinationName != nil && len(*s.DestinationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestinationName sets the DestinationName field's value. +func (s *DeleteDestinationInput) SetDestinationName(v string) *DeleteDestinationInput { + s.DestinationName = &v + return s +} + +type DeleteDestinationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDestinationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDestinationOutput) GoString() string { + return s.String() +} + +type DeleteLogAnomalyDetectorInput struct { + _ struct{} `type:"structure"` + + // The ARN of the anomaly detector to delete. You can find the ARNs of log anomaly + // detectors in your account by using the ListLogAnomalyDetectors (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html) + // operation. + // + // AnomalyDetectorArn is a required field + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogAnomalyDetectorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogAnomalyDetectorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteLogAnomalyDetectorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteLogAnomalyDetectorInput"} + if s.AnomalyDetectorArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnomalyDetectorArn")) + } + if s.AnomalyDetectorArn != nil && len(*s.AnomalyDetectorArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AnomalyDetectorArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *DeleteLogAnomalyDetectorInput) SetAnomalyDetectorArn(v string) *DeleteLogAnomalyDetectorInput { + s.AnomalyDetectorArn = &v + return s +} + +type DeleteLogAnomalyDetectorOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogAnomalyDetectorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogAnomalyDetectorOutput) GoString() string { + return s.String() +} + +type DeleteLogGroupInput struct { + _ struct{} `type:"structure"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteLogGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteLogGroupInput"} + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DeleteLogGroupInput) SetLogGroupName(v string) *DeleteLogGroupInput { + s.LogGroupName = &v + return s +} + +type DeleteLogGroupOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogGroupOutput) GoString() string { + return s.String() +} + +type DeleteLogStreamInput struct { + _ struct{} `type:"structure"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + + // The name of the log stream. + // + // LogStreamName is a required field + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogStreamInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogStreamInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteLogStreamInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteLogStreamInput"} + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.LogStreamName == nil { + invalidParams.Add(request.NewErrParamRequired("LogStreamName")) + } + if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DeleteLogStreamInput) SetLogGroupName(v string) *DeleteLogStreamInput { + s.LogGroupName = &v + return s +} + +// SetLogStreamName sets the LogStreamName field's value. +func (s *DeleteLogStreamInput) SetLogStreamName(v string) *DeleteLogStreamInput { + s.LogStreamName = &v + return s +} + +type DeleteLogStreamOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogStreamOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteLogStreamOutput) GoString() string { + return s.String() +} + +type DeleteMetricFilterInput struct { + _ struct{} `type:"structure"` + + // The name of the metric filter. + // + // FilterName is a required field + FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricFilterInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricFilterInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteMetricFilterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteMetricFilterInput"} + if s.FilterName == nil { + invalidParams.Add(request.NewErrParamRequired("FilterName")) + } + if s.FilterName != nil && len(*s.FilterName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) + } + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilterName sets the FilterName field's value. +func (s *DeleteMetricFilterInput) SetFilterName(v string) *DeleteMetricFilterInput { + s.FilterName = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DeleteMetricFilterInput) SetLogGroupName(v string) *DeleteMetricFilterInput { + s.LogGroupName = &v + return s +} + +type DeleteMetricFilterOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricFilterOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteMetricFilterOutput) GoString() string { + return s.String() +} + +type DeleteQueryDefinitionInput struct { + _ struct{} `type:"structure"` + + // The ID of the query definition that you want to delete. You can use DescribeQueryDefinitions + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html) + // to retrieve the IDs of your saved query definitions. + // + // QueryDefinitionId is a required field + QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteQueryDefinitionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteQueryDefinitionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteQueryDefinitionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteQueryDefinitionInput"} + if s.QueryDefinitionId == nil { + invalidParams.Add(request.NewErrParamRequired("QueryDefinitionId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetQueryDefinitionId sets the QueryDefinitionId field's value. +func (s *DeleteQueryDefinitionInput) SetQueryDefinitionId(v string) *DeleteQueryDefinitionInput { + s.QueryDefinitionId = &v + return s +} + +type DeleteQueryDefinitionOutput struct { + _ struct{} `type:"structure"` + + // A value of TRUE indicates that the operation succeeded. FALSE indicates that + // the operation failed. + Success *bool `locationName:"success" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteQueryDefinitionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteQueryDefinitionOutput) GoString() string { + return s.String() +} + +// SetSuccess sets the Success field's value. +func (s *DeleteQueryDefinitionOutput) SetSuccess(v bool) *DeleteQueryDefinitionOutput { + s.Success = &v + return s +} + +type DeleteResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // The name of the policy to be revoked. This parameter is required. + PolicyName *string `locationName:"policyName" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyInput) GoString() string { + return s.String() +} + +// SetPolicyName sets the PolicyName field's value. +func (s *DeleteResourcePolicyInput) SetPolicyName(v string) *DeleteResourcePolicyInput { + s.PolicyName = &v + return s +} + +type DeleteResourcePolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyOutput) GoString() string { + return s.String() +} + +type DeleteRetentionPolicyInput struct { + _ struct{} `type:"structure"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRetentionPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRetentionPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteRetentionPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteRetentionPolicyInput"} + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DeleteRetentionPolicyInput) SetLogGroupName(v string) *DeleteRetentionPolicyInput { + s.LogGroupName = &v + return s +} + +type DeleteRetentionPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRetentionPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteRetentionPolicyOutput) GoString() string { + return s.String() +} + +type DeleteSubscriptionFilterInput struct { + _ struct{} `type:"structure"` + + // The name of the subscription filter. + // + // FilterName is a required field + FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSubscriptionFilterInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSubscriptionFilterInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteSubscriptionFilterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteSubscriptionFilterInput"} + if s.FilterName == nil { + invalidParams.Add(request.NewErrParamRequired("FilterName")) + } + if s.FilterName != nil && len(*s.FilterName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) + } + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilterName sets the FilterName field's value. +func (s *DeleteSubscriptionFilterInput) SetFilterName(v string) *DeleteSubscriptionFilterInput { + s.FilterName = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DeleteSubscriptionFilterInput) SetLogGroupName(v string) *DeleteSubscriptionFilterInput { + s.LogGroupName = &v + return s +} + +type DeleteSubscriptionFilterOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSubscriptionFilterOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSubscriptionFilterOutput) GoString() string { + return s.String() +} + +// This structure contains information about one delivery in your account. +// +// A delivery is a connection between a logical delivery source and a logical +// delivery destination. +// +// For more information, see CreateDelivery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). +// +// You can't update an existing delivery. You can only create and delete deliveries. +type Delivery struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) that uniquely identifies this delivery. + Arn *string `locationName:"arn" type:"string"` + + // The ARN of the delivery destination that is associated with this delivery. + DeliveryDestinationArn *string `locationName:"deliveryDestinationArn" type:"string"` + + // Displays whether the delivery destination associated with this delivery is + // CloudWatch Logs, Amazon S3, or Firehose. + DeliveryDestinationType *string `locationName:"deliveryDestinationType" type:"string" enum:"DeliveryDestinationType"` + + // The name of the delivery source that is associated with this delivery. + DeliverySourceName *string `locationName:"deliverySourceName" min:"1" type:"string"` + + // The unique ID that identifies this delivery in your account. + Id *string `locationName:"id" min:"1" type:"string"` + + // The tags that have been assigned to this delivery. + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Delivery) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Delivery) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *Delivery) SetArn(v string) *Delivery { + s.Arn = &v + return s +} + +// SetDeliveryDestinationArn sets the DeliveryDestinationArn field's value. +func (s *Delivery) SetDeliveryDestinationArn(v string) *Delivery { + s.DeliveryDestinationArn = &v + return s +} + +// SetDeliveryDestinationType sets the DeliveryDestinationType field's value. +func (s *Delivery) SetDeliveryDestinationType(v string) *Delivery { + s.DeliveryDestinationType = &v + return s +} + +// SetDeliverySourceName sets the DeliverySourceName field's value. +func (s *Delivery) SetDeliverySourceName(v string) *Delivery { + s.DeliverySourceName = &v + return s +} + +// SetId sets the Id field's value. +func (s *Delivery) SetId(v string) *Delivery { + s.Id = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *Delivery) SetTags(v map[string]*string) *Delivery { + s.Tags = v + return s +} + +// This structure contains information about one delivery destination in your +// account. A delivery destination is an Amazon Web Services resource that represents +// an Amazon Web Services service that logs can be sent to. CloudWatch Logs, +// Amazon S3, are supported as Firehose delivery destinations. +// +// To configure logs delivery between a supported Amazon Web Services service +// and a destination, you must do the following: +// +// - Create a delivery source, which is a logical object that represents +// the resource that is actually sending the logs. For more information, +// see PutDeliverySource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html). +// +// - Create a delivery destination, which is a logical object that represents +// the actual delivery destination. +// +// - If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) +// in the destination account to assign an IAM policy to the destination. +// This policy allows delivery to that destination. +// +// - Create a delivery by pairing exactly one delivery source and one delivery +// destination. For more information, see CreateDelivery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). +// +// You can configure a single delivery source to send logs to multiple destinations +// by creating multiple deliveries. You can also create multiple deliveries +// to configure multiple delivery sources to send logs to the same delivery +// destination. +type DeliveryDestination struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) that uniquely identifies this delivery destination. + Arn *string `locationName:"arn" type:"string"` + + // A structure that contains the ARN of the Amazon Web Services resource that + // will receive the logs. + DeliveryDestinationConfiguration *DeliveryDestinationConfiguration `locationName:"deliveryDestinationConfiguration" type:"structure"` + + // Displays whether this delivery destination is CloudWatch Logs, Amazon S3, + // or Firehose. + DeliveryDestinationType *string `locationName:"deliveryDestinationType" type:"string" enum:"DeliveryDestinationType"` + + // The name of this delivery destination. + Name *string `locationName:"name" min:"1" type:"string"` + + // The format of the logs that are sent to this delivery destination. + OutputFormat *string `locationName:"outputFormat" type:"string" enum:"OutputFormat"` + + // The tags that have been assigned to this delivery destination. + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeliveryDestination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeliveryDestination) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *DeliveryDestination) SetArn(v string) *DeliveryDestination { + s.Arn = &v + return s +} + +// SetDeliveryDestinationConfiguration sets the DeliveryDestinationConfiguration field's value. +func (s *DeliveryDestination) SetDeliveryDestinationConfiguration(v *DeliveryDestinationConfiguration) *DeliveryDestination { + s.DeliveryDestinationConfiguration = v + return s +} + +// SetDeliveryDestinationType sets the DeliveryDestinationType field's value. +func (s *DeliveryDestination) SetDeliveryDestinationType(v string) *DeliveryDestination { + s.DeliveryDestinationType = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeliveryDestination) SetName(v string) *DeliveryDestination { + s.Name = &v + return s +} + +// SetOutputFormat sets the OutputFormat field's value. +func (s *DeliveryDestination) SetOutputFormat(v string) *DeliveryDestination { + s.OutputFormat = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *DeliveryDestination) SetTags(v map[string]*string) *DeliveryDestination { + s.Tags = v + return s +} + +// A structure that contains information about one logs delivery destination. +type DeliveryDestinationConfiguration struct { + _ struct{} `type:"structure"` + + // The ARN of the Amazon Web Services destination that this delivery destination + // represents. That Amazon Web Services destination can be a log group in CloudWatch + // Logs, an Amazon S3 bucket, or a delivery stream in Firehose. + // + // DestinationResourceArn is a required field + DestinationResourceArn *string `locationName:"destinationResourceArn" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeliveryDestinationConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeliveryDestinationConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeliveryDestinationConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeliveryDestinationConfiguration"} + if s.DestinationResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationResourceArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestinationResourceArn sets the DestinationResourceArn field's value. +func (s *DeliveryDestinationConfiguration) SetDestinationResourceArn(v string) *DeliveryDestinationConfiguration { + s.DestinationResourceArn = &v + return s +} + +// This structure contains information about one delivery source in your account. +// A delivery source is an Amazon Web Services resource that sends logs to an +// Amazon Web Services destination. The destination can be CloudWatch Logs, +// Amazon S3, or Firehose. +// +// Only some Amazon Web Services services support being configured as a delivery +// source. These services are listed as Supported [V2 Permissions] in the table +// at Enabling logging from Amazon Web Services services. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) +// +// To configure logs delivery between a supported Amazon Web Services service +// and a destination, you must do the following: +// +// - Create a delivery source, which is a logical object that represents +// the resource that is actually sending the logs. For more information, +// see PutDeliverySource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html). +// +// - Create a delivery destination, which is a logical object that represents +// the actual delivery destination. For more information, see PutDeliveryDestination +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html). +// +// - If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) +// in the destination account to assign an IAM policy to the destination. +// This policy allows delivery to that destination. +// +// - Create a delivery by pairing exactly one delivery source and one delivery +// destination. For more information, see CreateDelivery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). +// +// You can configure a single delivery source to send logs to multiple destinations +// by creating multiple deliveries. You can also create multiple deliveries +// to configure multiple delivery sources to send logs to the same delivery +// destination. +type DeliverySource struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) that uniquely identifies this delivery source. + Arn *string `locationName:"arn" type:"string"` + + // The type of log that the source is sending. For valid values for this parameter, + // see the documentation for the source service. + LogType *string `locationName:"logType" min:"1" type:"string"` + + // The unique name of the delivery source. + Name *string `locationName:"name" min:"1" type:"string"` + + // This array contains the ARN of the Amazon Web Services resource that sends + // logs and is represented by this delivery source. Currently, only one ARN + // can be in the array. + ResourceArns []*string `locationName:"resourceArns" type:"list"` + + // The Amazon Web Services service that is sending logs. + Service *string `locationName:"service" min:"1" type:"string"` + + // The tags that have been assigned to this delivery source. + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeliverySource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeliverySource) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *DeliverySource) SetArn(v string) *DeliverySource { + s.Arn = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *DeliverySource) SetLogType(v string) *DeliverySource { + s.LogType = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeliverySource) SetName(v string) *DeliverySource { + s.Name = &v + return s +} + +// SetResourceArns sets the ResourceArns field's value. +func (s *DeliverySource) SetResourceArns(v []*string) *DeliverySource { + s.ResourceArns = v + return s +} + +// SetService sets the Service field's value. +func (s *DeliverySource) SetService(v string) *DeliverySource { + s.Service = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *DeliverySource) SetTags(v map[string]*string) *DeliverySource { + s.Tags = v + return s +} + +type DescribeAccountPoliciesInput struct { + _ struct{} `type:"structure"` + + // If you are using an account that is set up as a monitoring account for CloudWatch + // unified cross-account observability, you can use this to specify the account + // ID of a source account. If you do, the operation returns the account policy + // for the specified account. Currently, you can specify only one account ID + // in this parameter. + // + // If you omit this parameter, only the policy in the current account is returned. + AccountIdentifiers []*string `locationName:"accountIdentifiers" type:"list"` + + // Use this parameter to limit the returned policies to only the policy with + // the name that you specify. + PolicyName *string `locationName:"policyName" type:"string"` + + // Use this parameter to limit the returned policies to only the policies that + // match the policy type that you specify. + // + // PolicyType is a required field + PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeAccountPoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeAccountPoliciesInput"} + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountIdentifiers sets the AccountIdentifiers field's value. +func (s *DescribeAccountPoliciesInput) SetAccountIdentifiers(v []*string) *DescribeAccountPoliciesInput { + s.AccountIdentifiers = v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *DescribeAccountPoliciesInput) SetPolicyName(v string) *DescribeAccountPoliciesInput { + s.PolicyName = &v + return s +} + +// SetPolicyType sets the PolicyType field's value. +func (s *DescribeAccountPoliciesInput) SetPolicyType(v string) *DescribeAccountPoliciesInput { + s.PolicyType = &v + return s +} + +type DescribeAccountPoliciesOutput struct { + _ struct{} `type:"structure"` + + // An array of structures that contain information about the CloudWatch Logs + // account policies that match the specified filters. + AccountPolicies []*AccountPolicy `locationName:"accountPolicies" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountPoliciesOutput) GoString() string { + return s.String() +} + +// SetAccountPolicies sets the AccountPolicies field's value. +func (s *DescribeAccountPoliciesOutput) SetAccountPolicies(v []*AccountPolicy) *DescribeAccountPoliciesOutput { + s.AccountPolicies = v + return s +} + +type DescribeDeliveriesInput struct { + _ struct{} `type:"structure"` + + // Optionally specify the maximum number of deliveries to return in the response. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveriesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveriesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDeliveriesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDeliveriesInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *DescribeDeliveriesInput) SetLimit(v int64) *DescribeDeliveriesInput { + s.Limit = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDeliveriesInput) SetNextToken(v string) *DescribeDeliveriesInput { + s.NextToken = &v + return s +} + +type DescribeDeliveriesOutput struct { + _ struct{} `type:"structure"` + + // An array of structures. Each structure contains information about one delivery + // in the account. + Deliveries []*Delivery `locationName:"deliveries" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveriesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveriesOutput) GoString() string { + return s.String() +} + +// SetDeliveries sets the Deliveries field's value. +func (s *DescribeDeliveriesOutput) SetDeliveries(v []*Delivery) *DescribeDeliveriesOutput { + s.Deliveries = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDeliveriesOutput) SetNextToken(v string) *DescribeDeliveriesOutput { + s.NextToken = &v + return s +} + +type DescribeDeliveryDestinationsInput struct { + _ struct{} `type:"structure"` + + // Optionally specify the maximum number of delivery destinations to return + // in the response. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveryDestinationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveryDestinationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDeliveryDestinationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDeliveryDestinationsInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *DescribeDeliveryDestinationsInput) SetLimit(v int64) *DescribeDeliveryDestinationsInput { + s.Limit = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDeliveryDestinationsInput) SetNextToken(v string) *DescribeDeliveryDestinationsInput { + s.NextToken = &v + return s +} + +type DescribeDeliveryDestinationsOutput struct { + _ struct{} `type:"structure"` + + // An array of structures. Each structure contains information about one delivery + // destination in the account. + DeliveryDestinations []*DeliveryDestination `locationName:"deliveryDestinations" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveryDestinationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliveryDestinationsOutput) GoString() string { + return s.String() +} + +// SetDeliveryDestinations sets the DeliveryDestinations field's value. +func (s *DescribeDeliveryDestinationsOutput) SetDeliveryDestinations(v []*DeliveryDestination) *DescribeDeliveryDestinationsOutput { + s.DeliveryDestinations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDeliveryDestinationsOutput) SetNextToken(v string) *DescribeDeliveryDestinationsOutput { + s.NextToken = &v + return s +} + +type DescribeDeliverySourcesInput struct { + _ struct{} `type:"structure"` + + // Optionally specify the maximum number of delivery sources to return in the + // response. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliverySourcesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliverySourcesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDeliverySourcesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDeliverySourcesInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *DescribeDeliverySourcesInput) SetLimit(v int64) *DescribeDeliverySourcesInput { + s.Limit = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDeliverySourcesInput) SetNextToken(v string) *DescribeDeliverySourcesInput { + s.NextToken = &v + return s +} + +type DescribeDeliverySourcesOutput struct { + _ struct{} `type:"structure"` + + // An array of structures. Each structure contains information about one delivery + // source in the account. + DeliverySources []*DeliverySource `locationName:"deliverySources" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliverySourcesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDeliverySourcesOutput) GoString() string { + return s.String() +} + +// SetDeliverySources sets the DeliverySources field's value. +func (s *DescribeDeliverySourcesOutput) SetDeliverySources(v []*DeliverySource) *DescribeDeliverySourcesOutput { + s.DeliverySources = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDeliverySourcesOutput) SetNextToken(v string) *DescribeDeliverySourcesOutput { + s.NextToken = &v + return s +} + +type DescribeDestinationsInput struct { + _ struct{} `type:"structure"` + + // The prefix to match. If you don't specify a value, no prefix filter is applied. + DestinationNamePrefix *string `min:"1" type:"string"` + + // The maximum number of items returned. If you don't specify a value, the default + // maximum value of 50 items is used. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDestinationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDestinationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDestinationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDestinationsInput"} + if s.DestinationNamePrefix != nil && len(*s.DestinationNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DestinationNamePrefix", 1)) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestinationNamePrefix sets the DestinationNamePrefix field's value. +func (s *DescribeDestinationsInput) SetDestinationNamePrefix(v string) *DescribeDestinationsInput { + s.DestinationNamePrefix = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *DescribeDestinationsInput) SetLimit(v int64) *DescribeDestinationsInput { + s.Limit = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDestinationsInput) SetNextToken(v string) *DescribeDestinationsInput { + s.NextToken = &v + return s +} + +type DescribeDestinationsOutput struct { + _ struct{} `type:"structure"` + + // The destinations. + Destinations []*Destination `locationName:"destinations" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDestinationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDestinationsOutput) GoString() string { + return s.String() +} + +// SetDestinations sets the Destinations field's value. +func (s *DescribeDestinationsOutput) SetDestinations(v []*Destination) *DescribeDestinationsOutput { + s.Destinations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDestinationsOutput) SetNextToken(v string) *DescribeDestinationsOutput { + s.NextToken = &v + return s +} + +type DescribeExportTasksInput struct { + _ struct{} `type:"structure"` + + // The maximum number of items returned. If you don't specify a value, the default + // is up to 50 items. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // The status code of the export task. Specifying a status code filters the + // results to zero or more export tasks. + StatusCode *string `locationName:"statusCode" type:"string" enum:"ExportTaskStatusCode"` + + // The ID of the export task. Specifying a task ID filters the results to one + // or zero export tasks. + TaskId *string `locationName:"taskId" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeExportTasksInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeExportTasksInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeExportTasksInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeExportTasksInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.TaskId != nil && len(*s.TaskId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TaskId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *DescribeExportTasksInput) SetLimit(v int64) *DescribeExportTasksInput { + s.Limit = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeExportTasksInput) SetNextToken(v string) *DescribeExportTasksInput { + s.NextToken = &v + return s +} + +// SetStatusCode sets the StatusCode field's value. +func (s *DescribeExportTasksInput) SetStatusCode(v string) *DescribeExportTasksInput { + s.StatusCode = &v + return s +} + +// SetTaskId sets the TaskId field's value. +func (s *DescribeExportTasksInput) SetTaskId(v string) *DescribeExportTasksInput { + s.TaskId = &v + return s +} + +type DescribeExportTasksOutput struct { + _ struct{} `type:"structure"` + + // The export tasks. + ExportTasks []*ExportTask `locationName:"exportTasks" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeExportTasksOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeExportTasksOutput) GoString() string { + return s.String() +} + +// SetExportTasks sets the ExportTasks field's value. +func (s *DescribeExportTasksOutput) SetExportTasks(v []*ExportTask) *DescribeExportTasksOutput { + s.ExportTasks = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeExportTasksOutput) SetNextToken(v string) *DescribeExportTasksOutput { + s.NextToken = &v + return s +} + +type DescribeLogGroupsInput struct { + _ struct{} `type:"structure"` + + // When includeLinkedAccounts is set to True, use this parameter to specify + // the list of accounts to search. You can specify as many as 20 account IDs + // in the array. + AccountIdentifiers []*string `locationName:"accountIdentifiers" type:"list"` + + // If you are using a monitoring account, set this to True to have the operation + // return log groups in the accounts listed in accountIdentifiers. + // + // If this parameter is set to true and accountIdentifiers contains a null value, + // the operation returns all log groups in the monitoring account and all log + // groups in all source accounts that are linked to the monitoring account. + IncludeLinkedAccounts *bool `locationName:"includeLinkedAccounts" type:"boolean"` + + // The maximum number of items returned. If you don't specify a value, the default + // is up to 50 items. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // Specifies the log group class for this log group. There are two classes: + // + // * The Standard log class supports all CloudWatch Logs features. + // + // * The Infrequent Access log class supports a subset of CloudWatch Logs + // features and incurs lower costs. + // + // For details about the features supported by each class, see Log classes (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html) + LogGroupClass *string `locationName:"logGroupClass" type:"string" enum:"LogGroupClass"` + + // If you specify a string for this parameter, the operation returns only log + // groups that have names that match the string based on a case-sensitive substring + // search. For example, if you specify Foo, log groups named FooBar, aws/Foo, + // and GroupFoo would match, but foo, F/o/o and Froo would not match. + // + // If you specify logGroupNamePattern in your request, then only arn, creationTime, + // and logGroupName are included in the response. + // + // logGroupNamePattern and logGroupNamePrefix are mutually exclusive. Only one + // of these parameters can be passed. + LogGroupNamePattern *string `locationName:"logGroupNamePattern" type:"string"` + + // The prefix to match. + // + // logGroupNamePrefix and logGroupNamePattern are mutually exclusive. Only one + // of these parameters can be passed. + LogGroupNamePrefix *string `locationName:"logGroupNamePrefix" min:"1" type:"string"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogGroupsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogGroupsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLogGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLogGroupsInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.LogGroupNamePrefix != nil && len(*s.LogGroupNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupNamePrefix", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountIdentifiers sets the AccountIdentifiers field's value. +func (s *DescribeLogGroupsInput) SetAccountIdentifiers(v []*string) *DescribeLogGroupsInput { + s.AccountIdentifiers = v + return s +} + +// SetIncludeLinkedAccounts sets the IncludeLinkedAccounts field's value. +func (s *DescribeLogGroupsInput) SetIncludeLinkedAccounts(v bool) *DescribeLogGroupsInput { + s.IncludeLinkedAccounts = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *DescribeLogGroupsInput) SetLimit(v int64) *DescribeLogGroupsInput { + s.Limit = &v + return s +} + +// SetLogGroupClass sets the LogGroupClass field's value. +func (s *DescribeLogGroupsInput) SetLogGroupClass(v string) *DescribeLogGroupsInput { + s.LogGroupClass = &v + return s +} + +// SetLogGroupNamePattern sets the LogGroupNamePattern field's value. +func (s *DescribeLogGroupsInput) SetLogGroupNamePattern(v string) *DescribeLogGroupsInput { + s.LogGroupNamePattern = &v + return s +} + +// SetLogGroupNamePrefix sets the LogGroupNamePrefix field's value. +func (s *DescribeLogGroupsInput) SetLogGroupNamePrefix(v string) *DescribeLogGroupsInput { + s.LogGroupNamePrefix = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLogGroupsInput) SetNextToken(v string) *DescribeLogGroupsInput { + s.NextToken = &v + return s +} + +type DescribeLogGroupsOutput struct { + _ struct{} `type:"structure"` + + // The log groups. + // + // If the retentionInDays value is not included for a log group, then that log + // group's events do not expire. + LogGroups []*LogGroup `locationName:"logGroups" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogGroupsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogGroupsOutput) GoString() string { + return s.String() +} + +// SetLogGroups sets the LogGroups field's value. +func (s *DescribeLogGroupsOutput) SetLogGroups(v []*LogGroup) *DescribeLogGroupsOutput { + s.LogGroups = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLogGroupsOutput) SetNextToken(v string) *DescribeLogGroupsOutput { + s.NextToken = &v + return s +} + +type DescribeLogStreamsInput struct { + _ struct{} `type:"structure"` + + // If the value is true, results are returned in descending order. If the value + // is to false, results are returned in ascending order. The default value is + // false. + Descending *bool `locationName:"descending" type:"boolean"` + + // The maximum number of items returned. If you don't specify a value, the default + // is up to 50 items. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // Specify either the name or ARN of the log group to view. If the log group + // is in a source account and you are using a monitoring account, you must use + // the log group ARN. + // + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string"` + + // The name of the log group. + // + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // The prefix to match. + // + // If orderBy is LastEventTime, you cannot specify this parameter. + LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // If the value is LogStreamName, the results are ordered by log stream name. + // If the value is LastEventTime, the results are ordered by the event time. + // The default value is LogStreamName. + // + // If you order the results by event time, you cannot specify the logStreamNamePrefix + // parameter. + // + // lastEventTimestamp represents the time of the most recent log event in the + // log stream in CloudWatch Logs. This number is expressed as the number of + // milliseconds after Jan 1, 1970 00:00:00 UTC. lastEventTimestamp updates on + // an eventual consistency basis. It typically updates in less than an hour + // from ingestion, but in rare situations might take longer. + OrderBy *string `locationName:"orderBy" type:"string" enum:"OrderBy"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogStreamsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogStreamsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLogStreamsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLogStreamsInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.LogGroupIdentifier != nil && len(*s.LogGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifier", 1)) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescending sets the Descending field's value. +func (s *DescribeLogStreamsInput) SetDescending(v bool) *DescribeLogStreamsInput { + s.Descending = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *DescribeLogStreamsInput) SetLimit(v int64) *DescribeLogStreamsInput { + s.Limit = &v + return s +} + +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *DescribeLogStreamsInput) SetLogGroupIdentifier(v string) *DescribeLogStreamsInput { + s.LogGroupIdentifier = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DescribeLogStreamsInput) SetLogGroupName(v string) *DescribeLogStreamsInput { + s.LogGroupName = &v + return s +} + +// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value. +func (s *DescribeLogStreamsInput) SetLogStreamNamePrefix(v string) *DescribeLogStreamsInput { + s.LogStreamNamePrefix = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLogStreamsInput) SetNextToken(v string) *DescribeLogStreamsInput { + s.NextToken = &v + return s +} + +// SetOrderBy sets the OrderBy field's value. +func (s *DescribeLogStreamsInput) SetOrderBy(v string) *DescribeLogStreamsInput { + s.OrderBy = &v + return s +} + +type DescribeLogStreamsOutput struct { + _ struct{} `type:"structure"` + + // The log streams. + LogStreams []*LogStream `locationName:"logStreams" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogStreamsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeLogStreamsOutput) GoString() string { + return s.String() +} + +// SetLogStreams sets the LogStreams field's value. +func (s *DescribeLogStreamsOutput) SetLogStreams(v []*LogStream) *DescribeLogStreamsOutput { + s.LogStreams = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLogStreamsOutput) SetNextToken(v string) *DescribeLogStreamsOutput { + s.NextToken = &v + return s +} + +type DescribeMetricFiltersInput struct { + _ struct{} `type:"structure"` + + // The prefix to match. CloudWatch Logs uses the value that you set here only + // if you also include the logGroupName parameter in your request. + FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"` + + // The maximum number of items returned. If you don't specify a value, the default + // is up to 50 items. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The name of the log group. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // Filters results to include only those with the specified metric name. If + // you include this parameter in your request, you must also include the metricNamespace + // parameter. + MetricName *string `locationName:"metricName" type:"string"` + + // Filters results to include only those in the specified namespace. If you + // include this parameter in your request, you must also include the metricName + // parameter. + MetricNamespace *string `locationName:"metricNamespace" type:"string"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeMetricFiltersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeMetricFiltersInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeMetricFiltersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeMetricFiltersInput"} + if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1)) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilterNamePrefix sets the FilterNamePrefix field's value. +func (s *DescribeMetricFiltersInput) SetFilterNamePrefix(v string) *DescribeMetricFiltersInput { + s.FilterNamePrefix = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *DescribeMetricFiltersInput) SetLimit(v int64) *DescribeMetricFiltersInput { + s.Limit = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DescribeMetricFiltersInput) SetLogGroupName(v string) *DescribeMetricFiltersInput { + s.LogGroupName = &v + return s +} + +// SetMetricName sets the MetricName field's value. +func (s *DescribeMetricFiltersInput) SetMetricName(v string) *DescribeMetricFiltersInput { + s.MetricName = &v + return s +} + +// SetMetricNamespace sets the MetricNamespace field's value. +func (s *DescribeMetricFiltersInput) SetMetricNamespace(v string) *DescribeMetricFiltersInput { + s.MetricNamespace = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeMetricFiltersInput) SetNextToken(v string) *DescribeMetricFiltersInput { + s.NextToken = &v + return s +} + +type DescribeMetricFiltersOutput struct { + _ struct{} `type:"structure"` + + // The metric filters. + MetricFilters []*MetricFilter `locationName:"metricFilters" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeMetricFiltersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeMetricFiltersOutput) GoString() string { + return s.String() +} + +// SetMetricFilters sets the MetricFilters field's value. +func (s *DescribeMetricFiltersOutput) SetMetricFilters(v []*MetricFilter) *DescribeMetricFiltersOutput { + s.MetricFilters = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeMetricFiltersOutput) SetNextToken(v string) *DescribeMetricFiltersOutput { + s.NextToken = &v + return s +} + +type DescribeQueriesInput struct { + _ struct{} `type:"structure"` + + // Limits the returned queries to only those for the specified log group. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // Limits the number of returned queries to the specified number. + MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // Limits the returned queries to only those that have the specified status. + // Valid values are Cancelled, Complete, Failed, Running, and Scheduled. + Status *string `locationName:"status" type:"string" enum:"QueryStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueriesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueriesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeQueriesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeQueriesInput"} + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DescribeQueriesInput) SetLogGroupName(v string) *DescribeQueriesInput { + s.LogGroupName = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeQueriesInput) SetMaxResults(v int64) *DescribeQueriesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeQueriesInput) SetNextToken(v string) *DescribeQueriesInput { + s.NextToken = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *DescribeQueriesInput) SetStatus(v string) *DescribeQueriesInput { + s.Status = &v + return s +} + +type DescribeQueriesOutput struct { + _ struct{} `type:"structure"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // The list of queries that match the request. + Queries []*QueryInfo `locationName:"queries" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueriesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueriesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeQueriesOutput) SetNextToken(v string) *DescribeQueriesOutput { + s.NextToken = &v + return s +} + +// SetQueries sets the Queries field's value. +func (s *DescribeQueriesOutput) SetQueries(v []*QueryInfo) *DescribeQueriesOutput { + s.Queries = v + return s +} + +type DescribeQueryDefinitionsInput struct { + _ struct{} `type:"structure"` + + // Limits the number of returned query definitions to the specified number. + MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // Use this parameter to filter your results to only the query definitions that + // have names that start with the prefix you specify. + QueryDefinitionNamePrefix *string `locationName:"queryDefinitionNamePrefix" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueryDefinitionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueryDefinitionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeQueryDefinitionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeQueryDefinitionsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.QueryDefinitionNamePrefix != nil && len(*s.QueryDefinitionNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("QueryDefinitionNamePrefix", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeQueryDefinitionsInput) SetMaxResults(v int64) *DescribeQueryDefinitionsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeQueryDefinitionsInput) SetNextToken(v string) *DescribeQueryDefinitionsInput { + s.NextToken = &v + return s +} + +// SetQueryDefinitionNamePrefix sets the QueryDefinitionNamePrefix field's value. +func (s *DescribeQueryDefinitionsInput) SetQueryDefinitionNamePrefix(v string) *DescribeQueryDefinitionsInput { + s.QueryDefinitionNamePrefix = &v + return s +} + +type DescribeQueryDefinitionsOutput struct { + _ struct{} `type:"structure"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // The list of query definitions that match your request. + QueryDefinitions []*QueryDefinition `locationName:"queryDefinitions" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueryDefinitionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeQueryDefinitionsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeQueryDefinitionsOutput) SetNextToken(v string) *DescribeQueryDefinitionsOutput { + s.NextToken = &v + return s +} + +// SetQueryDefinitions sets the QueryDefinitions field's value. +func (s *DescribeQueryDefinitionsOutput) SetQueryDefinitions(v []*QueryDefinition) *DescribeQueryDefinitionsOutput { + s.QueryDefinitions = v + return s +} + +type DescribeResourcePoliciesInput struct { + _ struct{} `type:"structure"` + + // The maximum number of resource policies to be displayed with one call of + // this API. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeResourcePoliciesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeResourcePoliciesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeResourcePoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeResourcePoliciesInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *DescribeResourcePoliciesInput) SetLimit(v int64) *DescribeResourcePoliciesInput { + s.Limit = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeResourcePoliciesInput) SetNextToken(v string) *DescribeResourcePoliciesInput { + s.NextToken = &v + return s +} + +type DescribeResourcePoliciesOutput struct { + _ struct{} `type:"structure"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // The resource policies that exist in this account. + ResourcePolicies []*ResourcePolicy `locationName:"resourcePolicies" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeResourcePoliciesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeResourcePoliciesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeResourcePoliciesOutput) SetNextToken(v string) *DescribeResourcePoliciesOutput { + s.NextToken = &v + return s +} + +// SetResourcePolicies sets the ResourcePolicies field's value. +func (s *DescribeResourcePoliciesOutput) SetResourcePolicies(v []*ResourcePolicy) *DescribeResourcePoliciesOutput { + s.ResourcePolicies = v + return s +} + +type DescribeSubscriptionFiltersInput struct { + _ struct{} `type:"structure"` + + // The prefix to match. If you don't specify a value, no prefix filter is applied. + FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"` + + // The maximum number of items returned. If you don't specify a value, the default + // is up to 50 items. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSubscriptionFiltersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSubscriptionFiltersInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSubscriptionFiltersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSubscriptionFiltersInput"} + if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1)) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilterNamePrefix sets the FilterNamePrefix field's value. +func (s *DescribeSubscriptionFiltersInput) SetFilterNamePrefix(v string) *DescribeSubscriptionFiltersInput { + s.FilterNamePrefix = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *DescribeSubscriptionFiltersInput) SetLimit(v int64) *DescribeSubscriptionFiltersInput { + s.Limit = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DescribeSubscriptionFiltersInput) SetLogGroupName(v string) *DescribeSubscriptionFiltersInput { + s.LogGroupName = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSubscriptionFiltersInput) SetNextToken(v string) *DescribeSubscriptionFiltersInput { + s.NextToken = &v + return s +} + +type DescribeSubscriptionFiltersOutput struct { + _ struct{} `type:"structure"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // The subscription filters. + SubscriptionFilters []*SubscriptionFilter `locationName:"subscriptionFilters" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSubscriptionFiltersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSubscriptionFiltersOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSubscriptionFiltersOutput) SetNextToken(v string) *DescribeSubscriptionFiltersOutput { + s.NextToken = &v + return s +} + +// SetSubscriptionFilters sets the SubscriptionFilters field's value. +func (s *DescribeSubscriptionFiltersOutput) SetSubscriptionFilters(v []*SubscriptionFilter) *DescribeSubscriptionFiltersOutput { + s.SubscriptionFilters = v + return s +} + +// Represents a cross-account destination that receives subscription log events. +type Destination struct { + _ struct{} `type:"structure"` + + // An IAM policy document that governs which Amazon Web Services accounts can + // create subscription filters against this destination. + AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string"` + + // The ARN of this destination. + Arn *string `locationName:"arn" type:"string"` + + // The creation time of the destination, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + CreationTime *int64 `locationName:"creationTime" type:"long"` + + // The name of the destination. + DestinationName *string `locationName:"destinationName" min:"1" type:"string"` + + // A role for impersonation, used when delivering log events to the target. + RoleArn *string `locationName:"roleArn" min:"1" type:"string"` + + // The Amazon Resource Name (ARN) of the physical target where the log events + // are delivered (for example, a Kinesis stream). + TargetArn *string `locationName:"targetArn" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Destination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Destination) GoString() string { + return s.String() +} + +// SetAccessPolicy sets the AccessPolicy field's value. +func (s *Destination) SetAccessPolicy(v string) *Destination { + s.AccessPolicy = &v + return s +} + +// SetArn sets the Arn field's value. +func (s *Destination) SetArn(v string) *Destination { + s.Arn = &v + return s +} + +// SetCreationTime sets the CreationTime field's value. +func (s *Destination) SetCreationTime(v int64) *Destination { + s.CreationTime = &v + return s +} + +// SetDestinationName sets the DestinationName field's value. +func (s *Destination) SetDestinationName(v string) *Destination { + s.DestinationName = &v + return s +} + +// SetRoleArn sets the RoleArn field's value. +func (s *Destination) SetRoleArn(v string) *Destination { + s.RoleArn = &v + return s +} + +// SetTargetArn sets the TargetArn field's value. +func (s *Destination) SetTargetArn(v string) *Destination { + s.TargetArn = &v + return s +} + +type DisassociateKmsKeyInput struct { + _ struct{} `type:"structure"` + + // The name of the log group. + // + // In your DisassociateKmsKey operation, you must specify either the resourceIdentifier + // parameter or the logGroup parameter, but you can't specify both. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // Specifies the target for this operation. You must specify one of the following: + // + // * Specify the ARN of a log group to stop having CloudWatch Logs use the + // KMS key to encrypt log events that are ingested and stored by that log + // group. After you run this operation, CloudWatch Logs encrypts ingested + // log events with the default CloudWatch Logs method. The log group ARN + // must be in the following format. Replace REGION and ACCOUNT_ID with your + // Region and account ID. arn:aws:logs:REGION:ACCOUNT_ID:log-group:LOG_GROUP_NAME + // + // * Specify the following ARN to stop using this key to encrypt the results + // of future StartQuery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html) + // operations in this account. Replace REGION and ACCOUNT_ID with your Region + // and account ID. arn:aws:logs:REGION:ACCOUNT_ID:query-result:* + // + // In your DisssociateKmsKey operation, you must specify either the resourceIdentifier + // parameter or the logGroup parameter, but you can't specify both. + ResourceIdentifier *string `locationName:"resourceIdentifier" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateKmsKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateKmsKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateKmsKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateKmsKeyInput"} + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.ResourceIdentifier != nil && len(*s.ResourceIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *DisassociateKmsKeyInput) SetLogGroupName(v string) *DisassociateKmsKeyInput { + s.LogGroupName = &v + return s +} + +// SetResourceIdentifier sets the ResourceIdentifier field's value. +func (s *DisassociateKmsKeyInput) SetResourceIdentifier(v string) *DisassociateKmsKeyInput { + s.ResourceIdentifier = &v + return s +} + +type DisassociateKmsKeyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateKmsKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisassociateKmsKeyOutput) GoString() string { + return s.String() +} + +// Represents an export task. +type ExportTask struct { + _ struct{} `type:"structure"` + + // The name of the S3 bucket to which the log data was exported. + Destination *string `locationName:"destination" min:"1" type:"string"` + + // The prefix that was used as the start of Amazon S3 key for every object exported. + DestinationPrefix *string `locationName:"destinationPrefix" type:"string"` + + // Execution information about the export task. + ExecutionInfo *ExportTaskExecutionInfo `locationName:"executionInfo" type:"structure"` + + // The start time, expressed as the number of milliseconds after Jan 1, 1970 + // 00:00:00 UTC. Events with a timestamp before this time are not exported. + From *int64 `locationName:"from" type:"long"` + + // The name of the log group from which logs data was exported. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // The status of the export task. + Status *ExportTaskStatus `locationName:"status" type:"structure"` + + // The ID of the export task. + TaskId *string `locationName:"taskId" min:"1" type:"string"` + + // The name of the export task. + TaskName *string `locationName:"taskName" min:"1" type:"string"` + + // The end time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 + // UTC. Events with a timestamp later than this time are not exported. + To *int64 `locationName:"to" type:"long"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTask) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTask) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *ExportTask) SetDestination(v string) *ExportTask { + s.Destination = &v + return s +} + +// SetDestinationPrefix sets the DestinationPrefix field's value. +func (s *ExportTask) SetDestinationPrefix(v string) *ExportTask { + s.DestinationPrefix = &v + return s +} + +// SetExecutionInfo sets the ExecutionInfo field's value. +func (s *ExportTask) SetExecutionInfo(v *ExportTaskExecutionInfo) *ExportTask { + s.ExecutionInfo = v + return s +} + +// SetFrom sets the From field's value. +func (s *ExportTask) SetFrom(v int64) *ExportTask { + s.From = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *ExportTask) SetLogGroupName(v string) *ExportTask { + s.LogGroupName = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ExportTask) SetStatus(v *ExportTaskStatus) *ExportTask { + s.Status = v + return s +} + +// SetTaskId sets the TaskId field's value. +func (s *ExportTask) SetTaskId(v string) *ExportTask { + s.TaskId = &v + return s +} + +// SetTaskName sets the TaskName field's value. +func (s *ExportTask) SetTaskName(v string) *ExportTask { + s.TaskName = &v + return s +} + +// SetTo sets the To field's value. +func (s *ExportTask) SetTo(v int64) *ExportTask { + s.To = &v + return s +} + +// Represents the status of an export task. +type ExportTaskExecutionInfo struct { + _ struct{} `type:"structure"` + + // The completion time of the export task, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + CompletionTime *int64 `locationName:"completionTime" type:"long"` + + // The creation time of the export task, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + CreationTime *int64 `locationName:"creationTime" type:"long"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTaskExecutionInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTaskExecutionInfo) GoString() string { + return s.String() +} + +// SetCompletionTime sets the CompletionTime field's value. +func (s *ExportTaskExecutionInfo) SetCompletionTime(v int64) *ExportTaskExecutionInfo { + s.CompletionTime = &v + return s +} + +// SetCreationTime sets the CreationTime field's value. +func (s *ExportTaskExecutionInfo) SetCreationTime(v int64) *ExportTaskExecutionInfo { + s.CreationTime = &v + return s +} + +// Represents the status of an export task. +type ExportTaskStatus struct { + _ struct{} `type:"structure"` + + // The status code of the export task. + Code *string `locationName:"code" type:"string" enum:"ExportTaskStatusCode"` + + // The status message related to the status code. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTaskStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTaskStatus) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *ExportTaskStatus) SetCode(v string) *ExportTaskStatus { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *ExportTaskStatus) SetMessage(v string) *ExportTaskStatus { + s.Message = &v + return s +} + +type FilterLogEventsInput struct { + _ struct{} `type:"structure"` + + // The end of the time range, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time are + // not returned. + EndTime *int64 `locationName:"endTime" type:"long"` + + // The filter pattern to use. For more information, see Filter and Pattern Syntax + // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). + // + // If not provided, all the events are matched. + FilterPattern *string `locationName:"filterPattern" type:"string"` + + // If the value is true, the operation attempts to provide responses that contain + // events from multiple log streams within the log group, interleaved in a single + // response. If the value is false, all the matched log events in the first + // log stream are searched first, then those in the next log stream, and so + // on. + // + // Important As of June 17, 2019, this parameter is ignored and the value is + // assumed to be true. The response from this operation always interleaves events + // from multiple log streams within a log group. + // + // Deprecated: Starting on June 17, 2019, this parameter will be ignored and the value will be assumed to be true. The response from this operation will always interleave events from multiple log streams within a log group. + Interleaved *bool `locationName:"interleaved" deprecated:"true" type:"boolean"` + + // The maximum number of events to return. The default is 10,000 events. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // Specify either the name or ARN of the log group to view log events from. + // If the log group is in a source account and you are using a monitoring account, + // you must use the log group ARN. + // + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string"` + + // The name of the log group to search. + // + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // Filters the results to include only events from log streams that have names + // starting with this prefix. + // + // If you specify a value for both logStreamNamePrefix and logStreamNames, but + // the value for logStreamNamePrefix does not match any log stream names specified + // in logStreamNames, the action returns an InvalidParameterException error. + LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"` + + // Filters the results to only logs from the log streams in this list. + // + // If you specify a value for both logStreamNamePrefix and logStreamNames, the + // action returns an InvalidParameterException error. + LogStreamNames []*string `locationName:"logStreamNames" min:"1" type:"list"` + + // The token for the next set of events to return. (You received this token + // from a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // The start of the time range, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. Events with a timestamp before this time are not + // returned. + StartTime *int64 `locationName:"startTime" type:"long"` + + // Specify true to display the log event fields with all sensitive data unmasked + // and visible. The default is false. + // + // To use this operation with this parameter, you must be signed into an account + // with the logs:Unmask permission. + Unmask *bool `locationName:"unmask" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterLogEventsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterLogEventsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *FilterLogEventsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "FilterLogEventsInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.LogGroupIdentifier != nil && len(*s.LogGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifier", 1)) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1)) + } + if s.LogStreamNames != nil && len(s.LogStreamNames) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamNames", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEndTime sets the EndTime field's value. +func (s *FilterLogEventsInput) SetEndTime(v int64) *FilterLogEventsInput { + s.EndTime = &v + return s +} + +// SetFilterPattern sets the FilterPattern field's value. +func (s *FilterLogEventsInput) SetFilterPattern(v string) *FilterLogEventsInput { + s.FilterPattern = &v + return s +} + +// SetInterleaved sets the Interleaved field's value. +func (s *FilterLogEventsInput) SetInterleaved(v bool) *FilterLogEventsInput { + s.Interleaved = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *FilterLogEventsInput) SetLimit(v int64) *FilterLogEventsInput { + s.Limit = &v + return s +} + +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *FilterLogEventsInput) SetLogGroupIdentifier(v string) *FilterLogEventsInput { + s.LogGroupIdentifier = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *FilterLogEventsInput) SetLogGroupName(v string) *FilterLogEventsInput { + s.LogGroupName = &v + return s +} + +// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value. +func (s *FilterLogEventsInput) SetLogStreamNamePrefix(v string) *FilterLogEventsInput { + s.LogStreamNamePrefix = &v + return s +} + +// SetLogStreamNames sets the LogStreamNames field's value. +func (s *FilterLogEventsInput) SetLogStreamNames(v []*string) *FilterLogEventsInput { + s.LogStreamNames = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *FilterLogEventsInput) SetNextToken(v string) *FilterLogEventsInput { + s.NextToken = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *FilterLogEventsInput) SetStartTime(v int64) *FilterLogEventsInput { + s.StartTime = &v + return s +} + +// SetUnmask sets the Unmask field's value. +func (s *FilterLogEventsInput) SetUnmask(v bool) *FilterLogEventsInput { + s.Unmask = &v + return s +} + +type FilterLogEventsOutput struct { + _ struct{} `type:"structure"` + + // The matched events. + Events []*FilteredLogEvent `locationName:"events" type:"list"` + + // The token to use when requesting the next set of items. The token expires + // after 24 hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // Important As of May 15, 2020, this parameter is no longer supported. This + // parameter returns an empty list. + // + // Indicates which log streams have been searched and whether each has been + // searched completely. + SearchedLogStreams []*SearchedLogStream `locationName:"searchedLogStreams" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterLogEventsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilterLogEventsOutput) GoString() string { + return s.String() +} + +// SetEvents sets the Events field's value. +func (s *FilterLogEventsOutput) SetEvents(v []*FilteredLogEvent) *FilterLogEventsOutput { + s.Events = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *FilterLogEventsOutput) SetNextToken(v string) *FilterLogEventsOutput { + s.NextToken = &v + return s +} + +// SetSearchedLogStreams sets the SearchedLogStreams field's value. +func (s *FilterLogEventsOutput) SetSearchedLogStreams(v []*SearchedLogStream) *FilterLogEventsOutput { + s.SearchedLogStreams = v + return s +} + +// Represents a matched event. +type FilteredLogEvent struct { + _ struct{} `type:"structure"` + + // The ID of the event. + EventId *string `locationName:"eventId" type:"string"` + + // The time the event was ingested, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + IngestionTime *int64 `locationName:"ingestionTime" type:"long"` + + // The name of the log stream to which this event belongs. + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"` + + // The data contained in the log event. + Message *string `locationName:"message" min:"1" type:"string"` + + // The time the event occurred, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. + Timestamp *int64 `locationName:"timestamp" type:"long"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilteredLogEvent) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FilteredLogEvent) GoString() string { + return s.String() +} + +// SetEventId sets the EventId field's value. +func (s *FilteredLogEvent) SetEventId(v string) *FilteredLogEvent { + s.EventId = &v + return s +} + +// SetIngestionTime sets the IngestionTime field's value. +func (s *FilteredLogEvent) SetIngestionTime(v int64) *FilteredLogEvent { + s.IngestionTime = &v + return s +} + +// SetLogStreamName sets the LogStreamName field's value. +func (s *FilteredLogEvent) SetLogStreamName(v string) *FilteredLogEvent { + s.LogStreamName = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *FilteredLogEvent) SetMessage(v string) *FilteredLogEvent { + s.Message = &v + return s +} + +// SetTimestamp sets the Timestamp field's value. +func (s *FilteredLogEvent) SetTimestamp(v int64) *FilteredLogEvent { + s.Timestamp = &v + return s +} + +type GetDataProtectionPolicyInput struct { + _ struct{} `type:"structure"` + + // The name or ARN of the log group that contains the data protection policy + // that you want to see. + // + // LogGroupIdentifier is a required field + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDataProtectionPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDataProtectionPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetDataProtectionPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetDataProtectionPolicyInput"} + if s.LogGroupIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupIdentifier")) + } + if s.LogGroupIdentifier != nil && len(*s.LogGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *GetDataProtectionPolicyInput) SetLogGroupIdentifier(v string) *GetDataProtectionPolicyInput { + s.LogGroupIdentifier = &v + return s +} + +type GetDataProtectionPolicyOutput struct { + _ struct{} `type:"structure"` + + // The date and time that this policy was most recently updated. + LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"` + + // The log group name or ARN that you specified in your request. + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string"` + + // The data protection policy document for this log group. + PolicyDocument *string `locationName:"policyDocument" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDataProtectionPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDataProtectionPolicyOutput) GoString() string { + return s.String() +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *GetDataProtectionPolicyOutput) SetLastUpdatedTime(v int64) *GetDataProtectionPolicyOutput { + s.LastUpdatedTime = &v + return s +} + +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *GetDataProtectionPolicyOutput) SetLogGroupIdentifier(v string) *GetDataProtectionPolicyOutput { + s.LogGroupIdentifier = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *GetDataProtectionPolicyOutput) SetPolicyDocument(v string) *GetDataProtectionPolicyOutput { + s.PolicyDocument = &v + return s +} + +type GetDeliveryDestinationInput struct { + _ struct{} `type:"structure"` + + // The name of the delivery destination that you want to retrieve. + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetDeliveryDestinationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetDeliveryDestinationInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *GetDeliveryDestinationInput) SetName(v string) *GetDeliveryDestinationInput { + s.Name = &v + return s +} + +type GetDeliveryDestinationOutput struct { + _ struct{} `type:"structure"` + + // A structure containing information about the delivery destination. + DeliveryDestination *DeliveryDestination `locationName:"deliveryDestination" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationOutput) GoString() string { + return s.String() +} + +// SetDeliveryDestination sets the DeliveryDestination field's value. +func (s *GetDeliveryDestinationOutput) SetDeliveryDestination(v *DeliveryDestination) *GetDeliveryDestinationOutput { + s.DeliveryDestination = v + return s +} + +type GetDeliveryDestinationPolicyInput struct { + _ struct{} `type:"structure"` + + // The name of the delivery destination that you want to retrieve the policy + // of. + // + // DeliveryDestinationName is a required field + DeliveryDestinationName *string `locationName:"deliveryDestinationName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetDeliveryDestinationPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetDeliveryDestinationPolicyInput"} + if s.DeliveryDestinationName == nil { + invalidParams.Add(request.NewErrParamRequired("DeliveryDestinationName")) + } + if s.DeliveryDestinationName != nil && len(*s.DeliveryDestinationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DeliveryDestinationName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDeliveryDestinationName sets the DeliveryDestinationName field's value. +func (s *GetDeliveryDestinationPolicyInput) SetDeliveryDestinationName(v string) *GetDeliveryDestinationPolicyInput { + s.DeliveryDestinationName = &v + return s +} + +type GetDeliveryDestinationPolicyOutput struct { + _ struct{} `type:"structure"` + + // The IAM policy for this delivery destination. + Policy *Policy `locationName:"policy" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryDestinationPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicy sets the Policy field's value. +func (s *GetDeliveryDestinationPolicyOutput) SetPolicy(v *Policy) *GetDeliveryDestinationPolicyOutput { + s.Policy = v + return s +} + +type GetDeliveryInput struct { + _ struct{} `type:"structure"` + + // The ID of the delivery that you want to retrieve. + // + // Id is a required field + Id *string `locationName:"id" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetDeliveryInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetDeliveryInput"} + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetId sets the Id field's value. +func (s *GetDeliveryInput) SetId(v string) *GetDeliveryInput { + s.Id = &v + return s +} + +type GetDeliveryOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains information about the delivery. + Delivery *Delivery `locationName:"delivery" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliveryOutput) GoString() string { + return s.String() +} + +// SetDelivery sets the Delivery field's value. +func (s *GetDeliveryOutput) SetDelivery(v *Delivery) *GetDeliveryOutput { + s.Delivery = v + return s +} + +type GetDeliverySourceInput struct { + _ struct{} `type:"structure"` + + // The name of the delivery source that you want to retrieve. + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliverySourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliverySourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CancelExportTaskInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CancelExportTaskInput"} - if s.TaskId == nil { - invalidParams.Add(request.NewErrParamRequired("TaskId")) +func (s *GetDeliverySourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetDeliverySourceInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) } - if s.TaskId != nil && len(*s.TaskId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("TaskId", 1)) + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } if invalidParams.Len() > 0 { @@ -4464,103 +13924,469 @@ func (s *CancelExportTaskInput) Validate() error { return nil } -// SetTaskId sets the TaskId field's value. -func (s *CancelExportTaskInput) SetTaskId(v string) *CancelExportTaskInput { - s.TaskId = &v +// SetName sets the Name field's value. +func (s *GetDeliverySourceInput) SetName(v string) *GetDeliverySourceInput { + s.Name = &v return s } -type CancelExportTaskOutput struct { +type GetDeliverySourceOutput struct { + _ struct{} `type:"structure"` + + // A structure containing information about the delivery source. + DeliverySource *DeliverySource `locationName:"deliverySource" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliverySourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDeliverySourceOutput) GoString() string { + return s.String() +} + +// SetDeliverySource sets the DeliverySource field's value. +func (s *GetDeliverySourceOutput) SetDeliverySource(v *DeliverySource) *GetDeliverySourceOutput { + s.DeliverySource = v + return s +} + +type GetLogAnomalyDetectorInput struct { + _ struct{} `type:"structure"` + + // The ARN of the anomaly detector to retrieve information about. You can find + // the ARNs of log anomaly detectors in your account by using the ListLogAnomalyDetectors + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html) + // operation. + // + // AnomalyDetectorArn is a required field + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogAnomalyDetectorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogAnomalyDetectorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetLogAnomalyDetectorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetLogAnomalyDetectorInput"} + if s.AnomalyDetectorArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnomalyDetectorArn")) + } + if s.AnomalyDetectorArn != nil && len(*s.AnomalyDetectorArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AnomalyDetectorArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *GetLogAnomalyDetectorInput) SetAnomalyDetectorArn(v string) *GetLogAnomalyDetectorInput { + s.AnomalyDetectorArn = &v + return s +} + +type GetLogAnomalyDetectorOutput struct { + _ struct{} `type:"structure"` + + // Specifies whether the anomaly detector is currently active. To change its + // status, use the enabled parameter in the UpdateLogAnomalyDetector (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateLogAnomalyDetector.html) + // operation. + AnomalyDetectorStatus *string `locationName:"anomalyDetectorStatus" type:"string" enum:"AnomalyDetectorStatus"` + + // The number of days used as the life cycle of anomalies. After this time, + // anomalies are automatically baselined and the anomaly detector model will + // treat new occurrences of similar event as normal. + AnomalyVisibilityTime *int64 `locationName:"anomalyVisibilityTime" min:"7" type:"long"` + + // The date and time when this anomaly detector was created. + CreationTimeStamp *int64 `locationName:"creationTimeStamp" type:"long"` + + // The name of the log anomaly detector + DetectorName *string `locationName:"detectorName" min:"1" type:"string"` + + // Specifies how often the anomaly detector runs and look for anomalies. Set + // this value according to the frequency that the log group receives new logs. + // For example, if the log group receives new log events every 10 minutes, then + // setting evaluationFrequency to FIFTEEN_MIN might be appropriate. + EvaluationFrequency *string `locationName:"evaluationFrequency" type:"string" enum:"EvaluationFrequency"` + + // A symbolic description of how CloudWatch Logs should interpret the data in + // each log event. For example, a log event can contain timestamps, IP addresses, + // strings, and so on. You use the filter pattern to specify what to look for + // in the log event message. + FilterPattern *string `locationName:"filterPattern" type:"string"` + + // The ID of the KMS key assigned to this anomaly detector, if any. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + + // The date and time when this anomaly detector was most recently modified. + LastModifiedTimeStamp *int64 `locationName:"lastModifiedTimeStamp" type:"long"` + + // An array of structures, where each structure contains the ARN of a log group + // associated with this anomaly detector. + LogGroupArnList []*string `locationName:"logGroupArnList" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogAnomalyDetectorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogAnomalyDetectorOutput) GoString() string { + return s.String() +} + +// SetAnomalyDetectorStatus sets the AnomalyDetectorStatus field's value. +func (s *GetLogAnomalyDetectorOutput) SetAnomalyDetectorStatus(v string) *GetLogAnomalyDetectorOutput { + s.AnomalyDetectorStatus = &v + return s +} + +// SetAnomalyVisibilityTime sets the AnomalyVisibilityTime field's value. +func (s *GetLogAnomalyDetectorOutput) SetAnomalyVisibilityTime(v int64) *GetLogAnomalyDetectorOutput { + s.AnomalyVisibilityTime = &v + return s +} + +// SetCreationTimeStamp sets the CreationTimeStamp field's value. +func (s *GetLogAnomalyDetectorOutput) SetCreationTimeStamp(v int64) *GetLogAnomalyDetectorOutput { + s.CreationTimeStamp = &v + return s +} + +// SetDetectorName sets the DetectorName field's value. +func (s *GetLogAnomalyDetectorOutput) SetDetectorName(v string) *GetLogAnomalyDetectorOutput { + s.DetectorName = &v + return s +} + +// SetEvaluationFrequency sets the EvaluationFrequency field's value. +func (s *GetLogAnomalyDetectorOutput) SetEvaluationFrequency(v string) *GetLogAnomalyDetectorOutput { + s.EvaluationFrequency = &v + return s +} + +// SetFilterPattern sets the FilterPattern field's value. +func (s *GetLogAnomalyDetectorOutput) SetFilterPattern(v string) *GetLogAnomalyDetectorOutput { + s.FilterPattern = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *GetLogAnomalyDetectorOutput) SetKmsKeyId(v string) *GetLogAnomalyDetectorOutput { + s.KmsKeyId = &v + return s +} + +// SetLastModifiedTimeStamp sets the LastModifiedTimeStamp field's value. +func (s *GetLogAnomalyDetectorOutput) SetLastModifiedTimeStamp(v int64) *GetLogAnomalyDetectorOutput { + s.LastModifiedTimeStamp = &v + return s +} + +// SetLogGroupArnList sets the LogGroupArnList field's value. +func (s *GetLogAnomalyDetectorOutput) SetLogGroupArnList(v []*string) *GetLogAnomalyDetectorOutput { + s.LogGroupArnList = v + return s +} + +type GetLogEventsInput struct { + _ struct{} `type:"structure"` + + // The end of the time range, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. Events with a timestamp equal to or later than + // this time are not included. + EndTime *int64 `locationName:"endTime" type:"long"` + + // The maximum number of log events returned. If you don't specify a limit, + // the default is as many log events as can fit in a response size of 1 MB (up + // to 10,000 log events). + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // Specify either the name or ARN of the log group to view events from. If the + // log group is in a source account and you are using a monitoring account, + // you must use the log group ARN. + // + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string"` + + // The name of the log group. + // + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // The name of the log stream. + // + // LogStreamName is a required field + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // If the value is true, the earliest log events are returned first. If the + // value is false, the latest log events are returned first. The default value + // is false. + // + // If you are using a previous nextForwardToken value as the nextToken in this + // operation, you must specify true for startFromHead. + StartFromHead *bool `locationName:"startFromHead" type:"boolean"` + + // The start of the time range, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. Events with a timestamp equal to this time or later + // than this time are included. Events with a timestamp earlier than this time + // are not included. + StartTime *int64 `locationName:"startTime" type:"long"` + + // Specify true to display the log event fields with all sensitive data unmasked + // and visible. The default is false. + // + // To use this operation with this parameter, you must be signed into an account + // with the logs:Unmask permission. + Unmask *bool `locationName:"unmask" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogEventsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogEventsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetLogEventsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetLogEventsInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.LogGroupIdentifier != nil && len(*s.LogGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifier", 1)) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.LogStreamName == nil { + invalidParams.Add(request.NewErrParamRequired("LogStreamName")) + } + if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEndTime sets the EndTime field's value. +func (s *GetLogEventsInput) SetEndTime(v int64) *GetLogEventsInput { + s.EndTime = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *GetLogEventsInput) SetLimit(v int64) *GetLogEventsInput { + s.Limit = &v + return s +} + +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *GetLogEventsInput) SetLogGroupIdentifier(v string) *GetLogEventsInput { + s.LogGroupIdentifier = &v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *GetLogEventsInput) SetLogGroupName(v string) *GetLogEventsInput { + s.LogGroupName = &v + return s +} + +// SetLogStreamName sets the LogStreamName field's value. +func (s *GetLogEventsInput) SetLogStreamName(v string) *GetLogEventsInput { + s.LogStreamName = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetLogEventsInput) SetNextToken(v string) *GetLogEventsInput { + s.NextToken = &v + return s +} + +// SetStartFromHead sets the StartFromHead field's value. +func (s *GetLogEventsInput) SetStartFromHead(v bool) *GetLogEventsInput { + s.StartFromHead = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *GetLogEventsInput) SetStartTime(v int64) *GetLogEventsInput { + s.StartTime = &v + return s +} + +// SetUnmask sets the Unmask field's value. +func (s *GetLogEventsInput) SetUnmask(v bool) *GetLogEventsInput { + s.Unmask = &v + return s +} + +type GetLogEventsOutput struct { _ struct{} `type:"structure"` + + // The events. + Events []*OutputLogEvent `locationName:"events" type:"list"` + + // The token for the next set of items in the backward direction. The token + // expires after 24 hours. This token is not null. If you have reached the end + // of the stream, it returns the same token you passed in. + NextBackwardToken *string `locationName:"nextBackwardToken" min:"1" type:"string"` + + // The token for the next set of items in the forward direction. The token expires + // after 24 hours. If you have reached the end of the stream, it returns the + // same token you passed in. + NextForwardToken *string `locationName:"nextForwardToken" min:"1" type:"string"` } -// String returns the string representation -func (s CancelExportTaskOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogEventsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CancelExportTaskOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogEventsOutput) GoString() string { return s.String() } -type CreateExportTaskInput struct { - _ struct{} `type:"structure"` +// SetEvents sets the Events field's value. +func (s *GetLogEventsOutput) SetEvents(v []*OutputLogEvent) *GetLogEventsOutput { + s.Events = v + return s +} - // The name of S3 bucket for the exported log data. The bucket must be in the - // same AWS region. - // - // Destination is a required field - Destination *string `locationName:"destination" min:"1" type:"string" required:"true"` +// SetNextBackwardToken sets the NextBackwardToken field's value. +func (s *GetLogEventsOutput) SetNextBackwardToken(v string) *GetLogEventsOutput { + s.NextBackwardToken = &v + return s +} - // The prefix used as the start of the key for every object exported. If you - // don't specify a value, the default is exportedlogs. - DestinationPrefix *string `locationName:"destinationPrefix" type:"string"` +// SetNextForwardToken sets the NextForwardToken field's value. +func (s *GetLogEventsOutput) SetNextForwardToken(v string) *GetLogEventsOutput { + s.NextForwardToken = &v + return s +} - // The start time of the range for the request, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. Events with a timestamp earlier than this - // time are not exported. - // - // From is a required field - From *int64 `locationName:"from" type:"long" required:"true"` +type GetLogGroupFieldsInput struct { + _ struct{} `type:"structure"` - // The name of the log group. + // Specify either the name or ARN of the log group to view. If the log group + // is in a source account and you are using a monitoring account, you must specify + // the ARN. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - - // Export only log streams that match the provided prefix. If you don't specify - // a value, no prefix filter is applied. - LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"` + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string"` - // The name of the export task. - TaskName *string `locationName:"taskName" min:"1" type:"string"` + // The name of the log group to search. + // + // You must include either logGroupIdentifier or logGroupName, but not both. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` - // The end time of the range for the request, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time - // are not exported. + // The time to set as the center of the query. If you specify time, the 8 minutes + // before and 8 minutes after this time are searched. If you omit time, the + // most recent 15 minutes up to the current time are searched. // - // To is a required field - To *int64 `locationName:"to" type:"long" required:"true"` + // The time value is specified as epoch time, which is the number of seconds + // since January 1, 1970, 00:00:00 UTC. + Time *int64 `locationName:"time" type:"long"` } -// String returns the string representation -func (s CreateExportTaskInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogGroupFieldsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CreateExportTaskInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogGroupFieldsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateExportTaskInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateExportTaskInput"} - if s.Destination == nil { - invalidParams.Add(request.NewErrParamRequired("Destination")) - } - if s.Destination != nil && len(*s.Destination) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Destination", 1)) - } - if s.From == nil { - invalidParams.Add(request.NewErrParamRequired("From")) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) +func (s *GetLogGroupFieldsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetLogGroupFieldsInput"} + if s.LogGroupIdentifier != nil && len(*s.LogGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifier", 1)) } if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) } - if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1)) - } - if s.TaskName != nil && len(*s.TaskName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("TaskName", 1)) - } - if s.To == nil { - invalidParams.Add(request.NewErrParamRequired("To")) - } if invalidParams.Len() > 0 { return invalidParams @@ -4568,109 +14394,182 @@ func (s *CreateExportTaskInput) Validate() error { return nil } -// SetDestination sets the Destination field's value. -func (s *CreateExportTaskInput) SetDestination(v string) *CreateExportTaskInput { - s.Destination = &v +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *GetLogGroupFieldsInput) SetLogGroupIdentifier(v string) *GetLogGroupFieldsInput { + s.LogGroupIdentifier = &v return s } -// SetDestinationPrefix sets the DestinationPrefix field's value. -func (s *CreateExportTaskInput) SetDestinationPrefix(v string) *CreateExportTaskInput { - s.DestinationPrefix = &v +// SetLogGroupName sets the LogGroupName field's value. +func (s *GetLogGroupFieldsInput) SetLogGroupName(v string) *GetLogGroupFieldsInput { + s.LogGroupName = &v return s } -// SetFrom sets the From field's value. -func (s *CreateExportTaskInput) SetFrom(v int64) *CreateExportTaskInput { - s.From = &v +// SetTime sets the Time field's value. +func (s *GetLogGroupFieldsInput) SetTime(v int64) *GetLogGroupFieldsInput { + s.Time = &v return s } -// SetLogGroupName sets the LogGroupName field's value. -func (s *CreateExportTaskInput) SetLogGroupName(v string) *CreateExportTaskInput { - s.LogGroupName = &v - return s +type GetLogGroupFieldsOutput struct { + _ struct{} `type:"structure"` + + // The array of fields found in the query. Each object in the array contains + // the name of the field, along with the percentage of time it appeared in the + // log events that were queried. + LogGroupFields []*LogGroupField `locationName:"logGroupFields" type:"list"` } -// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value. -func (s *CreateExportTaskInput) SetLogStreamNamePrefix(v string) *CreateExportTaskInput { - s.LogStreamNamePrefix = &v +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogGroupFieldsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogGroupFieldsOutput) GoString() string { + return s.String() +} + +// SetLogGroupFields sets the LogGroupFields field's value. +func (s *GetLogGroupFieldsOutput) SetLogGroupFields(v []*LogGroupField) *GetLogGroupFieldsOutput { + s.LogGroupFields = v return s } -// SetTaskName sets the TaskName field's value. -func (s *CreateExportTaskInput) SetTaskName(v string) *CreateExportTaskInput { - s.TaskName = &v +type GetLogRecordInput struct { + _ struct{} `type:"structure"` + + // The pointer corresponding to the log event record you want to retrieve. You + // get this from the response of a GetQueryResults operation. In that response, + // the value of the @ptr field for a log event is the value to use as logRecordPointer + // to retrieve that complete log event record. + // + // LogRecordPointer is a required field + LogRecordPointer *string `locationName:"logRecordPointer" type:"string" required:"true"` + + // Specify true to display the log event fields with all sensitive data unmasked + // and visible. The default is false. + // + // To use this operation with this parameter, you must be signed into an account + // with the logs:Unmask permission. + Unmask *bool `locationName:"unmask" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogRecordInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogRecordInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetLogRecordInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetLogRecordInput"} + if s.LogRecordPointer == nil { + invalidParams.Add(request.NewErrParamRequired("LogRecordPointer")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogRecordPointer sets the LogRecordPointer field's value. +func (s *GetLogRecordInput) SetLogRecordPointer(v string) *GetLogRecordInput { + s.LogRecordPointer = &v return s } -// SetTo sets the To field's value. -func (s *CreateExportTaskInput) SetTo(v int64) *CreateExportTaskInput { - s.To = &v +// SetUnmask sets the Unmask field's value. +func (s *GetLogRecordInput) SetUnmask(v bool) *GetLogRecordInput { + s.Unmask = &v return s } -type CreateExportTaskOutput struct { +type GetLogRecordOutput struct { _ struct{} `type:"structure"` - // The ID of the export task. - TaskId *string `locationName:"taskId" min:"1" type:"string"` + // The requested log event, as a JSON string. + LogRecord map[string]*string `locationName:"logRecord" type:"map"` } -// String returns the string representation -func (s CreateExportTaskOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogRecordOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CreateExportTaskOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetLogRecordOutput) GoString() string { return s.String() } -// SetTaskId sets the TaskId field's value. -func (s *CreateExportTaskOutput) SetTaskId(v string) *CreateExportTaskOutput { - s.TaskId = &v +// SetLogRecord sets the LogRecord field's value. +func (s *GetLogRecordOutput) SetLogRecord(v map[string]*string) *GetLogRecordOutput { + s.LogRecord = v return s } -type CreateLogGroupInput struct { +type GetQueryResultsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the CMK to use when encrypting log data. - // For more information, see Amazon Resource Names - AWS Key Management Service - // (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms). - KmsKeyId *string `locationName:"kmsKeyId" type:"string"` - - // The name of the log group. + // The ID number of the query. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - - // The key-value pairs to use for the tags. - Tags map[string]*string `locationName:"tags" min:"1" type:"map"` + // QueryId is a required field + QueryId *string `locationName:"queryId" type:"string" required:"true"` } -// String returns the string representation -func (s CreateLogGroupInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetQueryResultsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CreateLogGroupInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetQueryResultsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateLogGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateLogGroupInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) +func (s *GetQueryResultsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetQueryResultsInput"} + if s.QueryId == nil { + invalidParams.Add(request.NewErrParamRequired("QueryId")) } if invalidParams.Len() > 0 { @@ -4679,76 +14578,132 @@ func (s *CreateLogGroupInput) Validate() error { return nil } -// SetKmsKeyId sets the KmsKeyId field's value. -func (s *CreateLogGroupInput) SetKmsKeyId(v string) *CreateLogGroupInput { - s.KmsKeyId = &v - return s +// SetQueryId sets the QueryId field's value. +func (s *GetQueryResultsInput) SetQueryId(v string) *GetQueryResultsInput { + s.QueryId = &v + return s +} + +type GetQueryResultsOutput struct { + _ struct{} `type:"structure"` + + // If you associated an KMS key with the CloudWatch Logs Insights query results + // in this account, this field displays the ARN of the key that's used to encrypt + // the query results when StartQuery (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html) + // stores them. + EncryptionKey *string `locationName:"encryptionKey" type:"string"` + + // The log events that matched the query criteria during the most recent time + // it ran. + // + // The results value is an array of arrays. Each log event is one object in + // the top-level array. Each of these log event objects is an array of field/value + // pairs. + Results [][]*ResultField `locationName:"results" type:"list"` + + // Includes the number of log events scanned by the query, the number of log + // events that matched the query criteria, and the total number of bytes in + // the scanned log events. These values reflect the full raw results of the + // query. + Statistics *QueryStatistics `locationName:"statistics" type:"structure"` + + // The status of the most recent running of the query. Possible values are Cancelled, + // Complete, Failed, Running, Scheduled, Timeout, and Unknown. + // + // Queries time out after 60 minutes of runtime. To avoid having your queries + // time out, reduce the time range being searched or partition your query into + // a number of queries. + Status *string `locationName:"status" type:"string" enum:"QueryStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetQueryResultsOutput) String() string { + return awsutil.Prettify(s) } -// SetLogGroupName sets the LogGroupName field's value. -func (s *CreateLogGroupInput) SetLogGroupName(v string) *CreateLogGroupInput { - s.LogGroupName = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetQueryResultsOutput) GoString() string { + return s.String() } -// SetTags sets the Tags field's value. -func (s *CreateLogGroupInput) SetTags(v map[string]*string) *CreateLogGroupInput { - s.Tags = v +// SetEncryptionKey sets the EncryptionKey field's value. +func (s *GetQueryResultsOutput) SetEncryptionKey(v string) *GetQueryResultsOutput { + s.EncryptionKey = &v return s } -type CreateLogGroupOutput struct { - _ struct{} `type:"structure"` +// SetResults sets the Results field's value. +func (s *GetQueryResultsOutput) SetResults(v [][]*ResultField) *GetQueryResultsOutput { + s.Results = v + return s } -// String returns the string representation -func (s CreateLogGroupOutput) String() string { - return awsutil.Prettify(s) +// SetStatistics sets the Statistics field's value. +func (s *GetQueryResultsOutput) SetStatistics(v *QueryStatistics) *GetQueryResultsOutput { + s.Statistics = v + return s } -// GoString returns the string representation -func (s CreateLogGroupOutput) GoString() string { - return s.String() +// SetStatus sets the Status field's value. +func (s *GetQueryResultsOutput) SetStatus(v string) *GetQueryResultsOutput { + s.Status = &v + return s } -type CreateLogStreamInput struct { +// Represents a log event, which is a record of activity that was recorded by +// the application or resource being monitored. +type InputLogEvent struct { _ struct{} `type:"structure"` - // The name of the log group. + // The raw event message. Each log event can be no larger than 256 KB. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // Message is a required field + Message *string `locationName:"message" min:"1" type:"string" required:"true"` - // The name of the log stream. + // The time the event occurred, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. // - // LogStreamName is a required field - LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` + // Timestamp is a required field + Timestamp *int64 `locationName:"timestamp" type:"long" required:"true"` } -// String returns the string representation -func (s CreateLogStreamInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InputLogEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CreateLogStreamInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InputLogEvent) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateLogStreamInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateLogStreamInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) +func (s *InputLogEvent) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "InputLogEvent"} + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) } - if s.LogStreamName == nil { - invalidParams.Add(request.NewErrParamRequired("LogStreamName")) + if s.Message != nil && len(*s.Message) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Message", 1)) } - if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) + if s.Timestamp == nil { + invalidParams.Add(request.NewErrParamRequired("Timestamp")) } if invalidParams.Len() > 0 { @@ -4757,65 +14712,121 @@ func (s *CreateLogStreamInput) Validate() error { return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *CreateLogStreamInput) SetLogGroupName(v string) *CreateLogStreamInput { - s.LogGroupName = &v +// SetMessage sets the Message field's value. +func (s *InputLogEvent) SetMessage(v string) *InputLogEvent { + s.Message = &v return s } -// SetLogStreamName sets the LogStreamName field's value. -func (s *CreateLogStreamInput) SetLogStreamName(v string) *CreateLogStreamInput { - s.LogStreamName = &v +// SetTimestamp sets the Timestamp field's value. +func (s *InputLogEvent) SetTimestamp(v int64) *InputLogEvent { + s.Timestamp = &v return s } -type CreateLogStreamOutput struct { - _ struct{} `type:"structure"` +// The operation is not valid on the specified resource. +type InvalidOperationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s CreateLogStreamOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidOperationException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CreateLogStreamOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidOperationException) GoString() string { return s.String() } -// The event was already logged. -type DataAlreadyAcceptedException struct { +func newErrorInvalidOperationException(v protocol.ResponseMetadata) error { + return &InvalidOperationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidOperationException) Code() string { + return "InvalidOperationException" +} + +// Message returns the exception's message. +func (s *InvalidOperationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidOperationException) OrigErr() error { + return nil +} + +func (s *InvalidOperationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidOperationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidOperationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// A parameter is specified incorrectly. +type InvalidParameterException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - ExpectedSequenceToken *string `locationName:"expectedSequenceToken" min:"1" type:"string"` - Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s DataAlreadyAcceptedException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidParameterException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DataAlreadyAcceptedException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidParameterException) GoString() string { return s.String() } -func newErrorDataAlreadyAcceptedException(v protocol.ResponseMetadata) error { - return &DataAlreadyAcceptedException{ +func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { + return &InvalidParameterException{ RespMetadata: v, } } // Code returns the exception type name. -func (s *DataAlreadyAcceptedException) Code() string { - return "DataAlreadyAcceptedException" +func (s *InvalidParameterException) Code() string { + return "InvalidParameterException" } // Message returns the exception's message. -func (s *DataAlreadyAcceptedException) Message() string { +func (s *InvalidParameterException) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -4823,172 +14834,207 @@ func (s *DataAlreadyAcceptedException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *DataAlreadyAcceptedException) OrigErr() error { +func (s *InvalidParameterException) OrigErr() error { return nil } -func (s *DataAlreadyAcceptedException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +func (s *InvalidParameterException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. -func (s *DataAlreadyAcceptedException) StatusCode() int { +func (s *InvalidParameterException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *DataAlreadyAcceptedException) RequestID() string { +func (s *InvalidParameterException) RequestID() string { return s.RespMetadata.RequestID } -type DeleteDestinationInput struct { - _ struct{} `type:"structure"` +// The sequence token is not valid. You can get the correct sequence token in +// the expectedSequenceToken field in the InvalidSequenceTokenException message. +// +// PutLogEvents actions are now always accepted and never return InvalidSequenceTokenException +// regardless of receiving an invalid sequence token. +type InvalidSequenceTokenException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // The name of the destination. - // - // DestinationName is a required field - DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"` + ExpectedSequenceToken *string `locationName:"expectedSequenceToken" min:"1" type:"string"` + + Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s DeleteDestinationInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidSequenceTokenException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteDestinationInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidSequenceTokenException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteDestinationInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteDestinationInput"} - if s.DestinationName == nil { - invalidParams.Add(request.NewErrParamRequired("DestinationName")) - } - if s.DestinationName != nil && len(*s.DestinationName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1)) +func newErrorInvalidSequenceTokenException(v protocol.ResponseMetadata) error { + return &InvalidSequenceTokenException{ + RespMetadata: v, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *InvalidSequenceTokenException) Code() string { + return "InvalidSequenceTokenException" +} + +// Message returns the exception's message. +func (s *InvalidSequenceTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ } - return nil + return "" } -// SetDestinationName sets the DestinationName field's value. -func (s *DeleteDestinationInput) SetDestinationName(v string) *DeleteDestinationInput { - s.DestinationName = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidSequenceTokenException) OrigErr() error { + return nil } -type DeleteDestinationOutput struct { - _ struct{} `type:"structure"` +func (s *InvalidSequenceTokenException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) } -// String returns the string representation -func (s DeleteDestinationOutput) String() string { - return awsutil.Prettify(s) +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidSequenceTokenException) StatusCode() int { + return s.RespMetadata.StatusCode } -// GoString returns the string representation -func (s DeleteDestinationOutput) GoString() string { - return s.String() +// RequestID returns the service's response RequestID for request. +func (s *InvalidSequenceTokenException) RequestID() string { + return s.RespMetadata.RequestID } -type DeleteLogGroupInput struct { - _ struct{} `type:"structure"` +// You have reached the maximum number of resources that can be created. +type LimitExceededException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s DeleteLogGroupInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LimitExceededException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteLogGroupInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LimitExceededException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteLogGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteLogGroupInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) +func newErrorLimitExceededException(v protocol.ResponseMetadata) error { + return &LimitExceededException{ + RespMetadata: v, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *LimitExceededException) Code() string { + return "LimitExceededException" +} + +// Message returns the exception's message. +func (s *LimitExceededException) Message() string { + if s.Message_ != nil { + return *s.Message_ } - return nil + return "" } -// SetLogGroupName sets the LogGroupName field's value. -func (s *DeleteLogGroupInput) SetLogGroupName(v string) *DeleteLogGroupInput { - s.LogGroupName = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *LimitExceededException) OrigErr() error { + return nil } -type DeleteLogGroupOutput struct { - _ struct{} `type:"structure"` +func (s *LimitExceededException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// String returns the string representation -func (s DeleteLogGroupOutput) String() string { - return awsutil.Prettify(s) +// Status code returns the HTTP status code for the request's response error. +func (s *LimitExceededException) StatusCode() int { + return s.RespMetadata.StatusCode } -// GoString returns the string representation -func (s DeleteLogGroupOutput) GoString() string { - return s.String() +// RequestID returns the service's response RequestID for request. +func (s *LimitExceededException) RequestID() string { + return s.RespMetadata.RequestID } -type DeleteLogStreamInput struct { +type ListAnomaliesInput struct { _ struct{} `type:"structure"` - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // Use this to optionally limit the results to only the anomalies found by a + // certain anomaly detector. + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string"` - // The name of the log stream. - // - // LogStreamName is a required field - LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` + // The maximum number of items to return. If you don't specify a value, the + // default maximum value of 50 items is used. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` + + // You can specify this parameter if you want to the operation to return only + // anomalies that are currently either suppressed or unsuppressed. + SuppressionState *string `locationName:"suppressionState" type:"string" enum:"SuppressionState"` } -// String returns the string representation -func (s DeleteLogStreamInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAnomaliesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteLogStreamInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAnomaliesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteLogStreamInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteLogStreamInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) +func (s *ListAnomaliesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAnomaliesInput"} + if s.AnomalyDetectorArn != nil && len(*s.AnomalyDetectorArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AnomalyDetectorArn", 1)) } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.LogStreamName == nil { - invalidParams.Add(request.NewErrParamRequired("LogStreamName")) + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } - if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) } if invalidParams.Len() > 0 { @@ -4997,130 +15043,117 @@ func (s *DeleteLogStreamInput) Validate() error { return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *DeleteLogStreamInput) SetLogGroupName(v string) *DeleteLogStreamInput { - s.LogGroupName = &v +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *ListAnomaliesInput) SetAnomalyDetectorArn(v string) *ListAnomaliesInput { + s.AnomalyDetectorArn = &v return s } -// SetLogStreamName sets the LogStreamName field's value. -func (s *DeleteLogStreamInput) SetLogStreamName(v string) *DeleteLogStreamInput { - s.LogStreamName = &v +// SetLimit sets the Limit field's value. +func (s *ListAnomaliesInput) SetLimit(v int64) *ListAnomaliesInput { + s.Limit = &v return s } -type DeleteLogStreamOutput struct { - _ struct{} `type:"structure"` -} - -// String returns the string representation -func (s DeleteLogStreamOutput) String() string { - return awsutil.Prettify(s) +// SetNextToken sets the NextToken field's value. +func (s *ListAnomaliesInput) SetNextToken(v string) *ListAnomaliesInput { + s.NextToken = &v + return s } -// GoString returns the string representation -func (s DeleteLogStreamOutput) GoString() string { - return s.String() +// SetSuppressionState sets the SuppressionState field's value. +func (s *ListAnomaliesInput) SetSuppressionState(v string) *ListAnomaliesInput { + s.SuppressionState = &v + return s } -type DeleteMetricFilterInput struct { +type ListAnomaliesOutput struct { _ struct{} `type:"structure"` - // The name of the metric filter. - // - // FilterName is a required field - FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` + // An array of structures, where each structure contains information about one + // anomaly that a log anomaly detector has found. + Anomalies []*Anomaly `locationName:"anomalies" type:"list"` - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` } -// String returns the string representation -func (s DeleteMetricFilterInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAnomaliesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteMetricFilterInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAnomaliesOutput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteMetricFilterInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteMetricFilterInput"} - if s.FilterName == nil { - invalidParams.Add(request.NewErrParamRequired("FilterName")) - } - if s.FilterName != nil && len(*s.FilterName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetFilterName sets the FilterName field's value. -func (s *DeleteMetricFilterInput) SetFilterName(v string) *DeleteMetricFilterInput { - s.FilterName = &v +// SetAnomalies sets the Anomalies field's value. +func (s *ListAnomaliesOutput) SetAnomalies(v []*Anomaly) *ListAnomaliesOutput { + s.Anomalies = v return s } -// SetLogGroupName sets the LogGroupName field's value. -func (s *DeleteMetricFilterInput) SetLogGroupName(v string) *DeleteMetricFilterInput { - s.LogGroupName = &v +// SetNextToken sets the NextToken field's value. +func (s *ListAnomaliesOutput) SetNextToken(v string) *ListAnomaliesOutput { + s.NextToken = &v return s } -type DeleteMetricFilterOutput struct { +type ListLogAnomalyDetectorsInput struct { _ struct{} `type:"structure"` -} - -// String returns the string representation -func (s DeleteMetricFilterOutput) String() string { - return awsutil.Prettify(s) -} -// GoString returns the string representation -func (s DeleteMetricFilterOutput) GoString() string { - return s.String() -} + // Use this to optionally filter the results to only include anomaly detectors + // that are associated with the specified log group. + FilterLogGroupArn *string `locationName:"filterLogGroupArn" min:"1" type:"string"` -type DeleteQueryDefinitionInput struct { - _ struct{} `type:"structure"` + // The maximum number of items to return. If you don't specify a value, the + // default maximum value of 50 items is used. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` - // The ID of the query definition that you want to delete. You can use DescribeQueryDefinitions - // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html) - // to retrieve the IDs of your saved query definitions. - // - // QueryDefinitionId is a required field - QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string" required:"true"` + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` } -// String returns the string representation -func (s DeleteQueryDefinitionInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListLogAnomalyDetectorsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteQueryDefinitionInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListLogAnomalyDetectorsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteQueryDefinitionInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteQueryDefinitionInput"} - if s.QueryDefinitionId == nil { - invalidParams.Add(request.NewErrParamRequired("QueryDefinitionId")) +func (s *ListLogAnomalyDetectorsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListLogAnomalyDetectorsInput"} + if s.FilterLogGroupArn != nil && len(*s.FilterLogGroupArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FilterLogGroupArn", 1)) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) } if invalidParams.Len() > 0 { @@ -5129,100 +15162,108 @@ func (s *DeleteQueryDefinitionInput) Validate() error { return nil } -// SetQueryDefinitionId sets the QueryDefinitionId field's value. -func (s *DeleteQueryDefinitionInput) SetQueryDefinitionId(v string) *DeleteQueryDefinitionInput { - s.QueryDefinitionId = &v +// SetFilterLogGroupArn sets the FilterLogGroupArn field's value. +func (s *ListLogAnomalyDetectorsInput) SetFilterLogGroupArn(v string) *ListLogAnomalyDetectorsInput { + s.FilterLogGroupArn = &v return s } -type DeleteQueryDefinitionOutput struct { - _ struct{} `type:"structure"` - - // A value of TRUE indicates that the operation succeeded. FALSE indicates that - // the operation failed. - Success *bool `locationName:"success" type:"boolean"` -} - -// String returns the string representation -func (s DeleteQueryDefinitionOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s DeleteQueryDefinitionOutput) GoString() string { - return s.String() +// SetLimit sets the Limit field's value. +func (s *ListLogAnomalyDetectorsInput) SetLimit(v int64) *ListLogAnomalyDetectorsInput { + s.Limit = &v + return s } -// SetSuccess sets the Success field's value. -func (s *DeleteQueryDefinitionOutput) SetSuccess(v bool) *DeleteQueryDefinitionOutput { - s.Success = &v +// SetNextToken sets the NextToken field's value. +func (s *ListLogAnomalyDetectorsInput) SetNextToken(v string) *ListLogAnomalyDetectorsInput { + s.NextToken = &v return s } -type DeleteResourcePolicyInput struct { +type ListLogAnomalyDetectorsOutput struct { _ struct{} `type:"structure"` - // The name of the policy to be revoked. This parameter is required. - PolicyName *string `locationName:"policyName" type:"string"` + // An array of structures, where each structure in the array contains information + // about one anomaly detector. + AnomalyDetectors []*AnomalyDetector `locationName:"anomalyDetectors" type:"list"` + + // The token for the next set of items to return. The token expires after 24 + // hours. + NextToken *string `locationName:"nextToken" min:"1" type:"string"` } -// String returns the string representation -func (s DeleteResourcePolicyInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListLogAnomalyDetectorsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteResourcePolicyInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListLogAnomalyDetectorsOutput) GoString() string { return s.String() } -// SetPolicyName sets the PolicyName field's value. -func (s *DeleteResourcePolicyInput) SetPolicyName(v string) *DeleteResourcePolicyInput { - s.PolicyName = &v +// SetAnomalyDetectors sets the AnomalyDetectors field's value. +func (s *ListLogAnomalyDetectorsOutput) SetAnomalyDetectors(v []*AnomalyDetector) *ListLogAnomalyDetectorsOutput { + s.AnomalyDetectors = v return s } -type DeleteResourcePolicyOutput struct { - _ struct{} `type:"structure"` -} - -// String returns the string representation -func (s DeleteResourcePolicyOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s DeleteResourcePolicyOutput) GoString() string { - return s.String() +// SetNextToken sets the NextToken field's value. +func (s *ListLogAnomalyDetectorsOutput) SetNextToken(v string) *ListLogAnomalyDetectorsOutput { + s.NextToken = &v + return s } -type DeleteRetentionPolicyInput struct { +type ListTagsForResourceInput struct { _ struct{} `type:"structure"` - // The name of the log group. + // The ARN of the resource that you want to view tags for. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name + // + // The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name + // + // For more information about ARN format, see CloudWatch Logs resources and + // operations (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html). + // + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s DeleteRetentionPolicyInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteRetentionPolicyInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteRetentionPolicyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteRetentionPolicyInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) +func (s *ListTagsForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) } if invalidParams.Len() > 0 { @@ -5231,33 +15272,46 @@ func (s *DeleteRetentionPolicyInput) Validate() error { return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *DeleteRetentionPolicyInput) SetLogGroupName(v string) *DeleteRetentionPolicyInput { - s.LogGroupName = &v +// SetResourceArn sets the ResourceArn field's value. +func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput { + s.ResourceArn = &v return s } -type DeleteRetentionPolicyOutput struct { +type ListTagsForResourceOutput struct { _ struct{} `type:"structure"` + + // The list of tags associated with the requested resource.> + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } -// String returns the string representation -func (s DeleteRetentionPolicyOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteRetentionPolicyOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) GoString() string { return s.String() } -type DeleteSubscriptionFilterInput struct { - _ struct{} `type:"structure"` +// SetTags sets the Tags field's value. +func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForResourceOutput { + s.Tags = v + return s +} - // The name of the subscription filter. - // - // FilterName is a required field - FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` +// Deprecated: Please use the generic tagging API model ListTagsForResourceRequest and ListTagsForResourceResponse +type ListTagsLogGroupInput struct { + _ struct{} `deprecated:"true" type:"structure"` // The name of the log group. // @@ -5265,25 +15319,27 @@ type DeleteSubscriptionFilterInput struct { LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s DeleteSubscriptionFilterInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsLogGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteSubscriptionFilterInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsLogGroupInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteSubscriptionFilterInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteSubscriptionFilterInput"} - if s.FilterName == nil { - invalidParams.Add(request.NewErrParamRequired("FilterName")) - } - if s.FilterName != nil && len(*s.FilterName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) - } +func (s *ListTagsLogGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsLogGroupInput"} if s.LogGroupName == nil { invalidParams.Add(request.NewErrParamRequired("LogGroupName")) } @@ -5297,835 +15353,975 @@ func (s *DeleteSubscriptionFilterInput) Validate() error { return nil } -// SetFilterName sets the FilterName field's value. -func (s *DeleteSubscriptionFilterInput) SetFilterName(v string) *DeleteSubscriptionFilterInput { - s.FilterName = &v - return s -} - // SetLogGroupName sets the LogGroupName field's value. -func (s *DeleteSubscriptionFilterInput) SetLogGroupName(v string) *DeleteSubscriptionFilterInput { +func (s *ListTagsLogGroupInput) SetLogGroupName(v string) *ListTagsLogGroupInput { s.LogGroupName = &v return s } -type DeleteSubscriptionFilterOutput struct { - _ struct{} `type:"structure"` +// Deprecated: Please use the generic tagging API model ListTagsForResourceRequest and ListTagsForResourceResponse +type ListTagsLogGroupOutput struct { + _ struct{} `deprecated:"true" type:"structure"` + + // The tags for the log group. + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } -// String returns the string representation -func (s DeleteSubscriptionFilterOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsLogGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteSubscriptionFilterOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsLogGroupOutput) GoString() string { return s.String() } -type DescribeDestinationsInput struct { +// SetTags sets the Tags field's value. +func (s *ListTagsLogGroupOutput) SetTags(v map[string]*string) *ListTagsLogGroupOutput { + s.Tags = v + return s +} + +// This object contains the information for one log event returned in a Live +// Tail stream. +type LiveTailSessionLogEvent struct { _ struct{} `type:"structure"` - // The prefix to match. If you don't specify a value, no prefix filter is applied. - DestinationNamePrefix *string `min:"1" type:"string"` + // The timestamp specifying when this log event was ingested into the log group. + IngestionTime *int64 `locationName:"ingestionTime" type:"long"` - // The maximum number of items returned. If you don't specify a value, the default - // is up to 50 items. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` + // The name or ARN of the log group that ingested this log event. + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string"` - // The token for the next set of items to return. (You received this token from - // a previous call.) - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The name of the log stream that ingested this log event. + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"` + + // The log event message text. + Message *string `locationName:"message" min:"1" type:"string"` + + // The timestamp specifying when this log event was created. + Timestamp *int64 `locationName:"timestamp" type:"long"` } -// String returns the string representation -func (s DescribeDestinationsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionLogEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeDestinationsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionLogEvent) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeDestinationsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeDestinationsInput"} - if s.DestinationNamePrefix != nil && len(*s.DestinationNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("DestinationNamePrefix", 1)) - } - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } +// SetIngestionTime sets the IngestionTime field's value. +func (s *LiveTailSessionLogEvent) SetIngestionTime(v int64) *LiveTailSessionLogEvent { + s.IngestionTime = &v + return s +} - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *LiveTailSessionLogEvent) SetLogGroupIdentifier(v string) *LiveTailSessionLogEvent { + s.LogGroupIdentifier = &v + return s } -// SetDestinationNamePrefix sets the DestinationNamePrefix field's value. -func (s *DescribeDestinationsInput) SetDestinationNamePrefix(v string) *DescribeDestinationsInput { - s.DestinationNamePrefix = &v +// SetLogStreamName sets the LogStreamName field's value. +func (s *LiveTailSessionLogEvent) SetLogStreamName(v string) *LiveTailSessionLogEvent { + s.LogStreamName = &v return s } -// SetLimit sets the Limit field's value. -func (s *DescribeDestinationsInput) SetLimit(v int64) *DescribeDestinationsInput { - s.Limit = &v +// SetMessage sets the Message field's value. +func (s *LiveTailSessionLogEvent) SetMessage(v string) *LiveTailSessionLogEvent { + s.Message = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeDestinationsInput) SetNextToken(v string) *DescribeDestinationsInput { - s.NextToken = &v +// SetTimestamp sets the Timestamp field's value. +func (s *LiveTailSessionLogEvent) SetTimestamp(v int64) *LiveTailSessionLogEvent { + s.Timestamp = &v return s } -type DescribeDestinationsOutput struct { +// This object contains the metadata for one LiveTailSessionUpdate structure. +// It indicates whether that update includes only a sample of 500 log events +// out of a larger number of ingested log events, or if it contains all of the +// matching log events ingested during that second of time. +type LiveTailSessionMetadata struct { _ struct{} `type:"structure"` - // The destinations. - Destinations []*Destination `locationName:"destinations" type:"list"` - - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // If this is true, then more than 500 log events matched the request for this + // update, and the sessionResults includes a sample of 500 of those events. + // + // If this is false, then 500 or fewer log events matched the request for this + // update, so no sampling was necessary. In this case, the sessionResults array + // includes all log events that matched your request during this time. + Sampled *bool `locationName:"sampled" type:"boolean"` } -// String returns the string representation -func (s DescribeDestinationsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionMetadata) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeDestinationsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionMetadata) GoString() string { return s.String() } -// SetDestinations sets the Destinations field's value. -func (s *DescribeDestinationsOutput) SetDestinations(v []*Destination) *DescribeDestinationsOutput { - s.Destinations = v - return s -} - -// SetNextToken sets the NextToken field's value. -func (s *DescribeDestinationsOutput) SetNextToken(v string) *DescribeDestinationsOutput { - s.NextToken = &v +// SetSampled sets the Sampled field's value. +func (s *LiveTailSessionMetadata) SetSampled(v bool) *LiveTailSessionMetadata { + s.Sampled = &v return s } -type DescribeExportTasksInput struct { +// This object contains information about this Live Tail session, including +// the log groups included and the log stream filters, if any. +type LiveTailSessionStart struct { _ struct{} `type:"structure"` - // The maximum number of items returned. If you don't specify a value, the default - // is up to 50 items. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` - - // The token for the next set of items to return. (You received this token from - // a previous call.) - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // An optional pattern to filter the results to include only log events that + // match the pattern. For example, a filter pattern of error 404 displays only + // log events that include both error and 404. + // + // For more information about filter pattern syntax, see Filter and Pattern + // Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). + LogEventFilterPattern *string `locationName:"logEventFilterPattern" type:"string"` + + // An array of the names and ARNs of the log groups included in this Live Tail + // session. + LogGroupIdentifiers []*string `locationName:"logGroupIdentifiers" min:"1" type:"list"` + + // If your StartLiveTail operation request included a logStreamNamePrefixes + // parameter that filtered the session to only include log streams that have + // names that start with certain prefixes, these prefixes are listed here. + LogStreamNamePrefixes []*string `locationName:"logStreamNamePrefixes" min:"1" type:"list"` + + // If your StartLiveTail operation request included a logStreamNames parameter + // that filtered the session to only include certain log streams, these streams + // are listed here. + LogStreamNames []*string `locationName:"logStreamNames" min:"1" type:"list"` - // The status code of the export task. Specifying a status code filters the - // results to zero or more export tasks. - StatusCode *string `locationName:"statusCode" type:"string" enum:"ExportTaskStatusCode"` + // The unique ID generated by CloudWatch Logs to identify this Live Tail session + // request. + RequestId *string `locationName:"requestId" type:"string"` - // The ID of the export task. Specifying a task ID filters the results to zero - // or one export tasks. - TaskId *string `locationName:"taskId" min:"1" type:"string"` + // The unique ID generated by CloudWatch Logs to identify this Live Tail session. + SessionId *string `locationName:"sessionId" type:"string"` } -// String returns the string representation -func (s DescribeExportTasksInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionStart) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeExportTasksInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionStart) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeExportTasksInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeExportTasksInput"} - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } - if s.TaskId != nil && len(*s.TaskId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("TaskId", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetLimit sets the Limit field's value. -func (s *DescribeExportTasksInput) SetLimit(v int64) *DescribeExportTasksInput { - s.Limit = &v +// SetLogEventFilterPattern sets the LogEventFilterPattern field's value. +func (s *LiveTailSessionStart) SetLogEventFilterPattern(v string) *LiveTailSessionStart { + s.LogEventFilterPattern = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeExportTasksInput) SetNextToken(v string) *DescribeExportTasksInput { - s.NextToken = &v +// SetLogGroupIdentifiers sets the LogGroupIdentifiers field's value. +func (s *LiveTailSessionStart) SetLogGroupIdentifiers(v []*string) *LiveTailSessionStart { + s.LogGroupIdentifiers = v return s } -// SetStatusCode sets the StatusCode field's value. -func (s *DescribeExportTasksInput) SetStatusCode(v string) *DescribeExportTasksInput { - s.StatusCode = &v +// SetLogStreamNamePrefixes sets the LogStreamNamePrefixes field's value. +func (s *LiveTailSessionStart) SetLogStreamNamePrefixes(v []*string) *LiveTailSessionStart { + s.LogStreamNamePrefixes = v return s } -// SetTaskId sets the TaskId field's value. -func (s *DescribeExportTasksInput) SetTaskId(v string) *DescribeExportTasksInput { - s.TaskId = &v +// SetLogStreamNames sets the LogStreamNames field's value. +func (s *LiveTailSessionStart) SetLogStreamNames(v []*string) *LiveTailSessionStart { + s.LogStreamNames = v return s } -type DescribeExportTasksOutput struct { - _ struct{} `type:"structure"` - - // The export tasks. - ExportTasks []*ExportTask `locationName:"exportTasks" type:"list"` - - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` +// SetRequestId sets the RequestId field's value. +func (s *LiveTailSessionStart) SetRequestId(v string) *LiveTailSessionStart { + s.RequestId = &v + return s } -// String returns the string representation -func (s DescribeExportTasksOutput) String() string { - return awsutil.Prettify(s) +// SetSessionId sets the SessionId field's value. +func (s *LiveTailSessionStart) SetSessionId(v string) *LiveTailSessionStart { + s.SessionId = &v + return s } -// GoString returns the string representation -func (s DescribeExportTasksOutput) GoString() string { - return s.String() -} +// The LiveTailSessionStart is and event in the StartLiveTailResponseStream group of events. +func (s *LiveTailSessionStart) eventStartLiveTailResponseStream() {} -// SetExportTasks sets the ExportTasks field's value. -func (s *DescribeExportTasksOutput) SetExportTasks(v []*ExportTask) *DescribeExportTasksOutput { - s.ExportTasks = v - return s +// UnmarshalEvent unmarshals the EventStream Message into the LiveTailSessionStart value. +// This method is only used internally within the SDK's EventStream handling. +func (s *LiveTailSessionStart) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + if err := payloadUnmarshaler.UnmarshalPayload( + bytes.NewReader(msg.Payload), s, + ); err != nil { + return err + } + return nil } -// SetNextToken sets the NextToken field's value. -func (s *DescribeExportTasksOutput) SetNextToken(v string) *DescribeExportTasksOutput { - s.NextToken = &v - return s +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *LiveTailSessionStart) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err } -type DescribeLogGroupsInput struct { +// This object contains the log events and metadata for a Live Tail session. +type LiveTailSessionUpdate struct { _ struct{} `type:"structure"` - // The maximum number of items returned. If you don't specify a value, the default - // is up to 50 items. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` - - // The prefix to match. - LogGroupNamePrefix *string `locationName:"logGroupNamePrefix" min:"1" type:"string"` + // This object contains the session metadata for a Live Tail session. + SessionMetadata *LiveTailSessionMetadata `locationName:"sessionMetadata" type:"structure"` - // The token for the next set of items to return. (You received this token from - // a previous call.) - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // An array, where each member of the array includes the information for one + // log event in the Live Tail session. + // + // A sessionResults array can include as many as 500 log events. If the number + // of log events matching the request exceeds 500 per second, the log events + // are sampled down to 500 log events to be included in each sessionUpdate structure. + SessionResults []*LiveTailSessionLogEvent `locationName:"sessionResults" type:"list"` } -// String returns the string representation -func (s DescribeLogGroupsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionUpdate) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeLogGroupsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LiveTailSessionUpdate) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeLogGroupsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeLogGroupsInput"} - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.LogGroupNamePrefix != nil && len(*s.LogGroupNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupNamePrefix", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// SetSessionMetadata sets the SessionMetadata field's value. +func (s *LiveTailSessionUpdate) SetSessionMetadata(v *LiveTailSessionMetadata) *LiveTailSessionUpdate { + s.SessionMetadata = v + return s } -// SetLimit sets the Limit field's value. -func (s *DescribeLogGroupsInput) SetLimit(v int64) *DescribeLogGroupsInput { - s.Limit = &v +// SetSessionResults sets the SessionResults field's value. +func (s *LiveTailSessionUpdate) SetSessionResults(v []*LiveTailSessionLogEvent) *LiveTailSessionUpdate { + s.SessionResults = v return s } -// SetLogGroupNamePrefix sets the LogGroupNamePrefix field's value. -func (s *DescribeLogGroupsInput) SetLogGroupNamePrefix(v string) *DescribeLogGroupsInput { - s.LogGroupNamePrefix = &v - return s +// The LiveTailSessionUpdate is and event in the StartLiveTailResponseStream group of events. +func (s *LiveTailSessionUpdate) eventStartLiveTailResponseStream() {} + +// UnmarshalEvent unmarshals the EventStream Message into the LiveTailSessionUpdate value. +// This method is only used internally within the SDK's EventStream handling. +func (s *LiveTailSessionUpdate) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + if err := payloadUnmarshaler.UnmarshalPayload( + bytes.NewReader(msg.Payload), s, + ); err != nil { + return err + } + return nil } -// SetNextToken sets the NextToken field's value. -func (s *DescribeLogGroupsInput) SetNextToken(v string) *DescribeLogGroupsInput { - s.NextToken = &v - return s +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *LiveTailSessionUpdate) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err } -type DescribeLogGroupsOutput struct { +// This structure contains the information for one sample log event that is +// associated with an anomaly found by a log anomaly detector. +type LogEvent struct { _ struct{} `type:"structure"` - // The log groups. - // - // If the retentionInDays value if not included for a log group, then that log - // group is set to have its events never expire. - LogGroups []*LogGroup `locationName:"logGroups" type:"list"` + // The message content of the log event. + Message *string `locationName:"message" min:"1" type:"string"` - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The time stamp of the log event. + Timestamp *int64 `locationName:"timestamp" type:"long"` } -// String returns the string representation -func (s DescribeLogGroupsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeLogGroupsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogEvent) GoString() string { return s.String() } -// SetLogGroups sets the LogGroups field's value. -func (s *DescribeLogGroupsOutput) SetLogGroups(v []*LogGroup) *DescribeLogGroupsOutput { - s.LogGroups = v +// SetMessage sets the Message field's value. +func (s *LogEvent) SetMessage(v string) *LogEvent { + s.Message = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeLogGroupsOutput) SetNextToken(v string) *DescribeLogGroupsOutput { - s.NextToken = &v +// SetTimestamp sets the Timestamp field's value. +func (s *LogEvent) SetTimestamp(v int64) *LogEvent { + s.Timestamp = &v return s } -type DescribeLogStreamsInput struct { +// Represents a log group. +type LogGroup struct { _ struct{} `type:"structure"` - // If the value is true, results are returned in descending order. If the value - // is to false, results are returned in ascending order. The default value is - // false. - Descending *bool `locationName:"descending" type:"boolean"` + // The Amazon Resource Name (ARN) of the log group. This version of the ARN + // includes a trailing :* after the log group name. + // + // Use this version to refer to the ARN in IAM policies when specifying permissions + // for most API actions. The exception is when specifying permissions for TagResource + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html), + // UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html), + // and ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html). + // The permissions for those three actions require the ARN version that doesn't + // include a trailing :*. + Arn *string `locationName:"arn" type:"string"` - // The maximum number of items returned. If you don't specify a value, the default - // is up to 50 items. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` + // The creation time of the log group, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + CreationTime *int64 `locationName:"creationTime" type:"long"` - // The name of the log group. + // Displays whether this log group has a protection policy, or whether it had + // one in the past. For more information, see PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html). + DataProtectionStatus *string `locationName:"dataProtectionStatus" type:"string" enum:"DataProtectionStatus"` + + // Displays all the properties that this log group has inherited from account-level + // settings. + InheritedProperties []*string `locationName:"inheritedProperties" type:"list" enum:"InheritedProperty"` + + // The Amazon Resource Name (ARN) of the KMS key to use when encrypting log + // data. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + + // The Amazon Resource Name (ARN) of the log group. This version of the ARN + // doesn't include a trailing :* after the log group name. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // Use this version to refer to the ARN in the following situations: + // + // * In the logGroupIdentifier input field in many CloudWatch Logs APIs. + // + // * In the resourceArn field in tagging APIs + // + // * In IAM policies, when specifying permissions for TagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html), + // UntagResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html), + // and ListTagsForResource (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html). + LogGroupArn *string `locationName:"logGroupArn" type:"string"` - // The prefix to match. + // This specifies the log group class for this log group. There are two classes: // - // If orderBy is LastEventTime, you cannot specify this parameter. - LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"` + // * The Standard log class supports all CloudWatch Logs features. + // + // * The Infrequent Access log class supports a subset of CloudWatch Logs + // features and incurs lower costs. + // + // For details about the features supported by each class, see Log classes (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html) + LogGroupClass *string `locationName:"logGroupClass" type:"string" enum:"LogGroupClass"` - // The token for the next set of items to return. (You received this token from - // a previous call.) - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The name of the log group. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` - // If the value is LogStreamName, the results are ordered by log stream name. - // If the value is LastEventTime, the results are ordered by the event time. - // The default value is LogStreamName. - // - // If you order the results by event time, you cannot specify the logStreamNamePrefix - // parameter. + // The number of metric filters. + MetricFilterCount *int64 `locationName:"metricFilterCount" type:"integer"` + + // The number of days to retain the log events in the specified log group. Possible + // values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, + // 1096, 1827, 2192, 2557, 2922, 3288, and 3653. // - // lastEventTimeStamp represents the time of the most recent log event in the - // log stream in CloudWatch Logs. This number is expressed as the number of - // milliseconds after Jan 1, 1970 00:00:00 UTC. lastEventTimeStamp updates on - // an eventual consistency basis. It typically updates in less than an hour - // from ingestion, but in rare situations might take longer. - OrderBy *string `locationName:"orderBy" type:"string" enum:"OrderBy"` + // To set a log group so that its log events do not expire, use DeleteRetentionPolicy + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html). + RetentionInDays *int64 `locationName:"retentionInDays" type:"integer"` + + // The number of bytes stored. + StoredBytes *int64 `locationName:"storedBytes" type:"long"` } -// String returns the string representation -func (s DescribeLogStreamsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeLogStreamsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogGroup) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeLogStreamsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeLogStreamsInput"} - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } +// SetArn sets the Arn field's value. +func (s *LogGroup) SetArn(v string) *LogGroup { + s.Arn = &v + return s +} - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// SetCreationTime sets the CreationTime field's value. +func (s *LogGroup) SetCreationTime(v int64) *LogGroup { + s.CreationTime = &v + return s } -// SetDescending sets the Descending field's value. -func (s *DescribeLogStreamsInput) SetDescending(v bool) *DescribeLogStreamsInput { - s.Descending = &v +// SetDataProtectionStatus sets the DataProtectionStatus field's value. +func (s *LogGroup) SetDataProtectionStatus(v string) *LogGroup { + s.DataProtectionStatus = &v return s } -// SetLimit sets the Limit field's value. -func (s *DescribeLogStreamsInput) SetLimit(v int64) *DescribeLogStreamsInput { - s.Limit = &v +// SetInheritedProperties sets the InheritedProperties field's value. +func (s *LogGroup) SetInheritedProperties(v []*string) *LogGroup { + s.InheritedProperties = v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *LogGroup) SetKmsKeyId(v string) *LogGroup { + s.KmsKeyId = &v + return s +} + +// SetLogGroupArn sets the LogGroupArn field's value. +func (s *LogGroup) SetLogGroupArn(v string) *LogGroup { + s.LogGroupArn = &v + return s +} + +// SetLogGroupClass sets the LogGroupClass field's value. +func (s *LogGroup) SetLogGroupClass(v string) *LogGroup { + s.LogGroupClass = &v return s } // SetLogGroupName sets the LogGroupName field's value. -func (s *DescribeLogStreamsInput) SetLogGroupName(v string) *DescribeLogStreamsInput { +func (s *LogGroup) SetLogGroupName(v string) *LogGroup { s.LogGroupName = &v return s } -// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value. -func (s *DescribeLogStreamsInput) SetLogStreamNamePrefix(v string) *DescribeLogStreamsInput { - s.LogStreamNamePrefix = &v +// SetMetricFilterCount sets the MetricFilterCount field's value. +func (s *LogGroup) SetMetricFilterCount(v int64) *LogGroup { + s.MetricFilterCount = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeLogStreamsInput) SetNextToken(v string) *DescribeLogStreamsInput { - s.NextToken = &v +// SetRetentionInDays sets the RetentionInDays field's value. +func (s *LogGroup) SetRetentionInDays(v int64) *LogGroup { + s.RetentionInDays = &v return s } -// SetOrderBy sets the OrderBy field's value. -func (s *DescribeLogStreamsInput) SetOrderBy(v string) *DescribeLogStreamsInput { - s.OrderBy = &v +// SetStoredBytes sets the StoredBytes field's value. +func (s *LogGroup) SetStoredBytes(v int64) *LogGroup { + s.StoredBytes = &v return s } -type DescribeLogStreamsOutput struct { +// The fields contained in log events found by a GetLogGroupFields operation, +// along with the percentage of queried log events in which each field appears. +type LogGroupField struct { _ struct{} `type:"structure"` - // The log streams. - LogStreams []*LogStream `locationName:"logStreams" type:"list"` + // The name of a log field. + Name *string `locationName:"name" type:"string"` - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The percentage of log events queried that contained the field. + Percent *int64 `locationName:"percent" type:"integer"` } -// String returns the string representation -func (s DescribeLogStreamsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogGroupField) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeLogStreamsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogGroupField) GoString() string { return s.String() } -// SetLogStreams sets the LogStreams field's value. -func (s *DescribeLogStreamsOutput) SetLogStreams(v []*LogStream) *DescribeLogStreamsOutput { - s.LogStreams = v +// SetName sets the Name field's value. +func (s *LogGroupField) SetName(v string) *LogGroupField { + s.Name = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeLogStreamsOutput) SetNextToken(v string) *DescribeLogStreamsOutput { - s.NextToken = &v +// SetPercent sets the Percent field's value. +func (s *LogGroupField) SetPercent(v int64) *LogGroupField { + s.Percent = &v return s } -type DescribeMetricFiltersInput struct { +// Represents a log stream, which is a sequence of log events from a single +// emitter of logs. +type LogStream struct { _ struct{} `type:"structure"` - // The prefix to match. CloudWatch Logs uses the value you set here only if - // you also include the logGroupName parameter in your request. - FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"` - - // The maximum number of items returned. If you don't specify a value, the default - // is up to 50 items. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` - - // The name of the log group. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + // The Amazon Resource Name (ARN) of the log stream. + Arn *string `locationName:"arn" type:"string"` - // Filters results to include only those with the specified metric name. If - // you include this parameter in your request, you must also include the metricNamespace - // parameter. - MetricName *string `locationName:"metricName" type:"string"` + // The creation time of the stream, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + CreationTime *int64 `locationName:"creationTime" type:"long"` - // Filters results to include only those in the specified namespace. If you - // include this parameter in your request, you must also include the metricName - // parameter. - MetricNamespace *string `locationName:"metricNamespace" type:"string"` + // The time of the first event, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. + FirstEventTimestamp *int64 `locationName:"firstEventTimestamp" type:"long"` - // The token for the next set of items to return. (You received this token from - // a previous call.) - NextToken *string `locationName:"nextToken" min:"1" type:"string"` -} + // The time of the most recent log event in the log stream in CloudWatch Logs. + // This number is expressed as the number of milliseconds after Jan 1, 1970 + // 00:00:00 UTC. The lastEventTime value updates on an eventual consistency + // basis. It typically updates in less than an hour from ingestion, but in rare + // situations might take longer. + LastEventTimestamp *int64 `locationName:"lastEventTimestamp" type:"long"` -// String returns the string representation -func (s DescribeMetricFiltersInput) String() string { - return awsutil.Prettify(s) -} + // The ingestion time, expressed as the number of milliseconds after Jan 1, + // 1970 00:00:00 UTC The lastIngestionTime value updates on an eventual consistency + // basis. It typically updates in less than an hour after ingestion, but in + // rare situations might take longer. + LastIngestionTime *int64 `locationName:"lastIngestionTime" type:"long"` -// GoString returns the string representation -func (s DescribeMetricFiltersInput) GoString() string { - return s.String() -} + // The name of the log stream. + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"` -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeMetricFiltersInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeMetricFiltersInput"} - if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1)) - } - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } + // The number of bytes stored. + // + // Important: As of June 17, 2019, this parameter is no longer supported for + // log streams, and is always reported as zero. This change applies only to + // log streams. The storedBytes parameter for log groups is not affected. + // + // Deprecated: Starting on June 17, 2019, this parameter will be deprecated for log streams, and will be reported as zero. This change applies only to log streams. The storedBytes parameter for log groups is not affected. + StoredBytes *int64 `locationName:"storedBytes" deprecated:"true" type:"long"` - if invalidParams.Len() > 0 { - return invalidParams - } - return nil + // The sequence token. + // + // The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions + // are always accepted regardless of receiving an invalid sequence token. You + // don't need to obtain uploadSequenceToken to use a PutLogEvents action. + UploadSequenceToken *string `locationName:"uploadSequenceToken" min:"1" type:"string"` } -// SetFilterNamePrefix sets the FilterNamePrefix field's value. -func (s *DescribeMetricFiltersInput) SetFilterNamePrefix(v string) *DescribeMetricFiltersInput { - s.FilterNamePrefix = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogStream) String() string { + return awsutil.Prettify(s) } -// SetLimit sets the Limit field's value. -func (s *DescribeMetricFiltersInput) SetLimit(v int64) *DescribeMetricFiltersInput { - s.Limit = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogStream) GoString() string { + return s.String() } -// SetLogGroupName sets the LogGroupName field's value. -func (s *DescribeMetricFiltersInput) SetLogGroupName(v string) *DescribeMetricFiltersInput { - s.LogGroupName = &v +// SetArn sets the Arn field's value. +func (s *LogStream) SetArn(v string) *LogStream { + s.Arn = &v return s } -// SetMetricName sets the MetricName field's value. -func (s *DescribeMetricFiltersInput) SetMetricName(v string) *DescribeMetricFiltersInput { - s.MetricName = &v +// SetCreationTime sets the CreationTime field's value. +func (s *LogStream) SetCreationTime(v int64) *LogStream { + s.CreationTime = &v return s } -// SetMetricNamespace sets the MetricNamespace field's value. -func (s *DescribeMetricFiltersInput) SetMetricNamespace(v string) *DescribeMetricFiltersInput { - s.MetricNamespace = &v +// SetFirstEventTimestamp sets the FirstEventTimestamp field's value. +func (s *LogStream) SetFirstEventTimestamp(v int64) *LogStream { + s.FirstEventTimestamp = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeMetricFiltersInput) SetNextToken(v string) *DescribeMetricFiltersInput { - s.NextToken = &v +// SetLastEventTimestamp sets the LastEventTimestamp field's value. +func (s *LogStream) SetLastEventTimestamp(v int64) *LogStream { + s.LastEventTimestamp = &v return s } -type DescribeMetricFiltersOutput struct { - _ struct{} `type:"structure"` - - // The metric filters. - MetricFilters []*MetricFilter `locationName:"metricFilters" type:"list"` - - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` -} - -// String returns the string representation -func (s DescribeMetricFiltersOutput) String() string { - return awsutil.Prettify(s) +// SetLastIngestionTime sets the LastIngestionTime field's value. +func (s *LogStream) SetLastIngestionTime(v int64) *LogStream { + s.LastIngestionTime = &v + return s } -// GoString returns the string representation -func (s DescribeMetricFiltersOutput) GoString() string { - return s.String() +// SetLogStreamName sets the LogStreamName field's value. +func (s *LogStream) SetLogStreamName(v string) *LogStream { + s.LogStreamName = &v + return s } -// SetMetricFilters sets the MetricFilters field's value. -func (s *DescribeMetricFiltersOutput) SetMetricFilters(v []*MetricFilter) *DescribeMetricFiltersOutput { - s.MetricFilters = v +// SetStoredBytes sets the StoredBytes field's value. +func (s *LogStream) SetStoredBytes(v int64) *LogStream { + s.StoredBytes = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeMetricFiltersOutput) SetNextToken(v string) *DescribeMetricFiltersOutput { - s.NextToken = &v +// SetUploadSequenceToken sets the UploadSequenceToken field's value. +func (s *LogStream) SetUploadSequenceToken(v string) *LogStream { + s.UploadSequenceToken = &v return s } -type DescribeQueriesInput struct { - _ struct{} `type:"structure"` - - // Limits the returned queries to only those for the specified log group. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` - - // Limits the number of returned queries to the specified number. - MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` +// The query string is not valid. Details about this error are displayed in +// a QueryCompileError object. For more information, see QueryCompileError (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_QueryCompileError.html). +// +// For more information about valid query syntax, see CloudWatch Logs Insights +// Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). +type MalformedQueryException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + Message_ *string `locationName:"message" type:"string"` - // Limits the returned queries to only those that have the specified status. - // Valid values are Cancelled, Complete, Failed, Running, and Scheduled. - Status *string `locationName:"status" type:"string" enum:"QueryStatus"` + // Reserved. + QueryCompileError *QueryCompileError `locationName:"queryCompileError" type:"structure"` } -// String returns the string representation -func (s DescribeQueriesInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MalformedQueryException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeQueriesInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MalformedQueryException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeQueriesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeQueriesInput"} - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.MaxResults != nil && *s.MaxResults < 1 { - invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams +func newErrorMalformedQueryException(v protocol.ResponseMetadata) error { + return &MalformedQueryException{ + RespMetadata: v, } - return nil -} - -// SetLogGroupName sets the LogGroupName field's value. -func (s *DescribeQueriesInput) SetLogGroupName(v string) *DescribeQueriesInput { - s.LogGroupName = &v - return s } -// SetMaxResults sets the MaxResults field's value. -func (s *DescribeQueriesInput) SetMaxResults(v int64) *DescribeQueriesInput { - s.MaxResults = &v - return s +// Code returns the exception type name. +func (s *MalformedQueryException) Code() string { + return "MalformedQueryException" } -// SetNextToken sets the NextToken field's value. -func (s *DescribeQueriesInput) SetNextToken(v string) *DescribeQueriesInput { - s.NextToken = &v - return s +// Message returns the exception's message. +func (s *MalformedQueryException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// SetStatus sets the Status field's value. -func (s *DescribeQueriesInput) SetStatus(v string) *DescribeQueriesInput { - s.Status = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *MalformedQueryException) OrigErr() error { + return nil } -type DescribeQueriesOutput struct { - _ struct{} `type:"structure"` - - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` - - // The list of queries that match the request. - Queries []*QueryInfo `locationName:"queries" type:"list"` +func (s *MalformedQueryException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) } -// String returns the string representation -func (s DescribeQueriesOutput) String() string { - return awsutil.Prettify(s) +// Status code returns the HTTP status code for the request's response error. +func (s *MalformedQueryException) StatusCode() int { + return s.RespMetadata.StatusCode } -// GoString returns the string representation -func (s DescribeQueriesOutput) GoString() string { - return s.String() +// RequestID returns the service's response RequestID for request. +func (s *MalformedQueryException) RequestID() string { + return s.RespMetadata.RequestID } -// SetNextToken sets the NextToken field's value. -func (s *DescribeQueriesOutput) SetNextToken(v string) *DescribeQueriesOutput { - s.NextToken = &v - return s -} +// Metric filters express how CloudWatch Logs would extract metric observations +// from ingested log events and transform them into metric data in a CloudWatch +// metric. +type MetricFilter struct { + _ struct{} `type:"structure"` -// SetQueries sets the Queries field's value. -func (s *DescribeQueriesOutput) SetQueries(v []*QueryInfo) *DescribeQueriesOutput { - s.Queries = v - return s -} + // The creation time of the metric filter, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + CreationTime *int64 `locationName:"creationTime" type:"long"` -type DescribeQueryDefinitionsInput struct { - _ struct{} `type:"structure"` + // The name of the metric filter. + FilterName *string `locationName:"filterName" min:"1" type:"string"` - // Limits the number of returned query definitions to the specified number. - MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` + // A symbolic description of how CloudWatch Logs should interpret the data in + // each log event. For example, a log event can contain timestamps, IP addresses, + // strings, and so on. You use the filter pattern to specify what to look for + // in the log event message. + FilterPattern *string `locationName:"filterPattern" type:"string"` - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The name of the log group. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` - // Use this parameter to filter your results to only the query definitions that - // have names that start with the prefix you specify. - QueryDefinitionNamePrefix *string `locationName:"queryDefinitionNamePrefix" min:"1" type:"string"` + // The metric transformations. + MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list"` } -// String returns the string representation -func (s DescribeQueryDefinitionsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeQueryDefinitionsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricFilter) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeQueryDefinitionsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeQueryDefinitionsInput"} - if s.MaxResults != nil && *s.MaxResults < 1 { - invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } - if s.QueryDefinitionNamePrefix != nil && len(*s.QueryDefinitionNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("QueryDefinitionNamePrefix", 1)) - } +// SetCreationTime sets the CreationTime field's value. +func (s *MetricFilter) SetCreationTime(v int64) *MetricFilter { + s.CreationTime = &v + return s +} - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// SetFilterName sets the FilterName field's value. +func (s *MetricFilter) SetFilterName(v string) *MetricFilter { + s.FilterName = &v + return s } -// SetMaxResults sets the MaxResults field's value. -func (s *DescribeQueryDefinitionsInput) SetMaxResults(v int64) *DescribeQueryDefinitionsInput { - s.MaxResults = &v +// SetFilterPattern sets the FilterPattern field's value. +func (s *MetricFilter) SetFilterPattern(v string) *MetricFilter { + s.FilterPattern = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeQueryDefinitionsInput) SetNextToken(v string) *DescribeQueryDefinitionsInput { - s.NextToken = &v +// SetLogGroupName sets the LogGroupName field's value. +func (s *MetricFilter) SetLogGroupName(v string) *MetricFilter { + s.LogGroupName = &v return s } -// SetQueryDefinitionNamePrefix sets the QueryDefinitionNamePrefix field's value. -func (s *DescribeQueryDefinitionsInput) SetQueryDefinitionNamePrefix(v string) *DescribeQueryDefinitionsInput { - s.QueryDefinitionNamePrefix = &v +// SetMetricTransformations sets the MetricTransformations field's value. +func (s *MetricFilter) SetMetricTransformations(v []*MetricTransformation) *MetricFilter { + s.MetricTransformations = v return s } -type DescribeQueryDefinitionsOutput struct { +// Represents a matched event. +type MetricFilterMatchRecord struct { _ struct{} `type:"structure"` - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The raw event data. + EventMessage *string `locationName:"eventMessage" min:"1" type:"string"` - // The list of query definitions that match your request. - QueryDefinitions []*QueryDefinition `locationName:"queryDefinitions" type:"list"` + // The event number. + EventNumber *int64 `locationName:"eventNumber" type:"long"` + + // The values extracted from the event data by the filter. + ExtractedValues map[string]*string `locationName:"extractedValues" type:"map"` } -// String returns the string representation -func (s DescribeQueryDefinitionsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricFilterMatchRecord) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeQueryDefinitionsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricFilterMatchRecord) GoString() string { return s.String() } -// SetNextToken sets the NextToken field's value. -func (s *DescribeQueryDefinitionsOutput) SetNextToken(v string) *DescribeQueryDefinitionsOutput { - s.NextToken = &v +// SetEventMessage sets the EventMessage field's value. +func (s *MetricFilterMatchRecord) SetEventMessage(v string) *MetricFilterMatchRecord { + s.EventMessage = &v return s } -// SetQueryDefinitions sets the QueryDefinitions field's value. -func (s *DescribeQueryDefinitionsOutput) SetQueryDefinitions(v []*QueryDefinition) *DescribeQueryDefinitionsOutput { - s.QueryDefinitions = v +// SetEventNumber sets the EventNumber field's value. +func (s *MetricFilterMatchRecord) SetEventNumber(v int64) *MetricFilterMatchRecord { + s.EventNumber = &v return s } -type DescribeResourcePoliciesInput struct { +// SetExtractedValues sets the ExtractedValues field's value. +func (s *MetricFilterMatchRecord) SetExtractedValues(v map[string]*string) *MetricFilterMatchRecord { + s.ExtractedValues = v + return s +} + +// Indicates how to transform ingested log events to metric data in a CloudWatch +// metric. +type MetricTransformation struct { _ struct{} `type:"structure"` - // The maximum number of resource policies to be displayed with one call of - // this API. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` + // (Optional) The value to emit when a filter pattern does not match a log event. + // This value can be null. + DefaultValue *float64 `locationName:"defaultValue" type:"double"` - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The fields to use as dimensions for the metric. One metric filter can include + // as many as three dimensions. + // + // Metrics extracted from log events are charged as custom metrics. To prevent + // unexpected high charges, do not specify high-cardinality fields such as IPAddress + // or requestID as dimensions. Each different value found for a dimension is + // treated as a separate metric and accrues charges as a separate custom metric. + // + // CloudWatch Logs disables a metric filter if it generates 1000 different name/value + // pairs for your specified dimensions within a certain amount of time. This + // helps to prevent accidental high charges. + // + // You can also set up a billing alarm to alert you if your charges are higher + // than expected. For more information, see Creating a Billing Alarm to Monitor + // Your Estimated Amazon Web Services Charges (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html). + Dimensions map[string]*string `locationName:"dimensions" type:"map"` + + // The name of the CloudWatch metric. + // + // MetricName is a required field + MetricName *string `locationName:"metricName" type:"string" required:"true"` + + // A custom namespace to contain your metric in CloudWatch. Use namespaces to + // group together metrics that are similar. For more information, see Namespaces + // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Namespace). + // + // MetricNamespace is a required field + MetricNamespace *string `locationName:"metricNamespace" type:"string" required:"true"` + + // The value to publish to the CloudWatch metric when a filter pattern matches + // a log event. + // + // MetricValue is a required field + MetricValue *string `locationName:"metricValue" type:"string" required:"true"` + + // The unit to assign to the metric. If you omit this, the unit is set as None. + Unit *string `locationName:"unit" type:"string" enum:"StandardUnit"` } -// String returns the string representation -func (s DescribeResourcePoliciesInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricTransformation) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeResourcePoliciesInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricTransformation) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeResourcePoliciesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeResourcePoliciesInput"} - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) +func (s *MetricTransformation) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MetricTransformation"} + if s.MetricName == nil { + invalidParams.Add(request.NewErrParamRequired("MetricName")) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + if s.MetricNamespace == nil { + invalidParams.Add(request.NewErrParamRequired("MetricNamespace")) + } + if s.MetricValue == nil { + invalidParams.Add(request.NewErrParamRequired("MetricValue")) } if invalidParams.Len() > 0 { @@ -6134,262 +16330,383 @@ func (s *DescribeResourcePoliciesInput) Validate() error { return nil } -// SetLimit sets the Limit field's value. -func (s *DescribeResourcePoliciesInput) SetLimit(v int64) *DescribeResourcePoliciesInput { - s.Limit = &v +// SetDefaultValue sets the DefaultValue field's value. +func (s *MetricTransformation) SetDefaultValue(v float64) *MetricTransformation { + s.DefaultValue = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeResourcePoliciesInput) SetNextToken(v string) *DescribeResourcePoliciesInput { - s.NextToken = &v +// SetDimensions sets the Dimensions field's value. +func (s *MetricTransformation) SetDimensions(v map[string]*string) *MetricTransformation { + s.Dimensions = v return s } -type DescribeResourcePoliciesOutput struct { - _ struct{} `type:"structure"` - - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` - - // The resource policies that exist in this account. - ResourcePolicies []*ResourcePolicy `locationName:"resourcePolicies" type:"list"` -} - -// String returns the string representation -func (s DescribeResourcePoliciesOutput) String() string { - return awsutil.Prettify(s) +// SetMetricName sets the MetricName field's value. +func (s *MetricTransformation) SetMetricName(v string) *MetricTransformation { + s.MetricName = &v + return s } -// GoString returns the string representation -func (s DescribeResourcePoliciesOutput) GoString() string { - return s.String() +// SetMetricNamespace sets the MetricNamespace field's value. +func (s *MetricTransformation) SetMetricNamespace(v string) *MetricTransformation { + s.MetricNamespace = &v + return s } -// SetNextToken sets the NextToken field's value. -func (s *DescribeResourcePoliciesOutput) SetNextToken(v string) *DescribeResourcePoliciesOutput { - s.NextToken = &v +// SetMetricValue sets the MetricValue field's value. +func (s *MetricTransformation) SetMetricValue(v string) *MetricTransformation { + s.MetricValue = &v return s } -// SetResourcePolicies sets the ResourcePolicies field's value. -func (s *DescribeResourcePoliciesOutput) SetResourcePolicies(v []*ResourcePolicy) *DescribeResourcePoliciesOutput { - s.ResourcePolicies = v +// SetUnit sets the Unit field's value. +func (s *MetricTransformation) SetUnit(v string) *MetricTransformation { + s.Unit = &v return s } -type DescribeSubscriptionFiltersInput struct { - _ struct{} `type:"structure"` - - // The prefix to match. If you don't specify a value, no prefix filter is applied. - FilterNamePrefix *string `locationName:"filterNamePrefix" min:"1" type:"string"` - - // The maximum number of items returned. If you don't specify a value, the default - // is up to 50 items. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` - - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` +// Multiple concurrent requests to update the same resource were in conflict. +type OperationAbortedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // The token for the next set of items to return. (You received this token from - // a previous call.) - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s DescribeSubscriptionFiltersInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OperationAbortedException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeSubscriptionFiltersInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OperationAbortedException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeSubscriptionFiltersInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeSubscriptionFiltersInput"} - if s.FilterNamePrefix != nil && len(*s.FilterNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("FilterNamePrefix", 1)) - } - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) +func newErrorOperationAbortedException(v protocol.ResponseMetadata) error { + return &OperationAbortedException{ + RespMetadata: v, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *OperationAbortedException) Code() string { + return "OperationAbortedException" +} + +// Message returns the exception's message. +func (s *OperationAbortedException) Message() string { + if s.Message_ != nil { + return *s.Message_ } - return nil + return "" } -// SetFilterNamePrefix sets the FilterNamePrefix field's value. -func (s *DescribeSubscriptionFiltersInput) SetFilterNamePrefix(v string) *DescribeSubscriptionFiltersInput { - s.FilterNamePrefix = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *OperationAbortedException) OrigErr() error { + return nil } -// SetLimit sets the Limit field's value. -func (s *DescribeSubscriptionFiltersInput) SetLimit(v int64) *DescribeSubscriptionFiltersInput { - s.Limit = &v - return s +func (s *OperationAbortedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetLogGroupName sets the LogGroupName field's value. -func (s *DescribeSubscriptionFiltersInput) SetLogGroupName(v string) *DescribeSubscriptionFiltersInput { - s.LogGroupName = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *OperationAbortedException) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetNextToken sets the NextToken field's value. -func (s *DescribeSubscriptionFiltersInput) SetNextToken(v string) *DescribeSubscriptionFiltersInput { - s.NextToken = &v - return s +// RequestID returns the service's response RequestID for request. +func (s *OperationAbortedException) RequestID() string { + return s.RespMetadata.RequestID } -type DescribeSubscriptionFiltersOutput struct { +// Represents a log event. +type OutputLogEvent struct { _ struct{} `type:"structure"` - // The token for the next set of items to return. The token expires after 24 - // hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The time the event was ingested, expressed as the number of milliseconds + // after Jan 1, 1970 00:00:00 UTC. + IngestionTime *int64 `locationName:"ingestionTime" type:"long"` - // The subscription filters. - SubscriptionFilters []*SubscriptionFilter `locationName:"subscriptionFilters" type:"list"` + // The data contained in the log event. + Message *string `locationName:"message" min:"1" type:"string"` + + // The time the event occurred, expressed as the number of milliseconds after + // Jan 1, 1970 00:00:00 UTC. + Timestamp *int64 `locationName:"timestamp" type:"long"` } -// String returns the string representation -func (s DescribeSubscriptionFiltersOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OutputLogEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeSubscriptionFiltersOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OutputLogEvent) GoString() string { return s.String() } -// SetNextToken sets the NextToken field's value. -func (s *DescribeSubscriptionFiltersOutput) SetNextToken(v string) *DescribeSubscriptionFiltersOutput { - s.NextToken = &v +// SetIngestionTime sets the IngestionTime field's value. +func (s *OutputLogEvent) SetIngestionTime(v int64) *OutputLogEvent { + s.IngestionTime = &v return s } -// SetSubscriptionFilters sets the SubscriptionFilters field's value. -func (s *DescribeSubscriptionFiltersOutput) SetSubscriptionFilters(v []*SubscriptionFilter) *DescribeSubscriptionFiltersOutput { - s.SubscriptionFilters = v +// SetMessage sets the Message field's value. +func (s *OutputLogEvent) SetMessage(v string) *OutputLogEvent { + s.Message = &v return s } -// Represents a cross-account destination that receives subscription log events. -type Destination struct { - _ struct{} `type:"structure"` - - // An IAM policy document that governs which AWS accounts can create subscription - // filters against this destination. - AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string"` +// SetTimestamp sets the Timestamp field's value. +func (s *OutputLogEvent) SetTimestamp(v int64) *OutputLogEvent { + s.Timestamp = &v + return s +} - // The ARN of this destination. - Arn *string `locationName:"arn" type:"string"` +// A tructures that contains information about one pattern token related to +// an anomaly. +// +// For more information about patterns and tokens, see CreateLogAnomalyDetector +// (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html). +type PatternToken struct { + _ struct{} `type:"structure"` - // The creation time of the destination, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - CreationTime *int64 `locationName:"creationTime" type:"long"` + // For a dynamic token, this indicates where in the pattern that this token + // appears, related to other dynamic tokens. The dynamic token that appears + // first has a value of 1, the one that appears second is 2, and so on. + DynamicTokenPosition *int64 `locationName:"dynamicTokenPosition" type:"integer"` - // The name of the destination. - DestinationName *string `locationName:"destinationName" min:"1" type:"string"` + // Contains the values found for a dynamic token, and the number of times each + // value was found. + Enumerations map[string]*int64 `locationName:"enumerations" type:"map"` - // A role for impersonation, used when delivering log events to the target. - RoleArn *string `locationName:"roleArn" min:"1" type:"string"` + // Specifies whether this is a dynamic token. + IsDynamic *bool `locationName:"isDynamic" type:"boolean"` - // The Amazon Resource Name (ARN) of the physical target where the log events - // are delivered (for example, a Kinesis stream). - TargetArn *string `locationName:"targetArn" min:"1" type:"string"` + // The string represented by this token. If this is a dynamic token, the value + // will be <*> + TokenString *string `locationName:"tokenString" min:"1" type:"string"` } -// String returns the string representation -func (s Destination) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PatternToken) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s Destination) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PatternToken) GoString() string { return s.String() } -// SetAccessPolicy sets the AccessPolicy field's value. -func (s *Destination) SetAccessPolicy(v string) *Destination { - s.AccessPolicy = &v +// SetDynamicTokenPosition sets the DynamicTokenPosition field's value. +func (s *PatternToken) SetDynamicTokenPosition(v int64) *PatternToken { + s.DynamicTokenPosition = &v return s } -// SetArn sets the Arn field's value. -func (s *Destination) SetArn(v string) *Destination { - s.Arn = &v +// SetEnumerations sets the Enumerations field's value. +func (s *PatternToken) SetEnumerations(v map[string]*int64) *PatternToken { + s.Enumerations = v return s } -// SetCreationTime sets the CreationTime field's value. -func (s *Destination) SetCreationTime(v int64) *Destination { - s.CreationTime = &v +// SetIsDynamic sets the IsDynamic field's value. +func (s *PatternToken) SetIsDynamic(v bool) *PatternToken { + s.IsDynamic = &v return s } -// SetDestinationName sets the DestinationName field's value. -func (s *Destination) SetDestinationName(v string) *Destination { - s.DestinationName = &v +// SetTokenString sets the TokenString field's value. +func (s *PatternToken) SetTokenString(v string) *PatternToken { + s.TokenString = &v return s } -// SetRoleArn sets the RoleArn field's value. -func (s *Destination) SetRoleArn(v string) *Destination { - s.RoleArn = &v - return s +// A structure that contains information about one delivery destination policy. +type Policy struct { + _ struct{} `type:"structure"` + + // The contents of the delivery destination policy. + DeliveryDestinationPolicy *string `locationName:"deliveryDestinationPolicy" min:"1" type:"string"` } -// SetTargetArn sets the TargetArn field's value. -func (s *Destination) SetTargetArn(v string) *Destination { - s.TargetArn = &v +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Policy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Policy) GoString() string { + return s.String() +} + +// SetDeliveryDestinationPolicy sets the DeliveryDestinationPolicy field's value. +func (s *Policy) SetDeliveryDestinationPolicy(v string) *Policy { + s.DeliveryDestinationPolicy = &v return s } -type DisassociateKmsKeyInput struct { +type PutAccountPolicyInput struct { _ struct{} `type:"structure"` - // The name of the log group. + // Specify the policy, in JSON. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // Data protection policy + // + // A data protection policy must include two JSON blocks: + // + // * The first block must include both a DataIdentifer array and an Operation + // property with an Audit action. The DataIdentifer array lists the types + // of sensitive data that you want to mask. For more information about the + // available options, see Types of data that you can mask (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html). + // The Operation property with an Audit action is required to find the sensitive + // data terms. This Audit action must contain a FindingsDestination object. + // You can optionally use that FindingsDestination object to list one or + // more destinations to send audit findings to. If you specify destinations + // such as log groups, Firehose streams, and S3 buckets, they must already + // exist. + // + // * The second block must include both a DataIdentifer array and an Operation + // property with an Deidentify action. The DataIdentifer array must exactly + // match the DataIdentifer array in the first block of the policy. The Operation + // property with the Deidentify action is what actually masks the data, and + // it must contain the "MaskConfig": {} object. The "MaskConfig": {} object + // must be empty. + // + // For an example data protection policy, see the Examples section on this page. + // + // The contents of the two DataIdentifer arrays must match exactly. + // + // In addition to the two JSON blocks, the policyDocument can also include Name, + // Description, and Version fields. The Name is different than the operation's + // policyName parameter, and is used as a dimension when CloudWatch Logs reports + // audit findings metrics to CloudWatch. + // + // The JSON specified in policyDocument can be up to 30,720 characters long. + // + // Subscription filter policy + // + // A subscription filter policy can include the following attributes in a JSON + // block: + // + // * DestinationArn The ARN of the destination to deliver log events to. + // Supported destinations are: An Kinesis Data Streams data stream in the + // same account as the subscription policy, for same-account delivery. An + // Firehose data stream in the same account as the subscription policy, for + // same-account delivery. A Lambda function in the same account as the subscription + // policy, for same-account delivery. A logical destination in a different + // account created with PutDestination (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html), + // for cross-account delivery. Kinesis Data Streams and Firehose are supported + // as logical destinations. + // + // * RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions + // to deliver ingested log events to the destination stream. You don't need + // to provide the ARN when you are working with a logical destination for + // cross-account delivery. + // + // * FilterPattern A filter pattern for subscribing to a filtered stream + // of log events. + // + // * DistributionThe method used to distribute log data to the destination. + // By default, log data is grouped by log stream, but the grouping can be + // set to Random for a more even distribution. This property is only applicable + // when the destination is an Kinesis Data Streams data stream. + // + // PolicyDocument is a required field + PolicyDocument *string `locationName:"policyDocument" type:"string" required:"true"` + + // A name for the policy. This must be unique within the account. + // + // PolicyName is a required field + PolicyName *string `locationName:"policyName" type:"string" required:"true"` + + // The type of policy that you're creating or updating. + // + // PolicyType is a required field + PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` + + // Currently the only valid value for this parameter is ALL, which specifies + // that the data protection policy applies to all log groups in the account. + // If you omit this parameter, the default of ALL is used. + Scope *string `locationName:"scope" type:"string" enum:"Scope"` + + // Use this parameter to apply the subscription filter policy to a subset of + // log groups in the account. Currently, the only supported filter is LogGroupName + // NOT IN []. The selectionCriteria string can be up to 25KB in length. The + // length is determined by using its UTF-8 bytes. + // + // Using the selectionCriteria parameter is useful to help prevent infinite + // loops. For more information, see Log recursion prevention (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions-recursion-prevention.html). + // + // Specifing selectionCriteria is valid only when you specify SUBSCRIPTION_FILTER_POLICY + // for policyType. + SelectionCriteria *string `locationName:"selectionCriteria" type:"string"` } -// String returns the string representation -func (s DisassociateKmsKeyInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DisassociateKmsKeyInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DisassociateKmsKeyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DisassociateKmsKeyInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) +func (s *PutAccountPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutAccountPolicyInput"} + if s.PolicyDocument == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyDocument")) } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + if s.PolicyName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyName")) + } + if s.PolicyType == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyType")) } if invalidParams.Len() > 0 { @@ -6398,284 +16715,271 @@ func (s *DisassociateKmsKeyInput) Validate() error { return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *DisassociateKmsKeyInput) SetLogGroupName(v string) *DisassociateKmsKeyInput { - s.LogGroupName = &v +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *PutAccountPolicyInput) SetPolicyDocument(v string) *PutAccountPolicyInput { + s.PolicyDocument = &v return s } -type DisassociateKmsKeyOutput struct { - _ struct{} `type:"structure"` -} - -// String returns the string representation -func (s DisassociateKmsKeyOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s DisassociateKmsKeyOutput) GoString() string { - return s.String() -} - -// Represents an export task. -type ExportTask struct { - _ struct{} `type:"structure"` - - // The name of the S3 bucket to which the log data was exported. - Destination *string `locationName:"destination" min:"1" type:"string"` - - // The prefix that was used as the start of Amazon S3 key for every object exported. - DestinationPrefix *string `locationName:"destinationPrefix" type:"string"` - - // Execution information about the export task. - ExecutionInfo *ExportTaskExecutionInfo `locationName:"executionInfo" type:"structure"` - - // The start time, expressed as the number of milliseconds after Jan 1, 1970 - // 00:00:00 UTC. Events with a timestamp before this time are not exported. - From *int64 `locationName:"from" type:"long"` - - // The name of the log group from which logs data was exported. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` - - // The status of the export task. - Status *ExportTaskStatus `locationName:"status" type:"structure"` - - // The ID of the export task. - TaskId *string `locationName:"taskId" min:"1" type:"string"` - - // The name of the export task. - TaskName *string `locationName:"taskName" min:"1" type:"string"` - - // The end time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 - // UTC. Events with a timestamp later than this time are not exported. - To *int64 `locationName:"to" type:"long"` -} - -// String returns the string representation -func (s ExportTask) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s ExportTask) GoString() string { - return s.String() -} - -// SetDestination sets the Destination field's value. -func (s *ExportTask) SetDestination(v string) *ExportTask { - s.Destination = &v +// SetPolicyName sets the PolicyName field's value. +func (s *PutAccountPolicyInput) SetPolicyName(v string) *PutAccountPolicyInput { + s.PolicyName = &v return s } -// SetDestinationPrefix sets the DestinationPrefix field's value. -func (s *ExportTask) SetDestinationPrefix(v string) *ExportTask { - s.DestinationPrefix = &v +// SetPolicyType sets the PolicyType field's value. +func (s *PutAccountPolicyInput) SetPolicyType(v string) *PutAccountPolicyInput { + s.PolicyType = &v return s } -// SetExecutionInfo sets the ExecutionInfo field's value. -func (s *ExportTask) SetExecutionInfo(v *ExportTaskExecutionInfo) *ExportTask { - s.ExecutionInfo = v +// SetScope sets the Scope field's value. +func (s *PutAccountPolicyInput) SetScope(v string) *PutAccountPolicyInput { + s.Scope = &v return s } -// SetFrom sets the From field's value. -func (s *ExportTask) SetFrom(v int64) *ExportTask { - s.From = &v +// SetSelectionCriteria sets the SelectionCriteria field's value. +func (s *PutAccountPolicyInput) SetSelectionCriteria(v string) *PutAccountPolicyInput { + s.SelectionCriteria = &v return s } -// SetLogGroupName sets the LogGroupName field's value. -func (s *ExportTask) SetLogGroupName(v string) *ExportTask { - s.LogGroupName = &v - return s -} +type PutAccountPolicyOutput struct { + _ struct{} `type:"structure"` -// SetStatus sets the Status field's value. -func (s *ExportTask) SetStatus(v *ExportTaskStatus) *ExportTask { - s.Status = v - return s + // The account policy that you created. + AccountPolicy *AccountPolicy `locationName:"accountPolicy" type:"structure"` } -// SetTaskId sets the TaskId field's value. -func (s *ExportTask) SetTaskId(v string) *ExportTask { - s.TaskId = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyOutput) String() string { + return awsutil.Prettify(s) } -// SetTaskName sets the TaskName field's value. -func (s *ExportTask) SetTaskName(v string) *ExportTask { - s.TaskName = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutAccountPolicyOutput) GoString() string { + return s.String() } -// SetTo sets the To field's value. -func (s *ExportTask) SetTo(v int64) *ExportTask { - s.To = &v +// SetAccountPolicy sets the AccountPolicy field's value. +func (s *PutAccountPolicyOutput) SetAccountPolicy(v *AccountPolicy) *PutAccountPolicyOutput { + s.AccountPolicy = v return s } -// Represents the status of an export task. -type ExportTaskExecutionInfo struct { +type PutDataProtectionPolicyInput struct { _ struct{} `type:"structure"` - // The completion time of the export task, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - CompletionTime *int64 `locationName:"completionTime" type:"long"` + // Specify either the log group name or log group ARN. + // + // LogGroupIdentifier is a required field + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string" required:"true"` - // The creation time of the export task, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - CreationTime *int64 `locationName:"creationTime" type:"long"` + // Specify the data protection policy, in JSON. + // + // This policy must include two JSON blocks: + // + // * The first block must include both a DataIdentifer array and an Operation + // property with an Audit action. The DataIdentifer array lists the types + // of sensitive data that you want to mask. For more information about the + // available options, see Types of data that you can mask (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html). + // The Operation property with an Audit action is required to find the sensitive + // data terms. This Audit action must contain a FindingsDestination object. + // You can optionally use that FindingsDestination object to list one or + // more destinations to send audit findings to. If you specify destinations + // such as log groups, Firehose streams, and S3 buckets, they must already + // exist. + // + // * The second block must include both a DataIdentifer array and an Operation + // property with an Deidentify action. The DataIdentifer array must exactly + // match the DataIdentifer array in the first block of the policy. The Operation + // property with the Deidentify action is what actually masks the data, and + // it must contain the "MaskConfig": {} object. The "MaskConfig": {} object + // must be empty. + // + // For an example data protection policy, see the Examples section on this page. + // + // The contents of the two DataIdentifer arrays must match exactly. + // + // In addition to the two JSON blocks, the policyDocument can also include Name, + // Description, and Version fields. The Name is used as a dimension when CloudWatch + // Logs reports audit findings metrics to CloudWatch. + // + // The JSON specified in policyDocument can be up to 30,720 characters. + // + // PolicyDocument is a required field + PolicyDocument *string `locationName:"policyDocument" type:"string" required:"true"` } -// String returns the string representation -func (s ExportTaskExecutionInfo) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDataProtectionPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ExportTaskExecutionInfo) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDataProtectionPolicyInput) GoString() string { return s.String() } -// SetCompletionTime sets the CompletionTime field's value. -func (s *ExportTaskExecutionInfo) SetCompletionTime(v int64) *ExportTaskExecutionInfo { - s.CompletionTime = &v +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutDataProtectionPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutDataProtectionPolicyInput"} + if s.LogGroupIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupIdentifier")) + } + if s.LogGroupIdentifier != nil && len(*s.LogGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifier", 1)) + } + if s.PolicyDocument == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyDocument")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *PutDataProtectionPolicyInput) SetLogGroupIdentifier(v string) *PutDataProtectionPolicyInput { + s.LogGroupIdentifier = &v return s } -// SetCreationTime sets the CreationTime field's value. -func (s *ExportTaskExecutionInfo) SetCreationTime(v int64) *ExportTaskExecutionInfo { - s.CreationTime = &v +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *PutDataProtectionPolicyInput) SetPolicyDocument(v string) *PutDataProtectionPolicyInput { + s.PolicyDocument = &v return s } -// Represents the status of an export task. -type ExportTaskStatus struct { +type PutDataProtectionPolicyOutput struct { _ struct{} `type:"structure"` - // The status code of the export task. - Code *string `locationName:"code" type:"string" enum:"ExportTaskStatusCode"` + // The date and time that this policy was most recently updated. + LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"` - // The status message related to the status code. - Message *string `locationName:"message" type:"string"` + // The log group name or ARN that you specified in your request. + LogGroupIdentifier *string `locationName:"logGroupIdentifier" min:"1" type:"string"` + + // The data protection policy used for this log group. + PolicyDocument *string `locationName:"policyDocument" type:"string"` } -// String returns the string representation -func (s ExportTaskStatus) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDataProtectionPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ExportTaskStatus) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDataProtectionPolicyOutput) GoString() string { return s.String() } -// SetCode sets the Code field's value. -func (s *ExportTaskStatus) SetCode(v string) *ExportTaskStatus { - s.Code = &v +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *PutDataProtectionPolicyOutput) SetLastUpdatedTime(v int64) *PutDataProtectionPolicyOutput { + s.LastUpdatedTime = &v return s } -// SetMessage sets the Message field's value. -func (s *ExportTaskStatus) SetMessage(v string) *ExportTaskStatus { - s.Message = &v +// SetLogGroupIdentifier sets the LogGroupIdentifier field's value. +func (s *PutDataProtectionPolicyOutput) SetLogGroupIdentifier(v string) *PutDataProtectionPolicyOutput { + s.LogGroupIdentifier = &v return s } -type FilterLogEventsInput struct { - _ struct{} `type:"structure"` - - // The end of the time range, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time are - // not returned. - EndTime *int64 `locationName:"endTime" type:"long"` - - // The filter pattern to use. For more information, see Filter and Pattern Syntax - // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). - // - // If not provided, all the events are matched. - FilterPattern *string `locationName:"filterPattern" type:"string"` - - // If the value is true, the operation makes a best effort to provide responses - // that contain events from multiple log streams within the log group, interleaved - // in a single response. If the value is false, all the matched log events in - // the first log stream are searched first, then those in the next log stream, - // and so on. The default is false. - // - // Important: Starting on June 17, 2019, this parameter is ignored and the value - // is assumed to be true. The response from this operation always interleaves - // events from multiple log streams within a log group. - // - // Deprecated: Starting on June 17, 2019, this parameter will be ignored and the value will be assumed to be true. The response from this operation will always interleave events from multiple log streams within a log group. - Interleaved *bool `locationName:"interleaved" deprecated:"true" type:"boolean"` - - // The maximum number of events to return. The default is 10,000 events. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *PutDataProtectionPolicyOutput) SetPolicyDocument(v string) *PutDataProtectionPolicyOutput { + s.PolicyDocument = &v + return s +} - // The name of the log group to search. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` +type PutDeliveryDestinationInput struct { + _ struct{} `type:"structure"` - // Filters the results to include only events from log streams that have names - // starting with this prefix. + // A structure that contains the ARN of the Amazon Web Services resource that + // will receive the logs. // - // If you specify a value for both logStreamNamePrefix and logStreamNames, but - // the value for logStreamNamePrefix does not match any log stream names specified - // in logStreamNames, the action returns an InvalidParameterException error. - LogStreamNamePrefix *string `locationName:"logStreamNamePrefix" min:"1" type:"string"` + // DeliveryDestinationConfiguration is a required field + DeliveryDestinationConfiguration *DeliveryDestinationConfiguration `locationName:"deliveryDestinationConfiguration" type:"structure" required:"true"` - // Filters the results to only logs from the log streams in this list. + // A name for this delivery destination. This name must be unique for all delivery + // destinations in your account. // - // If you specify a value for both logStreamNamePrefix and logStreamNames, the - // action returns an InvalidParameterException error. - LogStreamNames []*string `locationName:"logStreamNames" min:"1" type:"list"` + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` - // The token for the next set of events to return. (You received this token - // from a previous call.) - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The format for the logs that this delivery destination will receive. + OutputFormat *string `locationName:"outputFormat" type:"string" enum:"OutputFormat"` - // The start of the time range, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. Events with a timestamp before this time are not - // returned. + // An optional list of key-value pairs to associate with the resource. // - // If you omit startTime and endTime the most recent log events are retrieved, - // to up 1 MB or 10,000 log events. - StartTime *int64 `locationName:"startTime" type:"long"` + // For more information about tagging, see Tagging Amazon Web Services resources + // (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } -// String returns the string representation -func (s FilterLogEventsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s FilterLogEventsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *FilterLogEventsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "FilterLogEventsInput"} - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) +func (s *PutDeliveryDestinationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutDeliveryDestinationInput"} + if s.DeliveryDestinationConfiguration == nil { + invalidParams.Add(request.NewErrParamRequired("DeliveryDestinationConfiguration")) } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) } - if s.LogStreamNamePrefix != nil && len(*s.LogStreamNamePrefix) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefix", 1)) + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } - if s.LogStreamNames != nil && len(s.LogStreamNames) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamNames", 1)) + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + if s.DeliveryDestinationConfiguration != nil { + if err := s.DeliveryDestinationConfiguration.Validate(); err != nil { + invalidParams.AddNested("DeliveryDestinationConfiguration", err.(request.ErrInvalidParams)) + } } if invalidParams.Len() > 0 { @@ -6684,241 +16988,231 @@ func (s *FilterLogEventsInput) Validate() error { return nil } -// SetEndTime sets the EndTime field's value. -func (s *FilterLogEventsInput) SetEndTime(v int64) *FilterLogEventsInput { - s.EndTime = &v +// SetDeliveryDestinationConfiguration sets the DeliveryDestinationConfiguration field's value. +func (s *PutDeliveryDestinationInput) SetDeliveryDestinationConfiguration(v *DeliveryDestinationConfiguration) *PutDeliveryDestinationInput { + s.DeliveryDestinationConfiguration = v return s } -// SetFilterPattern sets the FilterPattern field's value. -func (s *FilterLogEventsInput) SetFilterPattern(v string) *FilterLogEventsInput { - s.FilterPattern = &v +// SetName sets the Name field's value. +func (s *PutDeliveryDestinationInput) SetName(v string) *PutDeliveryDestinationInput { + s.Name = &v return s } -// SetInterleaved sets the Interleaved field's value. -func (s *FilterLogEventsInput) SetInterleaved(v bool) *FilterLogEventsInput { - s.Interleaved = &v +// SetOutputFormat sets the OutputFormat field's value. +func (s *PutDeliveryDestinationInput) SetOutputFormat(v string) *PutDeliveryDestinationInput { + s.OutputFormat = &v return s } -// SetLimit sets the Limit field's value. -func (s *FilterLogEventsInput) SetLimit(v int64) *FilterLogEventsInput { - s.Limit = &v +// SetTags sets the Tags field's value. +func (s *PutDeliveryDestinationInput) SetTags(v map[string]*string) *PutDeliveryDestinationInput { + s.Tags = v return s } -// SetLogGroupName sets the LogGroupName field's value. -func (s *FilterLogEventsInput) SetLogGroupName(v string) *FilterLogEventsInput { - s.LogGroupName = &v - return s -} +type PutDeliveryDestinationOutput struct { + _ struct{} `type:"structure"` -// SetLogStreamNamePrefix sets the LogStreamNamePrefix field's value. -func (s *FilterLogEventsInput) SetLogStreamNamePrefix(v string) *FilterLogEventsInput { - s.LogStreamNamePrefix = &v - return s + // A structure containing information about the delivery destination that you + // just created or updated. + DeliveryDestination *DeliveryDestination `locationName:"deliveryDestination" type:"structure"` } -// SetLogStreamNames sets the LogStreamNames field's value. -func (s *FilterLogEventsInput) SetLogStreamNames(v []*string) *FilterLogEventsInput { - s.LogStreamNames = v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationOutput) String() string { + return awsutil.Prettify(s) } -// SetNextToken sets the NextToken field's value. -func (s *FilterLogEventsInput) SetNextToken(v string) *FilterLogEventsInput { - s.NextToken = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationOutput) GoString() string { + return s.String() } -// SetStartTime sets the StartTime field's value. -func (s *FilterLogEventsInput) SetStartTime(v int64) *FilterLogEventsInput { - s.StartTime = &v +// SetDeliveryDestination sets the DeliveryDestination field's value. +func (s *PutDeliveryDestinationOutput) SetDeliveryDestination(v *DeliveryDestination) *PutDeliveryDestinationOutput { + s.DeliveryDestination = v return s } -type FilterLogEventsOutput struct { +type PutDeliveryDestinationPolicyInput struct { _ struct{} `type:"structure"` - // The matched events. - Events []*FilteredLogEvent `locationName:"events" type:"list"` - - // The token to use when requesting the next set of items. The token expires - // after 24 hours. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // The name of the delivery destination to assign this policy to. + // + // DeliveryDestinationName is a required field + DeliveryDestinationName *string `locationName:"deliveryDestinationName" min:"1" type:"string" required:"true"` - // IMPORTANT Starting on May 15, 2020, this parameter will be deprecated. This - // parameter will be an empty list after the deprecation occurs. + // The contents of the policy. // - // Indicates which log streams have been searched and whether each has been - // searched completely. - SearchedLogStreams []*SearchedLogStream `locationName:"searchedLogStreams" type:"list"` + // DeliveryDestinationPolicy is a required field + DeliveryDestinationPolicy *string `locationName:"deliveryDestinationPolicy" min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s FilterLogEventsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s FilterLogEventsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationPolicyInput) GoString() string { return s.String() } -// SetEvents sets the Events field's value. -func (s *FilterLogEventsOutput) SetEvents(v []*FilteredLogEvent) *FilterLogEventsOutput { - s.Events = v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutDeliveryDestinationPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutDeliveryDestinationPolicyInput"} + if s.DeliveryDestinationName == nil { + invalidParams.Add(request.NewErrParamRequired("DeliveryDestinationName")) + } + if s.DeliveryDestinationName != nil && len(*s.DeliveryDestinationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DeliveryDestinationName", 1)) + } + if s.DeliveryDestinationPolicy == nil { + invalidParams.Add(request.NewErrParamRequired("DeliveryDestinationPolicy")) + } + if s.DeliveryDestinationPolicy != nil && len(*s.DeliveryDestinationPolicy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DeliveryDestinationPolicy", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetNextToken sets the NextToken field's value. -func (s *FilterLogEventsOutput) SetNextToken(v string) *FilterLogEventsOutput { - s.NextToken = &v +// SetDeliveryDestinationName sets the DeliveryDestinationName field's value. +func (s *PutDeliveryDestinationPolicyInput) SetDeliveryDestinationName(v string) *PutDeliveryDestinationPolicyInput { + s.DeliveryDestinationName = &v return s } -// SetSearchedLogStreams sets the SearchedLogStreams field's value. -func (s *FilterLogEventsOutput) SetSearchedLogStreams(v []*SearchedLogStream) *FilterLogEventsOutput { - s.SearchedLogStreams = v +// SetDeliveryDestinationPolicy sets the DeliveryDestinationPolicy field's value. +func (s *PutDeliveryDestinationPolicyInput) SetDeliveryDestinationPolicy(v string) *PutDeliveryDestinationPolicyInput { + s.DeliveryDestinationPolicy = &v return s } -// Represents a matched event. -type FilteredLogEvent struct { +type PutDeliveryDestinationPolicyOutput struct { _ struct{} `type:"structure"` - // The ID of the event. - EventId *string `locationName:"eventId" type:"string"` - - // The time the event was ingested, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - IngestionTime *int64 `locationName:"ingestionTime" type:"long"` - - // The name of the log stream to which this event belongs. - LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"` - - // The data contained in the log event. - Message *string `locationName:"message" min:"1" type:"string"` - - // The time the event occurred, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. - Timestamp *int64 `locationName:"timestamp" type:"long"` + // The contents of the policy that you just created. + Policy *Policy `locationName:"policy" type:"structure"` } -// String returns the string representation -func (s FilteredLogEvent) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s FilteredLogEvent) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliveryDestinationPolicyOutput) GoString() string { return s.String() } -// SetEventId sets the EventId field's value. -func (s *FilteredLogEvent) SetEventId(v string) *FilteredLogEvent { - s.EventId = &v - return s -} - -// SetIngestionTime sets the IngestionTime field's value. -func (s *FilteredLogEvent) SetIngestionTime(v int64) *FilteredLogEvent { - s.IngestionTime = &v - return s -} - -// SetLogStreamName sets the LogStreamName field's value. -func (s *FilteredLogEvent) SetLogStreamName(v string) *FilteredLogEvent { - s.LogStreamName = &v - return s -} - -// SetMessage sets the Message field's value. -func (s *FilteredLogEvent) SetMessage(v string) *FilteredLogEvent { - s.Message = &v - return s -} - -// SetTimestamp sets the Timestamp field's value. -func (s *FilteredLogEvent) SetTimestamp(v int64) *FilteredLogEvent { - s.Timestamp = &v +// SetPolicy sets the Policy field's value. +func (s *PutDeliveryDestinationPolicyOutput) SetPolicy(v *Policy) *PutDeliveryDestinationPolicyOutput { + s.Policy = v return s } -type GetLogEventsInput struct { +type PutDeliverySourceInput struct { _ struct{} `type:"structure"` - // The end of the time range, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. Events with a timestamp equal to or later than - // this time are not included. - EndTime *int64 `locationName:"endTime" type:"long"` - - // The maximum number of log events returned. If you don't specify a value, - // the maximum is as many log events as can fit in a response size of 1 MB, - // up to 10,000 log events. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` - - // The name of the log group. + // Defines the type of log that the source is sending. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - - // The name of the log stream. + // * For Amazon CodeWhisperer, the valid value is EVENT_LOGS. // - // LogStreamName is a required field - LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` + // * For IAM Identity Centerr, the valid value is ERROR_LOGS. + // + // * For Amazon WorkMail, the valid values are ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, + // WORKMAIL_AVAILABILITY_PROVIDER_LOGS, and WORKMAIL_MAILBOX_ACCESS_LOGS. + // + // LogType is a required field + LogType *string `locationName:"logType" min:"1" type:"string" required:"true"` - // The token for the next set of items to return. (You received this token from - // a previous call.) + // A name for this delivery source. This name must be unique for all delivery + // sources in your account. // - // Using this token works only when you specify true for startFromHead. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` - // If the value is true, the earliest log events are returned first. If the - // value is false, the latest log events are returned first. The default value - // is false. + // The ARN of the Amazon Web Services resource that is generating and sending + // logs. For example, arn:aws:workmail:us-east-1:123456789012:organization/m-1234EXAMPLEabcd1234abcd1234abcd1234 // - // If you are using nextToken in this operation, you must specify true for startFromHead. - StartFromHead *bool `locationName:"startFromHead" type:"boolean"` + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" type:"string" required:"true"` - // The start of the time range, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. Events with a timestamp equal to this time or later - // than this time are included. Events with a timestamp earlier than this time - // are not included. - StartTime *int64 `locationName:"startTime" type:"long"` + // An optional list of key-value pairs to associate with the resource. + // + // For more information about tagging, see Tagging Amazon Web Services resources + // (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } -// String returns the string representation -func (s GetLogEventsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliverySourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetLogEventsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliverySourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetLogEventsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetLogEventsInput"} - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) +func (s *PutDeliverySourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutDeliverySourceInput"} + if s.LogType == nil { + invalidParams.Add(request.NewErrParamRequired("LogType")) } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + if s.LogType != nil && len(*s.LogType) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogType", 1)) } - if s.LogStreamName == nil { - invalidParams.Add(request.NewErrParamRequired("LogStreamName")) + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) } - if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } if invalidParams.Len() > 0 { @@ -6927,128 +17221,129 @@ func (s *GetLogEventsInput) Validate() error { return nil } -// SetEndTime sets the EndTime field's value. -func (s *GetLogEventsInput) SetEndTime(v int64) *GetLogEventsInput { - s.EndTime = &v - return s -} - -// SetLimit sets the Limit field's value. -func (s *GetLogEventsInput) SetLimit(v int64) *GetLogEventsInput { - s.Limit = &v - return s -} - -// SetLogGroupName sets the LogGroupName field's value. -func (s *GetLogEventsInput) SetLogGroupName(v string) *GetLogEventsInput { - s.LogGroupName = &v - return s -} - -// SetLogStreamName sets the LogStreamName field's value. -func (s *GetLogEventsInput) SetLogStreamName(v string) *GetLogEventsInput { - s.LogStreamName = &v +// SetLogType sets the LogType field's value. +func (s *PutDeliverySourceInput) SetLogType(v string) *PutDeliverySourceInput { + s.LogType = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *GetLogEventsInput) SetNextToken(v string) *GetLogEventsInput { - s.NextToken = &v +// SetName sets the Name field's value. +func (s *PutDeliverySourceInput) SetName(v string) *PutDeliverySourceInput { + s.Name = &v return s } -// SetStartFromHead sets the StartFromHead field's value. -func (s *GetLogEventsInput) SetStartFromHead(v bool) *GetLogEventsInput { - s.StartFromHead = &v +// SetResourceArn sets the ResourceArn field's value. +func (s *PutDeliverySourceInput) SetResourceArn(v string) *PutDeliverySourceInput { + s.ResourceArn = &v return s } -// SetStartTime sets the StartTime field's value. -func (s *GetLogEventsInput) SetStartTime(v int64) *GetLogEventsInput { - s.StartTime = &v +// SetTags sets the Tags field's value. +func (s *PutDeliverySourceInput) SetTags(v map[string]*string) *PutDeliverySourceInput { + s.Tags = v return s } -type GetLogEventsOutput struct { +type PutDeliverySourceOutput struct { _ struct{} `type:"structure"` - // The events. - Events []*OutputLogEvent `locationName:"events" type:"list"` - - // The token for the next set of items in the backward direction. The token - // expires after 24 hours. This token is never null. If you have reached the - // end of the stream, it returns the same token you passed in. - NextBackwardToken *string `locationName:"nextBackwardToken" min:"1" type:"string"` - - // The token for the next set of items in the forward direction. The token expires - // after 24 hours. If you have reached the end of the stream, it returns the - // same token you passed in. - NextForwardToken *string `locationName:"nextForwardToken" min:"1" type:"string"` + // A structure containing information about the delivery source that was just + // created or updated. + DeliverySource *DeliverySource `locationName:"deliverySource" type:"structure"` } -// String returns the string representation -func (s GetLogEventsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliverySourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetLogEventsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDeliverySourceOutput) GoString() string { return s.String() } -// SetEvents sets the Events field's value. -func (s *GetLogEventsOutput) SetEvents(v []*OutputLogEvent) *GetLogEventsOutput { - s.Events = v +// SetDeliverySource sets the DeliverySource field's value. +func (s *PutDeliverySourceOutput) SetDeliverySource(v *DeliverySource) *PutDeliverySourceOutput { + s.DeliverySource = v return s } -// SetNextBackwardToken sets the NextBackwardToken field's value. -func (s *GetLogEventsOutput) SetNextBackwardToken(v string) *GetLogEventsOutput { - s.NextBackwardToken = &v - return s -} +type PutDestinationInput struct { + _ struct{} `type:"structure"` -// SetNextForwardToken sets the NextForwardToken field's value. -func (s *GetLogEventsOutput) SetNextForwardToken(v string) *GetLogEventsOutput { - s.NextForwardToken = &v - return s -} + // A name for the destination. + // + // DestinationName is a required field + DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"` -type GetLogGroupFieldsInput struct { - _ struct{} `type:"structure"` + // The ARN of an IAM role that grants CloudWatch Logs permissions to call the + // Amazon Kinesis PutRecord operation on the destination stream. + // + // RoleArn is a required field + RoleArn *string `locationName:"roleArn" min:"1" type:"string" required:"true"` - // The name of the log group to search. + // An optional list of key-value pairs to associate with the resource. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // For more information about tagging, see Tagging Amazon Web Services resources + // (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) + Tags map[string]*string `locationName:"tags" min:"1" type:"map"` - // The time to set as the center of the query. If you specify time, the 8 minutes - // before and 8 minutes after this time are searched. If you omit time, the - // past 15 minutes are queried. + // The ARN of an Amazon Kinesis stream to which to deliver matching log events. // - // The time value is specified as epoch time, the number of seconds since January - // 1, 1970, 00:00:00 UTC. - Time *int64 `locationName:"time" type:"long"` + // TargetArn is a required field + TargetArn *string `locationName:"targetArn" min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s GetLogGroupFieldsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetLogGroupFieldsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetLogGroupFieldsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetLogGroupFieldsInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) +func (s *PutDestinationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutDestinationInput"} + if s.DestinationName == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationName")) } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + if s.DestinationName != nil && len(*s.DestinationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1)) + } + if s.RoleArn == nil { + invalidParams.Add(request.NewErrParamRequired("RoleArn")) + } + if s.RoleArn != nil && len(*s.RoleArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1)) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + if s.TargetArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetArn")) + } + if s.TargetArn != nil && len(*s.TargetArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetArn", 1)) } if invalidParams.Len() > 0 { @@ -7057,70 +17352,120 @@ func (s *GetLogGroupFieldsInput) Validate() error { return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *GetLogGroupFieldsInput) SetLogGroupName(v string) *GetLogGroupFieldsInput { - s.LogGroupName = &v +// SetDestinationName sets the DestinationName field's value. +func (s *PutDestinationInput) SetDestinationName(v string) *PutDestinationInput { + s.DestinationName = &v return s } -// SetTime sets the Time field's value. -func (s *GetLogGroupFieldsInput) SetTime(v int64) *GetLogGroupFieldsInput { - s.Time = &v +// SetRoleArn sets the RoleArn field's value. +func (s *PutDestinationInput) SetRoleArn(v string) *PutDestinationInput { + s.RoleArn = &v return s } -type GetLogGroupFieldsOutput struct { +// SetTags sets the Tags field's value. +func (s *PutDestinationInput) SetTags(v map[string]*string) *PutDestinationInput { + s.Tags = v + return s +} + +// SetTargetArn sets the TargetArn field's value. +func (s *PutDestinationInput) SetTargetArn(v string) *PutDestinationInput { + s.TargetArn = &v + return s +} + +type PutDestinationOutput struct { _ struct{} `type:"structure"` - // The array of fields found in the query. Each object in the array contains - // the name of the field, along with the percentage of time it appeared in the - // log events that were queried. - LogGroupFields []*LogGroupField `locationName:"logGroupFields" type:"list"` + // The destination. + Destination *Destination `locationName:"destination" type:"structure"` } -// String returns the string representation -func (s GetLogGroupFieldsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetLogGroupFieldsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationOutput) GoString() string { return s.String() } -// SetLogGroupFields sets the LogGroupFields field's value. -func (s *GetLogGroupFieldsOutput) SetLogGroupFields(v []*LogGroupField) *GetLogGroupFieldsOutput { - s.LogGroupFields = v +// SetDestination sets the Destination field's value. +func (s *PutDestinationOutput) SetDestination(v *Destination) *PutDestinationOutput { + s.Destination = v return s } -type GetLogRecordInput struct { +type PutDestinationPolicyInput struct { _ struct{} `type:"structure"` - // The pointer corresponding to the log event record you want to retrieve. You - // get this from the response of a GetQueryResults operation. In that response, - // the value of the @ptr field for a log event is the value to use as logRecordPointer - // to retrieve that complete log event record. + // An IAM policy document that authorizes cross-account users to deliver their + // log events to the associated destination. This can be up to 5120 bytes. // - // LogRecordPointer is a required field - LogRecordPointer *string `locationName:"logRecordPointer" type:"string" required:"true"` + // AccessPolicy is a required field + AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string" required:"true"` + + // A name for an existing destination. + // + // DestinationName is a required field + DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"` + + // Specify true if you are updating an existing destination policy to grant + // permission to an organization ID instead of granting permission to individual + // Amazon Web Services accounts. Before you update a destination policy this + // way, you must first update the subscription filters in the accounts that + // send logs to this destination. If you do not, the subscription filters might + // stop working. By specifying true for forceUpdate, you are affirming that + // you have already updated the subscription filters. For more information, + // see Updating an existing cross-account subscription (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Cross-Account-Log_Subscription-Update.html) + // + // If you omit this parameter, the default of false is used. + ForceUpdate *bool `locationName:"forceUpdate" type:"boolean"` } -// String returns the string representation -func (s GetLogRecordInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetLogRecordInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationPolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetLogRecordInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetLogRecordInput"} - if s.LogRecordPointer == nil { - invalidParams.Add(request.NewErrParamRequired("LogRecordPointer")) +func (s *PutDestinationPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutDestinationPolicyInput"} + if s.AccessPolicy == nil { + invalidParams.Add(request.NewErrParamRequired("AccessPolicy")) + } + if s.AccessPolicy != nil && len(*s.AccessPolicy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AccessPolicy", 1)) + } + if s.DestinationName == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationName")) + } + if s.DestinationName != nil && len(*s.DestinationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1)) } if invalidParams.Len() > 0 { @@ -7129,59 +17474,124 @@ func (s *GetLogRecordInput) Validate() error { return nil } -// SetLogRecordPointer sets the LogRecordPointer field's value. -func (s *GetLogRecordInput) SetLogRecordPointer(v string) *GetLogRecordInput { - s.LogRecordPointer = &v +// SetAccessPolicy sets the AccessPolicy field's value. +func (s *PutDestinationPolicyInput) SetAccessPolicy(v string) *PutDestinationPolicyInput { + s.AccessPolicy = &v return s } -type GetLogRecordOutput struct { - _ struct{} `type:"structure"` +// SetDestinationName sets the DestinationName field's value. +func (s *PutDestinationPolicyInput) SetDestinationName(v string) *PutDestinationPolicyInput { + s.DestinationName = &v + return s +} - // The requested log event, as a JSON string. - LogRecord map[string]*string `locationName:"logRecord" type:"map"` +// SetForceUpdate sets the ForceUpdate field's value. +func (s *PutDestinationPolicyInput) SetForceUpdate(v bool) *PutDestinationPolicyInput { + s.ForceUpdate = &v + return s } -// String returns the string representation -func (s GetLogRecordOutput) String() string { +type PutDestinationPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetLogRecordOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutDestinationPolicyOutput) GoString() string { return s.String() } -// SetLogRecord sets the LogRecord field's value. -func (s *GetLogRecordOutput) SetLogRecord(v map[string]*string) *GetLogRecordOutput { - s.LogRecord = v - return s -} +type PutLogEventsInput struct { + _ struct{} `type:"structure"` + + // The log events. + // + // LogEvents is a required field + LogEvents []*InputLogEvent `locationName:"logEvents" min:"1" type:"list" required:"true"` -type GetQueryResultsInput struct { - _ struct{} `type:"structure"` + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - // The ID number of the query. + // The name of the log stream. // - // QueryId is a required field - QueryId *string `locationName:"queryId" type:"string" required:"true"` + // LogStreamName is a required field + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` + + // The sequence token obtained from the response of the previous PutLogEvents + // call. + // + // The sequenceToken parameter is now ignored in PutLogEvents actions. PutLogEvents + // actions are now accepted and never return InvalidSequenceTokenException or + // DataAlreadyAcceptedException even if the sequence token is not valid. + SequenceToken *string `locationName:"sequenceToken" min:"1" type:"string"` } -// String returns the string representation -func (s GetQueryResultsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutLogEventsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetQueryResultsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutLogEventsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetQueryResultsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetQueryResultsInput"} - if s.QueryId == nil { - invalidParams.Add(request.NewErrParamRequired("QueryId")) +func (s *PutLogEventsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutLogEventsInput"} + if s.LogEvents == nil { + invalidParams.Add(request.NewErrParamRequired("LogEvents")) + } + if s.LogEvents != nil && len(s.LogEvents) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogEvents", 1)) + } + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.LogStreamName == nil { + invalidParams.Add(request.NewErrParamRequired("LogStreamName")) + } + if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) + } + if s.SequenceToken != nil && len(*s.SequenceToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SequenceToken", 1)) + } + if s.LogEvents != nil { + for i, v := range s.LogEvents { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LogEvents", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -7190,104 +17600,153 @@ func (s *GetQueryResultsInput) Validate() error { return nil } -// SetQueryId sets the QueryId field's value. -func (s *GetQueryResultsInput) SetQueryId(v string) *GetQueryResultsInput { - s.QueryId = &v +// SetLogEvents sets the LogEvents field's value. +func (s *PutLogEventsInput) SetLogEvents(v []*InputLogEvent) *PutLogEventsInput { + s.LogEvents = v return s } -type GetQueryResultsOutput struct { - _ struct{} `type:"structure"` +// SetLogGroupName sets the LogGroupName field's value. +func (s *PutLogEventsInput) SetLogGroupName(v string) *PutLogEventsInput { + s.LogGroupName = &v + return s +} - // The log events that matched the query criteria during the most recent time - // it ran. - // - // The results value is an array of arrays. Each log event is one object in - // the top-level array. Each of these log event objects is an array of field/value - // pairs. - Results [][]*ResultField `locationName:"results" type:"list"` +// SetLogStreamName sets the LogStreamName field's value. +func (s *PutLogEventsInput) SetLogStreamName(v string) *PutLogEventsInput { + s.LogStreamName = &v + return s +} - // Includes the number of log events scanned by the query, the number of log - // events that matched the query criteria, and the total number of bytes in - // the log events that were scanned. These values reflect the full raw results - // of the query. - Statistics *QueryStatistics `locationName:"statistics" type:"structure"` +// SetSequenceToken sets the SequenceToken field's value. +func (s *PutLogEventsInput) SetSequenceToken(v string) *PutLogEventsInput { + s.SequenceToken = &v + return s +} - // The status of the most recent running of the query. Possible values are Cancelled, - // Complete, Failed, Running, Scheduled, Timeout, and Unknown. +type PutLogEventsOutput struct { + _ struct{} `type:"structure"` + + // The next sequence token. // - // Queries time out after 15 minutes of execution. To avoid having your queries - // time out, reduce the time range being searched or partition your query into - // a number of queries. - Status *string `locationName:"status" type:"string" enum:"QueryStatus"` + // This field has been deprecated. + // + // The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions + // are always accepted even if the sequence token is not valid. You can use + // parallel PutLogEvents actions on the same log stream and you do not need + // to wait for the response of a previous PutLogEvents action to obtain the + // nextSequenceToken value. + NextSequenceToken *string `locationName:"nextSequenceToken" min:"1" type:"string"` + + // The rejected events. + RejectedLogEventsInfo *RejectedLogEventsInfo `locationName:"rejectedLogEventsInfo" type:"structure"` } -// String returns the string representation -func (s GetQueryResultsOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutLogEventsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s GetQueryResultsOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutLogEventsOutput) GoString() string { return s.String() } -// SetResults sets the Results field's value. -func (s *GetQueryResultsOutput) SetResults(v [][]*ResultField) *GetQueryResultsOutput { - s.Results = v - return s -} - -// SetStatistics sets the Statistics field's value. -func (s *GetQueryResultsOutput) SetStatistics(v *QueryStatistics) *GetQueryResultsOutput { - s.Statistics = v +// SetNextSequenceToken sets the NextSequenceToken field's value. +func (s *PutLogEventsOutput) SetNextSequenceToken(v string) *PutLogEventsOutput { + s.NextSequenceToken = &v return s } -// SetStatus sets the Status field's value. -func (s *GetQueryResultsOutput) SetStatus(v string) *GetQueryResultsOutput { - s.Status = &v +// SetRejectedLogEventsInfo sets the RejectedLogEventsInfo field's value. +func (s *PutLogEventsOutput) SetRejectedLogEventsInfo(v *RejectedLogEventsInfo) *PutLogEventsOutput { + s.RejectedLogEventsInfo = v return s } -// Represents a log event, which is a record of activity that was recorded by -// the application or resource being monitored. -type InputLogEvent struct { +type PutMetricFilterInput struct { _ struct{} `type:"structure"` - // The raw event message. + // A name for the metric filter. // - // Message is a required field - Message *string `locationName:"message" min:"1" type:"string" required:"true"` + // FilterName is a required field + FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` - // The time the event occurred, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. + // A filter pattern for extracting metric data out of ingested log events. // - // Timestamp is a required field - Timestamp *int64 `locationName:"timestamp" type:"long" required:"true"` + // FilterPattern is a required field + FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"` + + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + + // A collection of information that defines how metric data gets emitted. + // + // MetricTransformations is a required field + MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list" required:"true"` } -// String returns the string representation -func (s InputLogEvent) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricFilterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s InputLogEvent) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricFilterInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *InputLogEvent) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "InputLogEvent"} - if s.Message == nil { - invalidParams.Add(request.NewErrParamRequired("Message")) +func (s *PutMetricFilterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutMetricFilterInput"} + if s.FilterName == nil { + invalidParams.Add(request.NewErrParamRequired("FilterName")) } - if s.Message != nil && len(*s.Message) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Message", 1)) + if s.FilterName != nil && len(*s.FilterName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) } - if s.Timestamp == nil { - invalidParams.Add(request.NewErrParamRequired("Timestamp")) + if s.FilterPattern == nil { + invalidParams.Add(request.NewErrParamRequired("FilterPattern")) + } + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.MetricTransformations == nil { + invalidParams.Add(request.NewErrParamRequired("MetricTransformations")) + } + if s.MetricTransformations != nil && len(s.MetricTransformations) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MetricTransformations", 1)) + } + if s.MetricTransformations != nil { + for i, v := range s.MetricTransformations { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricTransformations", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -7296,273 +17755,348 @@ func (s *InputLogEvent) Validate() error { return nil } -// SetMessage sets the Message field's value. -func (s *InputLogEvent) SetMessage(v string) *InputLogEvent { - s.Message = &v - return s -} - -// SetTimestamp sets the Timestamp field's value. -func (s *InputLogEvent) SetTimestamp(v int64) *InputLogEvent { - s.Timestamp = &v +// SetFilterName sets the FilterName field's value. +func (s *PutMetricFilterInput) SetFilterName(v string) *PutMetricFilterInput { + s.FilterName = &v return s } -// The operation is not valid on the specified resource. -type InvalidOperationException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - - Message_ *string `locationName:"message" type:"string"` -} - -// String returns the string representation -func (s InvalidOperationException) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s InvalidOperationException) GoString() string { - return s.String() -} - -func newErrorInvalidOperationException(v protocol.ResponseMetadata) error { - return &InvalidOperationException{ - RespMetadata: v, - } -} - -// Code returns the exception type name. -func (s *InvalidOperationException) Code() string { - return "InvalidOperationException" -} - -// Message returns the exception's message. -func (s *InvalidOperationException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" -} - -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *InvalidOperationException) OrigErr() error { - return nil -} - -func (s *InvalidOperationException) Error() string { - return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +// SetFilterPattern sets the FilterPattern field's value. +func (s *PutMetricFilterInput) SetFilterPattern(v string) *PutMetricFilterInput { + s.FilterPattern = &v + return s } -// Status code returns the HTTP status code for the request's response error. -func (s *InvalidOperationException) StatusCode() int { - return s.RespMetadata.StatusCode +// SetLogGroupName sets the LogGroupName field's value. +func (s *PutMetricFilterInput) SetLogGroupName(v string) *PutMetricFilterInput { + s.LogGroupName = &v + return s } -// RequestID returns the service's response RequestID for request. -func (s *InvalidOperationException) RequestID() string { - return s.RespMetadata.RequestID +// SetMetricTransformations sets the MetricTransformations field's value. +func (s *PutMetricFilterInput) SetMetricTransformations(v []*MetricTransformation) *PutMetricFilterInput { + s.MetricTransformations = v + return s } -// A parameter is specified incorrectly. -type InvalidParameterException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - - Message_ *string `locationName:"message" type:"string"` +type PutMetricFilterOutput struct { + _ struct{} `type:"structure"` } -// String returns the string representation -func (s InvalidParameterException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricFilterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s InvalidParameterException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutMetricFilterOutput) GoString() string { return s.String() } -func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { - return &InvalidParameterException{ - RespMetadata: v, - } -} +type PutQueryDefinitionInput struct { + _ struct{} `type:"structure"` -// Code returns the exception type name. -func (s *InvalidParameterException) Code() string { - return "InvalidParameterException" -} + // Used as an idempotency token, to avoid returning an exception if the service + // receives the same request twice because of a network error. + ClientToken *string `locationName:"clientToken" min:"36" type:"string" idempotencyToken:"true"` -// Message returns the exception's message. -func (s *InvalidParameterException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" -} + // Use this parameter to include specific log groups as part of your query definition. + // + // If you are updating a query definition and you omit this parameter, then + // the updated definition will contain no log groups. + LogGroupNames []*string `locationName:"logGroupNames" type:"list"` -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *InvalidParameterException) OrigErr() error { - return nil -} + // A name for the query definition. If you are saving numerous query definitions, + // we recommend that you name them. This way, you can find the ones you want + // by using the first part of the name as a filter in the queryDefinitionNamePrefix + // parameter of DescribeQueryDefinitions (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html). + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` -func (s *InvalidParameterException) Error() string { - return fmt.Sprintf("%s: %s", s.Code(), s.Message()) -} + // If you are updating a query definition, use this parameter to specify the + // ID of the query definition that you want to update. You can use DescribeQueryDefinitions + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html) + // to retrieve the IDs of your saved query definitions. + // + // If you are creating a query definition, do not specify this parameter. CloudWatch + // generates a unique ID for the new query definition and include it in the + // response to this operation. + QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string"` -// Status code returns the HTTP status code for the request's response error. -func (s *InvalidParameterException) StatusCode() int { - return s.RespMetadata.StatusCode + // The query string to use for this definition. For more information, see CloudWatch + // Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). + // + // QueryString is a required field + QueryString *string `locationName:"queryString" min:"1" type:"string" required:"true"` } -// RequestID returns the service's response RequestID for request. -func (s *InvalidParameterException) RequestID() string { - return s.RespMetadata.RequestID +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutQueryDefinitionInput) String() string { + return awsutil.Prettify(s) } -// The sequence token is not valid. You can get the correct sequence token in -// the expectedSequenceToken field in the InvalidSequenceTokenException message. -type InvalidSequenceTokenException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutQueryDefinitionInput) GoString() string { + return s.String() +} - ExpectedSequenceToken *string `locationName:"expectedSequenceToken" min:"1" type:"string"` +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutQueryDefinitionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutQueryDefinitionInput"} + if s.ClientToken != nil && len(*s.ClientToken) < 36 { + invalidParams.Add(request.NewErrParamMinLen("ClientToken", 36)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.QueryString == nil { + invalidParams.Add(request.NewErrParamRequired("QueryString")) + } + if s.QueryString != nil && len(*s.QueryString) < 1 { + invalidParams.Add(request.NewErrParamMinLen("QueryString", 1)) + } - Message_ *string `locationName:"message" type:"string"` + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// String returns the string representation -func (s InvalidSequenceTokenException) String() string { - return awsutil.Prettify(s) +// SetClientToken sets the ClientToken field's value. +func (s *PutQueryDefinitionInput) SetClientToken(v string) *PutQueryDefinitionInput { + s.ClientToken = &v + return s } -// GoString returns the string representation -func (s InvalidSequenceTokenException) GoString() string { - return s.String() +// SetLogGroupNames sets the LogGroupNames field's value. +func (s *PutQueryDefinitionInput) SetLogGroupNames(v []*string) *PutQueryDefinitionInput { + s.LogGroupNames = v + return s } -func newErrorInvalidSequenceTokenException(v protocol.ResponseMetadata) error { - return &InvalidSequenceTokenException{ - RespMetadata: v, - } +// SetName sets the Name field's value. +func (s *PutQueryDefinitionInput) SetName(v string) *PutQueryDefinitionInput { + s.Name = &v + return s } -// Code returns the exception type name. -func (s *InvalidSequenceTokenException) Code() string { - return "InvalidSequenceTokenException" +// SetQueryDefinitionId sets the QueryDefinitionId field's value. +func (s *PutQueryDefinitionInput) SetQueryDefinitionId(v string) *PutQueryDefinitionInput { + s.QueryDefinitionId = &v + return s } -// Message returns the exception's message. -func (s *InvalidSequenceTokenException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +// SetQueryString sets the QueryString field's value. +func (s *PutQueryDefinitionInput) SetQueryString(v string) *PutQueryDefinitionInput { + s.QueryString = &v + return s } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *InvalidSequenceTokenException) OrigErr() error { - return nil +type PutQueryDefinitionOutput struct { + _ struct{} `type:"structure"` + + // The ID of the query definition. + QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string"` } -func (s *InvalidSequenceTokenException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutQueryDefinitionOutput) String() string { + return awsutil.Prettify(s) } -// Status code returns the HTTP status code for the request's response error. -func (s *InvalidSequenceTokenException) StatusCode() int { - return s.RespMetadata.StatusCode +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutQueryDefinitionOutput) GoString() string { + return s.String() } -// RequestID returns the service's response RequestID for request. -func (s *InvalidSequenceTokenException) RequestID() string { - return s.RespMetadata.RequestID +// SetQueryDefinitionId sets the QueryDefinitionId field's value. +func (s *PutQueryDefinitionOutput) SetQueryDefinitionId(v string) *PutQueryDefinitionOutput { + s.QueryDefinitionId = &v + return s } -// You have reached the maximum number of resources that can be created. -type LimitExceededException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` +type PutResourcePolicyInput struct { + _ struct{} `type:"structure"` - Message_ *string `locationName:"message" type:"string"` + // Details of the new policy, including the identity of the principal that is + // enabled to put logs to this account. This is formatted as a JSON string. + // This parameter is required. + // + // The following example creates a resource policy enabling the Route 53 service + // to put DNS query logs in to the specified log group. Replace "logArn" with + // the ARN of your CloudWatch Logs resource, such as a log group or log stream. + // + // CloudWatch Logs also supports aws:SourceArn (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) + // and aws:SourceAccount (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) + // condition context keys. + // + // In the example resource policy, you would replace the value of SourceArn + // with the resource making the call from Route 53 to CloudWatch Logs. You would + // also replace the value of SourceAccount with the Amazon Web Services account + // ID making that call. + // + // { "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", + // "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] + // }, "Action": "logs:PutLogEvents", "Resource": "logArn", "Condition": { "ArnLike": + // { "aws:SourceArn": "myRoute53ResourceArn" }, "StringEquals": { "aws:SourceAccount": + // "myAwsAccountId" } } } ] } + PolicyDocument *string `locationName:"policyDocument" min:"1" type:"string"` + + // Name of the new policy. This parameter is required. + PolicyName *string `locationName:"policyName" type:"string"` } -// String returns the string representation -func (s LimitExceededException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s LimitExceededException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyInput) GoString() string { return s.String() } -func newErrorLimitExceededException(v protocol.ResponseMetadata) error { - return &LimitExceededException{ - RespMetadata: v, +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} + if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams } + return nil } -// Code returns the exception type name. -func (s *LimitExceededException) Code() string { - return "LimitExceededException" +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *PutResourcePolicyInput) SetPolicyDocument(v string) *PutResourcePolicyInput { + s.PolicyDocument = &v + return s } -// Message returns the exception's message. -func (s *LimitExceededException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +// SetPolicyName sets the PolicyName field's value. +func (s *PutResourcePolicyInput) SetPolicyName(v string) *PutResourcePolicyInput { + s.PolicyName = &v + return s } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *LimitExceededException) OrigErr() error { - return nil +type PutResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // The new policy. + ResourcePolicy *ResourcePolicy `locationName:"resourcePolicy" type:"structure"` } -func (s *LimitExceededException) Error() string { - return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyOutput) String() string { + return awsutil.Prettify(s) } -// Status code returns the HTTP status code for the request's response error. -func (s *LimitExceededException) StatusCode() int { - return s.RespMetadata.StatusCode +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyOutput) GoString() string { + return s.String() } -// RequestID returns the service's response RequestID for request. -func (s *LimitExceededException) RequestID() string { - return s.RespMetadata.RequestID +// SetResourcePolicy sets the ResourcePolicy field's value. +func (s *PutResourcePolicyOutput) SetResourcePolicy(v *ResourcePolicy) *PutResourcePolicyOutput { + s.ResourcePolicy = v + return s } -type ListTagsLogGroupInput struct { +type PutRetentionPolicyInput struct { _ struct{} `type:"structure"` // The name of the log group. // // LogGroupName is a required field LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + + // The number of days to retain the log events in the specified log group. Possible + // values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, + // 1096, 1827, 2192, 2557, 2922, 3288, and 3653. + // + // To set a log group so that its log events do not expire, use DeleteRetentionPolicy + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html). + // + // RetentionInDays is a required field + RetentionInDays *int64 `locationName:"retentionInDays" type:"integer" required:"true"` } -// String returns the string representation -func (s ListTagsLogGroupInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutRetentionPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListTagsLogGroupInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutRetentionPolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ListTagsLogGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListTagsLogGroupInput"} +func (s *PutRetentionPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutRetentionPolicyInput"} if s.LogGroupName == nil { invalidParams.Add(request.NewErrParamRequired("LogGroupName")) } if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) } + if s.RetentionInDays == nil { + invalidParams.Add(request.NewErrParamRequired("RetentionInDays")) + } if invalidParams.Len() > 0 { return invalidParams @@ -7571,536 +18105,632 @@ func (s *ListTagsLogGroupInput) Validate() error { } // SetLogGroupName sets the LogGroupName field's value. -func (s *ListTagsLogGroupInput) SetLogGroupName(v string) *ListTagsLogGroupInput { +func (s *PutRetentionPolicyInput) SetLogGroupName(v string) *PutRetentionPolicyInput { s.LogGroupName = &v return s } -type ListTagsLogGroupOutput struct { - _ struct{} `type:"structure"` +// SetRetentionInDays sets the RetentionInDays field's value. +func (s *PutRetentionPolicyInput) SetRetentionInDays(v int64) *PutRetentionPolicyInput { + s.RetentionInDays = &v + return s +} - // The tags for the log group. - Tags map[string]*string `locationName:"tags" min:"1" type:"map"` +type PutRetentionPolicyOutput struct { + _ struct{} `type:"structure"` } -// String returns the string representation -func (s ListTagsLogGroupOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutRetentionPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListTagsLogGroupOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutRetentionPolicyOutput) GoString() string { return s.String() } -// SetTags sets the Tags field's value. -func (s *ListTagsLogGroupOutput) SetTags(v map[string]*string) *ListTagsLogGroupOutput { - s.Tags = v - return s -} - -// Represents a log group. -type LogGroup struct { +type PutSubscriptionFilterInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the log group. - Arn *string `locationName:"arn" type:"string"` - - // The creation time of the log group, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - CreationTime *int64 `locationName:"creationTime" type:"long"` + // The ARN of the destination to deliver matching log events to. Currently, + // the supported destinations are: + // + // * An Amazon Kinesis stream belonging to the same account as the subscription + // filter, for same-account delivery. + // + // * A logical destination (specified using an ARN) belonging to a different + // account, for cross-account delivery. If you're setting up a cross-account + // subscription, the destination must have an IAM policy associated with + // it. The IAM policy must allow the sender to send logs to the destination. + // For more information, see PutDestinationPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestinationPolicy.html). + // + // * A Kinesis Data Firehose delivery stream belonging to the same account + // as the subscription filter, for same-account delivery. + // + // * A Lambda function belonging to the same account as the subscription + // filter, for same-account delivery. + // + // DestinationArn is a required field + DestinationArn *string `locationName:"destinationArn" min:"1" type:"string" required:"true"` - // The Amazon Resource Name (ARN) of the CMK to use when encrypting log data. - KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + // The method used to distribute log data to the destination. By default, log + // data is grouped by log stream, but the grouping can be set to random for + // a more even distribution. This property is only applicable when the destination + // is an Amazon Kinesis data stream. + Distribution *string `locationName:"distribution" type:"string" enum:"Distribution"` - // The name of the log group. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + // A name for the subscription filter. If you are updating an existing filter, + // you must specify the correct name in filterName. To find the name of the + // filter currently associated with a log group, use DescribeSubscriptionFilters + // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeSubscriptionFilters.html). + // + // FilterName is a required field + FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` - // The number of metric filters. - MetricFilterCount *int64 `locationName:"metricFilterCount" type:"integer"` + // A filter pattern for subscribing to a filtered stream of log events. + // + // FilterPattern is a required field + FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"` - // The number of days to retain the log events in the specified log group. Possible - // values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, - // 1827, and 3653. + // The name of the log group. // - // If you omit retentionInDays in a PutRetentionPolicy operation, the events - // in the log group are always retained and never expire. - RetentionInDays *int64 `locationName:"retentionInDays" type:"integer"` + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - // The number of bytes stored. - StoredBytes *int64 `locationName:"storedBytes" type:"long"` + // The ARN of an IAM role that grants CloudWatch Logs permissions to deliver + // ingested log events to the destination stream. You don't need to provide + // the ARN when you are working with a logical destination for cross-account + // delivery. + RoleArn *string `locationName:"roleArn" min:"1" type:"string"` } -// String returns the string representation -func (s LogGroup) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSubscriptionFilterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s LogGroup) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSubscriptionFilterInput) GoString() string { return s.String() } -// SetArn sets the Arn field's value. -func (s *LogGroup) SetArn(v string) *LogGroup { - s.Arn = &v +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutSubscriptionFilterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutSubscriptionFilterInput"} + if s.DestinationArn == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationArn")) + } + if s.DestinationArn != nil && len(*s.DestinationArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DestinationArn", 1)) + } + if s.FilterName == nil { + invalidParams.Add(request.NewErrParamRequired("FilterName")) + } + if s.FilterName != nil && len(*s.FilterName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) + } + if s.FilterPattern == nil { + invalidParams.Add(request.NewErrParamRequired("FilterPattern")) + } + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.RoleArn != nil && len(*s.RoleArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestinationArn sets the DestinationArn field's value. +func (s *PutSubscriptionFilterInput) SetDestinationArn(v string) *PutSubscriptionFilterInput { + s.DestinationArn = &v return s } -// SetCreationTime sets the CreationTime field's value. -func (s *LogGroup) SetCreationTime(v int64) *LogGroup { - s.CreationTime = &v +// SetDistribution sets the Distribution field's value. +func (s *PutSubscriptionFilterInput) SetDistribution(v string) *PutSubscriptionFilterInput { + s.Distribution = &v return s } -// SetKmsKeyId sets the KmsKeyId field's value. -func (s *LogGroup) SetKmsKeyId(v string) *LogGroup { - s.KmsKeyId = &v +// SetFilterName sets the FilterName field's value. +func (s *PutSubscriptionFilterInput) SetFilterName(v string) *PutSubscriptionFilterInput { + s.FilterName = &v + return s +} + +// SetFilterPattern sets the FilterPattern field's value. +func (s *PutSubscriptionFilterInput) SetFilterPattern(v string) *PutSubscriptionFilterInput { + s.FilterPattern = &v return s } // SetLogGroupName sets the LogGroupName field's value. -func (s *LogGroup) SetLogGroupName(v string) *LogGroup { +func (s *PutSubscriptionFilterInput) SetLogGroupName(v string) *PutSubscriptionFilterInput { s.LogGroupName = &v return s } -// SetMetricFilterCount sets the MetricFilterCount field's value. -func (s *LogGroup) SetMetricFilterCount(v int64) *LogGroup { - s.MetricFilterCount = &v +// SetRoleArn sets the RoleArn field's value. +func (s *PutSubscriptionFilterInput) SetRoleArn(v string) *PutSubscriptionFilterInput { + s.RoleArn = &v return s } -// SetRetentionInDays sets the RetentionInDays field's value. -func (s *LogGroup) SetRetentionInDays(v int64) *LogGroup { - s.RetentionInDays = &v - return s +type PutSubscriptionFilterOutput struct { + _ struct{} `type:"structure"` } -// SetStoredBytes sets the StoredBytes field's value. -func (s *LogGroup) SetStoredBytes(v int64) *LogGroup { - s.StoredBytes = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSubscriptionFilterOutput) String() string { + return awsutil.Prettify(s) } -// The fields contained in log events found by a GetLogGroupFields operation, -// along with the percentage of queried log events in which each field appears. -type LogGroupField struct { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSubscriptionFilterOutput) GoString() string { + return s.String() +} + +// Reserved. +type QueryCompileError struct { _ struct{} `type:"structure"` - // The name of a log field. - Name *string `locationName:"name" type:"string"` + // Reserved. + Location *QueryCompileErrorLocation `locationName:"location" type:"structure"` - // The percentage of log events queried that contained the field. - Percent *int64 `locationName:"percent" type:"integer"` + // Reserved. + Message *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s LogGroupField) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryCompileError) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s LogGroupField) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryCompileError) GoString() string { return s.String() } -// SetName sets the Name field's value. -func (s *LogGroupField) SetName(v string) *LogGroupField { - s.Name = &v +// SetLocation sets the Location field's value. +func (s *QueryCompileError) SetLocation(v *QueryCompileErrorLocation) *QueryCompileError { + s.Location = v return s } -// SetPercent sets the Percent field's value. -func (s *LogGroupField) SetPercent(v int64) *LogGroupField { - s.Percent = &v +// SetMessage sets the Message field's value. +func (s *QueryCompileError) SetMessage(v string) *QueryCompileError { + s.Message = &v + return s +} + +// Reserved. +type QueryCompileErrorLocation struct { + _ struct{} `type:"structure"` + + // Reserved. + EndCharOffset *int64 `locationName:"endCharOffset" type:"integer"` + + // Reserved. + StartCharOffset *int64 `locationName:"startCharOffset" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryCompileErrorLocation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryCompileErrorLocation) GoString() string { + return s.String() +} + +// SetEndCharOffset sets the EndCharOffset field's value. +func (s *QueryCompileErrorLocation) SetEndCharOffset(v int64) *QueryCompileErrorLocation { + s.EndCharOffset = &v + return s +} + +// SetStartCharOffset sets the StartCharOffset field's value. +func (s *QueryCompileErrorLocation) SetStartCharOffset(v int64) *QueryCompileErrorLocation { + s.StartCharOffset = &v return s } -// Represents a log stream, which is a sequence of log events from a single -// emitter of logs. -type LogStream struct { +// This structure contains details about a saved CloudWatch Logs Insights query +// definition. +type QueryDefinition struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the log stream. - Arn *string `locationName:"arn" type:"string"` - - // The creation time of the stream, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - CreationTime *int64 `locationName:"creationTime" type:"long"` - - // The time of the first event, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. - FirstEventTimestamp *int64 `locationName:"firstEventTimestamp" type:"long"` - - // The time of the most recent log event in the log stream in CloudWatch Logs. - // This number is expressed as the number of milliseconds after Jan 1, 1970 - // 00:00:00 UTC. The lastEventTime value updates on an eventual consistency - // basis. It typically updates in less than an hour from ingestion, but in rare - // situations might take longer. - LastEventTimestamp *int64 `locationName:"lastEventTimestamp" type:"long"` + // The date that the query definition was most recently modified. + LastModified *int64 `locationName:"lastModified" type:"long"` - // The ingestion time, expressed as the number of milliseconds after Jan 1, - // 1970 00:00:00 UTC. - LastIngestionTime *int64 `locationName:"lastIngestionTime" type:"long"` + // If this query definition contains a list of log groups that it is limited + // to, that list appears here. + LogGroupNames []*string `locationName:"logGroupNames" type:"list"` - // The name of the log stream. - LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"` + // The name of the query definition. + Name *string `locationName:"name" min:"1" type:"string"` - // The number of bytes stored. - // - // Important: On June 17, 2019, this parameter was deprecated for log streams, - // and is always reported as zero. This change applies only to log streams. - // The storedBytes parameter for log groups is not affected. - // - // Deprecated: Starting on June 17, 2019, this parameter will be deprecated for log streams, and will be reported as zero. This change applies only to log streams. The storedBytes parameter for log groups is not affected. - StoredBytes *int64 `locationName:"storedBytes" deprecated:"true" type:"long"` + // The unique ID of the query definition. + QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string"` - // The sequence token. - UploadSequenceToken *string `locationName:"uploadSequenceToken" min:"1" type:"string"` + // The query string to use for this definition. For more information, see CloudWatch + // Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). + QueryString *string `locationName:"queryString" min:"1" type:"string"` } -// String returns the string representation -func (s LogStream) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryDefinition) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s LogStream) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryDefinition) GoString() string { return s.String() } -// SetArn sets the Arn field's value. -func (s *LogStream) SetArn(v string) *LogStream { - s.Arn = &v +// SetLastModified sets the LastModified field's value. +func (s *QueryDefinition) SetLastModified(v int64) *QueryDefinition { + s.LastModified = &v return s } -// SetCreationTime sets the CreationTime field's value. -func (s *LogStream) SetCreationTime(v int64) *LogStream { - s.CreationTime = &v +// SetLogGroupNames sets the LogGroupNames field's value. +func (s *QueryDefinition) SetLogGroupNames(v []*string) *QueryDefinition { + s.LogGroupNames = v return s } -// SetFirstEventTimestamp sets the FirstEventTimestamp field's value. -func (s *LogStream) SetFirstEventTimestamp(v int64) *LogStream { - s.FirstEventTimestamp = &v +// SetName sets the Name field's value. +func (s *QueryDefinition) SetName(v string) *QueryDefinition { + s.Name = &v return s } -// SetLastEventTimestamp sets the LastEventTimestamp field's value. -func (s *LogStream) SetLastEventTimestamp(v int64) *LogStream { - s.LastEventTimestamp = &v +// SetQueryDefinitionId sets the QueryDefinitionId field's value. +func (s *QueryDefinition) SetQueryDefinitionId(v string) *QueryDefinition { + s.QueryDefinitionId = &v return s } -// SetLastIngestionTime sets the LastIngestionTime field's value. -func (s *LogStream) SetLastIngestionTime(v int64) *LogStream { - s.LastIngestionTime = &v +// SetQueryString sets the QueryString field's value. +func (s *QueryDefinition) SetQueryString(v string) *QueryDefinition { + s.QueryString = &v return s } -// SetLogStreamName sets the LogStreamName field's value. -func (s *LogStream) SetLogStreamName(v string) *LogStream { - s.LogStreamName = &v - return s -} +// Information about one CloudWatch Logs Insights query that matches the request +// in a DescribeQueries operation. +type QueryInfo struct { + _ struct{} `type:"structure"` -// SetStoredBytes sets the StoredBytes field's value. -func (s *LogStream) SetStoredBytes(v int64) *LogStream { - s.StoredBytes = &v - return s -} + // The date and time that this query was created. + CreateTime *int64 `locationName:"createTime" type:"long"` -// SetUploadSequenceToken sets the UploadSequenceToken field's value. -func (s *LogStream) SetUploadSequenceToken(v string) *LogStream { - s.UploadSequenceToken = &v - return s -} + // The name of the log group scanned by this query. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` -// The query string is not valid. Details about this error are displayed in -// a QueryCompileError object. For more information, see QueryCompileError (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_QueryCompileError.html). -// -// For more information about valid query syntax, see CloudWatch Logs Insights -// Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). -type MalformedQueryException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // The unique ID number of this query. + QueryId *string `locationName:"queryId" type:"string"` - Message_ *string `locationName:"message" type:"string"` + // The query string used in this query. + QueryString *string `locationName:"queryString" type:"string"` - // Reserved. - QueryCompileError *QueryCompileError `locationName:"queryCompileError" type:"structure"` + // The status of this query. Possible values are Cancelled, Complete, Failed, + // Running, Scheduled, and Unknown. + Status *string `locationName:"status" type:"string" enum:"QueryStatus"` } -// String returns the string representation -func (s MalformedQueryException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryInfo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MalformedQueryException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryInfo) GoString() string { return s.String() } -func newErrorMalformedQueryException(v protocol.ResponseMetadata) error { - return &MalformedQueryException{ - RespMetadata: v, - } -} - -// Code returns the exception type name. -func (s *MalformedQueryException) Code() string { - return "MalformedQueryException" -} - -// Message returns the exception's message. -func (s *MalformedQueryException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +// SetCreateTime sets the CreateTime field's value. +func (s *QueryInfo) SetCreateTime(v int64) *QueryInfo { + s.CreateTime = &v + return s } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *MalformedQueryException) OrigErr() error { - return nil +// SetLogGroupName sets the LogGroupName field's value. +func (s *QueryInfo) SetLogGroupName(v string) *QueryInfo { + s.LogGroupName = &v + return s } -func (s *MalformedQueryException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +// SetQueryId sets the QueryId field's value. +func (s *QueryInfo) SetQueryId(v string) *QueryInfo { + s.QueryId = &v + return s } -// Status code returns the HTTP status code for the request's response error. -func (s *MalformedQueryException) StatusCode() int { - return s.RespMetadata.StatusCode +// SetQueryString sets the QueryString field's value. +func (s *QueryInfo) SetQueryString(v string) *QueryInfo { + s.QueryString = &v + return s } -// RequestID returns the service's response RequestID for request. -func (s *MalformedQueryException) RequestID() string { - return s.RespMetadata.RequestID +// SetStatus sets the Status field's value. +func (s *QueryInfo) SetStatus(v string) *QueryInfo { + s.Status = &v + return s } -// Metric filters express how CloudWatch Logs would extract metric observations -// from ingested log events and transform them into metric data in a CloudWatch -// metric. -type MetricFilter struct { +// Contains the number of log events scanned by the query, the number of log +// events that matched the query criteria, and the total number of bytes in +// the log events that were scanned. +type QueryStatistics struct { _ struct{} `type:"structure"` - // The creation time of the metric filter, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - CreationTime *int64 `locationName:"creationTime" type:"long"` - - // The name of the metric filter. - FilterName *string `locationName:"filterName" min:"1" type:"string"` - - // A symbolic description of how CloudWatch Logs should interpret the data in - // each log event. For example, a log event can contain timestamps, IP addresses, - // strings, and so on. You use the filter pattern to specify what to look for - // in the log event message. - FilterPattern *string `locationName:"filterPattern" type:"string"` + // The total number of bytes in the log events scanned during the query. + BytesScanned *float64 `locationName:"bytesScanned" type:"double"` - // The name of the log group. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + // The number of log events that matched the query string. + RecordsMatched *float64 `locationName:"recordsMatched" type:"double"` - // The metric transformations. - MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list"` + // The total number of log events scanned during the query. + RecordsScanned *float64 `locationName:"recordsScanned" type:"double"` } -// String returns the string representation -func (s MetricFilter) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryStatistics) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricFilter) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s QueryStatistics) GoString() string { return s.String() } -// SetCreationTime sets the CreationTime field's value. -func (s *MetricFilter) SetCreationTime(v int64) *MetricFilter { - s.CreationTime = &v - return s -} - -// SetFilterName sets the FilterName field's value. -func (s *MetricFilter) SetFilterName(v string) *MetricFilter { - s.FilterName = &v - return s -} - -// SetFilterPattern sets the FilterPattern field's value. -func (s *MetricFilter) SetFilterPattern(v string) *MetricFilter { - s.FilterPattern = &v +// SetBytesScanned sets the BytesScanned field's value. +func (s *QueryStatistics) SetBytesScanned(v float64) *QueryStatistics { + s.BytesScanned = &v return s } -// SetLogGroupName sets the LogGroupName field's value. -func (s *MetricFilter) SetLogGroupName(v string) *MetricFilter { - s.LogGroupName = &v +// SetRecordsMatched sets the RecordsMatched field's value. +func (s *QueryStatistics) SetRecordsMatched(v float64) *QueryStatistics { + s.RecordsMatched = &v return s } -// SetMetricTransformations sets the MetricTransformations field's value. -func (s *MetricFilter) SetMetricTransformations(v []*MetricTransformation) *MetricFilter { - s.MetricTransformations = v +// SetRecordsScanned sets the RecordsScanned field's value. +func (s *QueryStatistics) SetRecordsScanned(v float64) *QueryStatistics { + s.RecordsScanned = &v return s } -// Represents a matched event. -type MetricFilterMatchRecord struct { +// Represents the rejected events. +type RejectedLogEventsInfo struct { _ struct{} `type:"structure"` - // The raw event data. - EventMessage *string `locationName:"eventMessage" min:"1" type:"string"` + // The expired log events. + ExpiredLogEventEndIndex *int64 `locationName:"expiredLogEventEndIndex" type:"integer"` - // The event number. - EventNumber *int64 `locationName:"eventNumber" type:"long"` + // The index of the first log event that is too new. This field is inclusive. + TooNewLogEventStartIndex *int64 `locationName:"tooNewLogEventStartIndex" type:"integer"` - // The values extracted from the event data by the filter. - ExtractedValues map[string]*string `locationName:"extractedValues" type:"map"` + // The index of the last log event that is too old. This field is exclusive. + TooOldLogEventEndIndex *int64 `locationName:"tooOldLogEventEndIndex" type:"integer"` } -// String returns the string representation -func (s MetricFilterMatchRecord) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RejectedLogEventsInfo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricFilterMatchRecord) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RejectedLogEventsInfo) GoString() string { return s.String() } -// SetEventMessage sets the EventMessage field's value. -func (s *MetricFilterMatchRecord) SetEventMessage(v string) *MetricFilterMatchRecord { - s.EventMessage = &v +// SetExpiredLogEventEndIndex sets the ExpiredLogEventEndIndex field's value. +func (s *RejectedLogEventsInfo) SetExpiredLogEventEndIndex(v int64) *RejectedLogEventsInfo { + s.ExpiredLogEventEndIndex = &v return s } -// SetEventNumber sets the EventNumber field's value. -func (s *MetricFilterMatchRecord) SetEventNumber(v int64) *MetricFilterMatchRecord { - s.EventNumber = &v +// SetTooNewLogEventStartIndex sets the TooNewLogEventStartIndex field's value. +func (s *RejectedLogEventsInfo) SetTooNewLogEventStartIndex(v int64) *RejectedLogEventsInfo { + s.TooNewLogEventStartIndex = &v return s } -// SetExtractedValues sets the ExtractedValues field's value. -func (s *MetricFilterMatchRecord) SetExtractedValues(v map[string]*string) *MetricFilterMatchRecord { - s.ExtractedValues = v +// SetTooOldLogEventEndIndex sets the TooOldLogEventEndIndex field's value. +func (s *RejectedLogEventsInfo) SetTooOldLogEventEndIndex(v int64) *RejectedLogEventsInfo { + s.TooOldLogEventEndIndex = &v return s } -// Indicates how to transform ingested log events to metric data in a CloudWatch -// metric. -type MetricTransformation struct { - _ struct{} `type:"structure"` - - // (Optional) The value to emit when a filter pattern does not match a log event. - // This value can be null. - DefaultValue *float64 `locationName:"defaultValue" type:"double"` - - // The name of the CloudWatch metric. - // - // MetricName is a required field - MetricName *string `locationName:"metricName" type:"string" required:"true"` - - // A custom namespace to contain your metric in CloudWatch. Use namespaces to - // group together metrics that are similar. For more information, see Namespaces - // (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Namespace). - // - // MetricNamespace is a required field - MetricNamespace *string `locationName:"metricNamespace" type:"string" required:"true"` +// The specified resource already exists. +type ResourceAlreadyExistsException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // The value to publish to the CloudWatch metric when a filter pattern matches - // a log event. - // - // MetricValue is a required field - MetricValue *string `locationName:"metricValue" type:"string" required:"true"` + Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s MetricTransformation) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceAlreadyExistsException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s MetricTransformation) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceAlreadyExistsException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *MetricTransformation) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "MetricTransformation"} - if s.MetricName == nil { - invalidParams.Add(request.NewErrParamRequired("MetricName")) - } - if s.MetricNamespace == nil { - invalidParams.Add(request.NewErrParamRequired("MetricNamespace")) - } - if s.MetricValue == nil { - invalidParams.Add(request.NewErrParamRequired("MetricValue")) +func newErrorResourceAlreadyExistsException(v protocol.ResponseMetadata) error { + return &ResourceAlreadyExistsException{ + RespMetadata: v, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *ResourceAlreadyExistsException) Code() string { + return "ResourceAlreadyExistsException" +} + +// Message returns the exception's message. +func (s *ResourceAlreadyExistsException) Message() string { + if s.Message_ != nil { + return *s.Message_ } - return nil + return "" } -// SetDefaultValue sets the DefaultValue field's value. -func (s *MetricTransformation) SetDefaultValue(v float64) *MetricTransformation { - s.DefaultValue = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceAlreadyExistsException) OrigErr() error { + return nil } -// SetMetricName sets the MetricName field's value. -func (s *MetricTransformation) SetMetricName(v string) *MetricTransformation { - s.MetricName = &v - return s +func (s *ResourceAlreadyExistsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetMetricNamespace sets the MetricNamespace field's value. -func (s *MetricTransformation) SetMetricNamespace(v string) *MetricTransformation { - s.MetricNamespace = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceAlreadyExistsException) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetMetricValue sets the MetricValue field's value. -func (s *MetricTransformation) SetMetricValue(v string) *MetricTransformation { - s.MetricValue = &v - return s +// RequestID returns the service's response RequestID for request. +func (s *ResourceAlreadyExistsException) RequestID() string { + return s.RespMetadata.RequestID } -// Multiple requests to update the same resource were in conflict. -type OperationAbortedException struct { +// The specified resource does not exist. +type ResourceNotFoundException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s OperationAbortedException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s OperationAbortedException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { return s.String() } -func newErrorOperationAbortedException(v protocol.ResponseMetadata) error { - return &OperationAbortedException{ +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ RespMetadata: v, } } // Code returns the exception type name. -func (s *OperationAbortedException) Code() string { - return "OperationAbortedException" +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" } // Message returns the exception's message. -func (s *OperationAbortedException) Message() string { +func (s *ResourceNotFoundException) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -8108,440 +18738,556 @@ func (s *OperationAbortedException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *OperationAbortedException) OrigErr() error { +func (s *ResourceNotFoundException) OrigErr() error { return nil } -func (s *OperationAbortedException) Error() string { +func (s *ResourceNotFoundException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. -func (s *OperationAbortedException) StatusCode() int { +func (s *ResourceNotFoundException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *OperationAbortedException) RequestID() string { +func (s *ResourceNotFoundException) RequestID() string { return s.RespMetadata.RequestID } -// Represents a log event. -type OutputLogEvent struct { +// A policy enabling one or more entities to put logs to a log group in this +// account. +type ResourcePolicy struct { _ struct{} `type:"structure"` - // The time the event was ingested, expressed as the number of milliseconds - // after Jan 1, 1970 00:00:00 UTC. - IngestionTime *int64 `locationName:"ingestionTime" type:"long"` + // Timestamp showing when this policy was last updated, expressed as the number + // of milliseconds after Jan 1, 1970 00:00:00 UTC. + LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"` - // The data contained in the log event. - Message *string `locationName:"message" min:"1" type:"string"` + // The details of the policy. + PolicyDocument *string `locationName:"policyDocument" min:"1" type:"string"` - // The time the event occurred, expressed as the number of milliseconds after - // Jan 1, 1970 00:00:00 UTC. - Timestamp *int64 `locationName:"timestamp" type:"long"` + // The name of the resource policy. + PolicyName *string `locationName:"policyName" type:"string"` } -// String returns the string representation -func (s OutputLogEvent) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourcePolicy) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s OutputLogEvent) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourcePolicy) GoString() string { return s.String() } -// SetIngestionTime sets the IngestionTime field's value. -func (s *OutputLogEvent) SetIngestionTime(v int64) *OutputLogEvent { - s.IngestionTime = &v +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *ResourcePolicy) SetLastUpdatedTime(v int64) *ResourcePolicy { + s.LastUpdatedTime = &v return s } -// SetMessage sets the Message field's value. -func (s *OutputLogEvent) SetMessage(v string) *OutputLogEvent { - s.Message = &v +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ResourcePolicy) SetPolicyDocument(v string) *ResourcePolicy { + s.PolicyDocument = &v return s } -// SetTimestamp sets the Timestamp field's value. -func (s *OutputLogEvent) SetTimestamp(v int64) *OutputLogEvent { - s.Timestamp = &v +// SetPolicyName sets the PolicyName field's value. +func (s *ResourcePolicy) SetPolicyName(v string) *ResourcePolicy { + s.PolicyName = &v return s } -type PutDestinationInput struct { +// Contains one field from one log event returned by a CloudWatch Logs Insights +// query, along with the value of that field. +// +// For more information about the fields that are generated by CloudWatch logs, +// see Supported Logs and Discovered Fields (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html). +type ResultField struct { _ struct{} `type:"structure"` - // A name for the destination. - // - // DestinationName is a required field - DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"` - - // The ARN of an IAM role that grants CloudWatch Logs permissions to call the - // Amazon Kinesis PutRecord operation on the destination stream. - // - // RoleArn is a required field - RoleArn *string `locationName:"roleArn" min:"1" type:"string" required:"true"` + // The log event field. + Field *string `locationName:"field" type:"string"` - // The ARN of an Amazon Kinesis stream to which to deliver matching log events. - // - // TargetArn is a required field - TargetArn *string `locationName:"targetArn" min:"1" type:"string" required:"true"` + // The value of this field. + Value *string `locationName:"value" type:"string"` } -// String returns the string representation -func (s PutDestinationInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResultField) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutDestinationInput) GoString() string { - return s.String() -} - -// Validate inspects the fields of the type to determine if they are valid. -func (s *PutDestinationInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutDestinationInput"} - if s.DestinationName == nil { - invalidParams.Add(request.NewErrParamRequired("DestinationName")) - } - if s.DestinationName != nil && len(*s.DestinationName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1)) - } - if s.RoleArn == nil { - invalidParams.Add(request.NewErrParamRequired("RoleArn")) - } - if s.RoleArn != nil && len(*s.RoleArn) < 1 { - invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1)) - } - if s.TargetArn == nil { - invalidParams.Add(request.NewErrParamRequired("TargetArn")) - } - if s.TargetArn != nil && len(*s.TargetArn) < 1 { - invalidParams.Add(request.NewErrParamMinLen("TargetArn", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetDestinationName sets the DestinationName field's value. -func (s *PutDestinationInput) SetDestinationName(v string) *PutDestinationInput { - s.DestinationName = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResultField) GoString() string { + return s.String() } -// SetRoleArn sets the RoleArn field's value. -func (s *PutDestinationInput) SetRoleArn(v string) *PutDestinationInput { - s.RoleArn = &v +// SetField sets the Field field's value. +func (s *ResultField) SetField(v string) *ResultField { + s.Field = &v return s } -// SetTargetArn sets the TargetArn field's value. -func (s *PutDestinationInput) SetTargetArn(v string) *PutDestinationInput { - s.TargetArn = &v +// SetValue sets the Value field's value. +func (s *ResultField) SetValue(v string) *ResultField { + s.Value = &v return s } -type PutDestinationOutput struct { +// Represents the search status of a log stream. +type SearchedLogStream struct { _ struct{} `type:"structure"` - // The destination. - Destination *Destination `locationName:"destination" type:"structure"` + // The name of the log stream. + LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"` + + // Indicates whether all the events in this log stream were searched. + SearchedCompletely *bool `locationName:"searchedCompletely" type:"boolean"` } -// String returns the string representation -func (s PutDestinationOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SearchedLogStream) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutDestinationOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SearchedLogStream) GoString() string { return s.String() } -// SetDestination sets the Destination field's value. -func (s *PutDestinationOutput) SetDestination(v *Destination) *PutDestinationOutput { - s.Destination = v +// SetLogStreamName sets the LogStreamName field's value. +func (s *SearchedLogStream) SetLogStreamName(v string) *SearchedLogStream { + s.LogStreamName = &v return s } -type PutDestinationPolicyInput struct { - _ struct{} `type:"structure"` +// SetSearchedCompletely sets the SearchedCompletely field's value. +func (s *SearchedLogStream) SetSearchedCompletely(v bool) *SearchedLogStream { + s.SearchedCompletely = &v + return s +} - // An IAM policy document that authorizes cross-account users to deliver their - // log events to the associated destination. This can be up to 5120 bytes. - // - // AccessPolicy is a required field - AccessPolicy *string `locationName:"accessPolicy" min:"1" type:"string" required:"true"` +// This request exceeds a service quota. +type ServiceQuotaExceededException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // A name for an existing destination. - // - // DestinationName is a required field - DestinationName *string `locationName:"destinationName" min:"1" type:"string" required:"true"` + Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s PutDestinationPolicyInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceQuotaExceededException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutDestinationPolicyInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceQuotaExceededException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *PutDestinationPolicyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutDestinationPolicyInput"} - if s.AccessPolicy == nil { - invalidParams.Add(request.NewErrParamRequired("AccessPolicy")) - } - if s.AccessPolicy != nil && len(*s.AccessPolicy) < 1 { - invalidParams.Add(request.NewErrParamMinLen("AccessPolicy", 1)) - } - if s.DestinationName == nil { - invalidParams.Add(request.NewErrParamRequired("DestinationName")) - } - if s.DestinationName != nil && len(*s.DestinationName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("DestinationName", 1)) +func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error { + return &ServiceQuotaExceededException{ + RespMetadata: v, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *ServiceQuotaExceededException) Code() string { + return "ServiceQuotaExceededException" +} + +// Message returns the exception's message. +func (s *ServiceQuotaExceededException) Message() string { + if s.Message_ != nil { + return *s.Message_ } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ServiceQuotaExceededException) OrigErr() error { return nil } -// SetAccessPolicy sets the AccessPolicy field's value. -func (s *PutDestinationPolicyInput) SetAccessPolicy(v string) *PutDestinationPolicyInput { - s.AccessPolicy = &v - return s +func (s *ServiceQuotaExceededException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetDestinationName sets the DestinationName field's value. -func (s *PutDestinationPolicyInput) SetDestinationName(v string) *PutDestinationPolicyInput { - s.DestinationName = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *ServiceQuotaExceededException) StatusCode() int { + return s.RespMetadata.StatusCode } -type PutDestinationPolicyOutput struct { - _ struct{} `type:"structure"` +// RequestID returns the service's response RequestID for request. +func (s *ServiceQuotaExceededException) RequestID() string { + return s.RespMetadata.RequestID } -// String returns the string representation -func (s PutDestinationPolicyOutput) String() string { +// The service cannot complete the request. +type ServiceUnavailableException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutDestinationPolicyOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) GoString() string { return s.String() } -type PutLogEventsInput struct { - _ struct{} `type:"structure"` +func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error { + return &ServiceUnavailableException{ + RespMetadata: v, + } +} - // The log events. - // - // LogEvents is a required field - LogEvents []*InputLogEvent `locationName:"logEvents" min:"1" type:"list" required:"true"` +// Code returns the exception type name. +func (s *ServiceUnavailableException) Code() string { + return "ServiceUnavailableException" +} - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` +// Message returns the exception's message. +func (s *ServiceUnavailableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // The name of the log stream. - // - // LogStreamName is a required field - LogStreamName *string `locationName:"logStreamName" min:"1" type:"string" required:"true"` +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ServiceUnavailableException) OrigErr() error { + return nil +} - // The sequence token obtained from the response of the previous PutLogEvents - // call. An upload in a newly created log stream does not require a sequence - // token. You can also get the sequence token using DescribeLogStreams (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogStreams.html). - // If you call PutLogEvents twice within a narrow time period using the same - // value for sequenceToken, both calls might be successful or one might be rejected. - SequenceToken *string `locationName:"sequenceToken" min:"1" type:"string"` +func (s *ServiceUnavailableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// String returns the string representation -func (s PutLogEventsInput) String() string { +// Status code returns the HTTP status code for the request's response error. +func (s *ServiceUnavailableException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ServiceUnavailableException) RequestID() string { + return s.RespMetadata.RequestID +} + +// his exception is returned if an unknown error occurs during a Live Tail session. +type SessionStreamingException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionStreamingException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutLogEventsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionStreamingException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *PutLogEventsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutLogEventsInput"} - if s.LogEvents == nil { - invalidParams.Add(request.NewErrParamRequired("LogEvents")) - } - if s.LogEvents != nil && len(s.LogEvents) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogEvents", 1)) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.LogStreamName == nil { - invalidParams.Add(request.NewErrParamRequired("LogStreamName")) - } - if s.LogStreamName != nil && len(*s.LogStreamName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogStreamName", 1)) +// The SessionStreamingException is and event in the StartLiveTailResponseStream group of events. +func (s *SessionStreamingException) eventStartLiveTailResponseStream() {} + +// UnmarshalEvent unmarshals the EventStream Message into the SessionStreamingException value. +// This method is only used internally within the SDK's EventStream handling. +func (s *SessionStreamingException) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + if err := payloadUnmarshaler.UnmarshalPayload( + bytes.NewReader(msg.Payload), s, + ); err != nil { + return err } - if s.SequenceToken != nil && len(*s.SequenceToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("SequenceToken", 1)) + return nil +} + +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *SessionStreamingException) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.ExceptionMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err } - if s.LogEvents != nil { - for i, v := range s.LogEvents { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LogEvents", i), err.(request.ErrInvalidParams)) - } - } + msg.Payload = buf.Bytes() + return msg, err +} + +func newErrorSessionStreamingException(v protocol.ResponseMetadata) error { + return &SessionStreamingException{ + RespMetadata: v, } +} - if invalidParams.Len() > 0 { - return invalidParams +// Code returns the exception type name. +func (s *SessionStreamingException) Code() string { + return "SessionStreamingException" +} + +// Message returns the exception's message. +func (s *SessionStreamingException) Message() string { + if s.Message_ != nil { + return *s.Message_ } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *SessionStreamingException) OrigErr() error { return nil } -// SetLogEvents sets the LogEvents field's value. -func (s *PutLogEventsInput) SetLogEvents(v []*InputLogEvent) *PutLogEventsInput { - s.LogEvents = v - return s +func (s *SessionStreamingException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetLogGroupName sets the LogGroupName field's value. -func (s *PutLogEventsInput) SetLogGroupName(v string) *PutLogEventsInput { - s.LogGroupName = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *SessionStreamingException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *SessionStreamingException) RequestID() string { + return s.RespMetadata.RequestID +} + +// This exception is returned in a Live Tail stream when the Live Tail session +// times out. Live Tail sessions time out after three hours. +type SessionTimeoutException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionTimeoutException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionTimeoutException) GoString() string { + return s.String() } -// SetLogStreamName sets the LogStreamName field's value. -func (s *PutLogEventsInput) SetLogStreamName(v string) *PutLogEventsInput { - s.LogStreamName = &v - return s +// The SessionTimeoutException is and event in the StartLiveTailResponseStream group of events. +func (s *SessionTimeoutException) eventStartLiveTailResponseStream() {} + +// UnmarshalEvent unmarshals the EventStream Message into the SessionTimeoutException value. +// This method is only used internally within the SDK's EventStream handling. +func (s *SessionTimeoutException) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + if err := payloadUnmarshaler.UnmarshalPayload( + bytes.NewReader(msg.Payload), s, + ); err != nil { + return err + } + return nil } -// SetSequenceToken sets the SequenceToken field's value. -func (s *PutLogEventsInput) SetSequenceToken(v string) *PutLogEventsInput { - s.SequenceToken = &v - return s +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *SessionTimeoutException) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.ExceptionMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err } -type PutLogEventsOutput struct { - _ struct{} `type:"structure"` +func newErrorSessionTimeoutException(v protocol.ResponseMetadata) error { + return &SessionTimeoutException{ + RespMetadata: v, + } +} - // The next sequence token. - NextSequenceToken *string `locationName:"nextSequenceToken" min:"1" type:"string"` +// Code returns the exception type name. +func (s *SessionTimeoutException) Code() string { + return "SessionTimeoutException" +} - // The rejected events. - RejectedLogEventsInfo *RejectedLogEventsInfo `locationName:"rejectedLogEventsInfo" type:"structure"` +// Message returns the exception's message. +func (s *SessionTimeoutException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// String returns the string representation -func (s PutLogEventsOutput) String() string { - return awsutil.Prettify(s) +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *SessionTimeoutException) OrigErr() error { + return nil } -// GoString returns the string representation -func (s PutLogEventsOutput) GoString() string { - return s.String() +func (s *SessionTimeoutException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetNextSequenceToken sets the NextSequenceToken field's value. -func (s *PutLogEventsOutput) SetNextSequenceToken(v string) *PutLogEventsOutput { - s.NextSequenceToken = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *SessionTimeoutException) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetRejectedLogEventsInfo sets the RejectedLogEventsInfo field's value. -func (s *PutLogEventsOutput) SetRejectedLogEventsInfo(v *RejectedLogEventsInfo) *PutLogEventsOutput { - s.RejectedLogEventsInfo = v - return s +// RequestID returns the service's response RequestID for request. +func (s *SessionTimeoutException) RequestID() string { + return s.RespMetadata.RequestID } -type PutMetricFilterInput struct { +type StartLiveTailInput struct { _ struct{} `type:"structure"` - // A name for the metric filter. + // An optional pattern to use to filter the results to include only log events + // that match the pattern. For example, a filter pattern of error 404 causes + // only log events that include both error and 404 to be included in the Live + // Tail stream. // - // FilterName is a required field - FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` + // Regular expression filter patterns are supported. + // + // For more information about filter pattern syntax, see Filter and Pattern + // Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). + LogEventFilterPattern *string `locationName:"logEventFilterPattern" type:"string"` - // A filter pattern for extracting metric data out of ingested log events. + // An array where each item in the array is a log group to include in the Live + // Tail session. // - // FilterPattern is a required field - FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"` + // Specify each log group by its ARN. + // + // If you specify an ARN, the ARN can't end with an asterisk (*). + // + // You can include up to 10 log groups. + // + // LogGroupIdentifiers is a required field + LogGroupIdentifiers []*string `locationName:"logGroupIdentifiers" min:"1" type:"list" required:"true"` - // The name of the log group. + // If you specify this parameter, then only log events in the log streams that + // have names that start with the prefixes that you specify here are included + // in the Live Tail session. // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // If you specify this field, you can't also specify the logStreamNames field. + // + // You can specify this parameter only if you specify only one log group in + // logGroupIdentifiers. + LogStreamNamePrefixes []*string `locationName:"logStreamNamePrefixes" min:"1" type:"list"` - // A collection of information that defines how metric data gets emitted. + // If you specify this parameter, then only log events in the log streams that + // you specify here are included in the Live Tail session. // - // MetricTransformations is a required field - MetricTransformations []*MetricTransformation `locationName:"metricTransformations" min:"1" type:"list" required:"true"` + // If you specify this field, you can't also specify the logStreamNamePrefixes + // field. + // + // You can specify this parameter only if you specify only one log group in + // logGroupIdentifiers. + LogStreamNames []*string `locationName:"logStreamNames" min:"1" type:"list"` } -// String returns the string representation -func (s PutMetricFilterInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartLiveTailInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutMetricFilterInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartLiveTailInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *PutMetricFilterInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutMetricFilterInput"} - if s.FilterName == nil { - invalidParams.Add(request.NewErrParamRequired("FilterName")) - } - if s.FilterName != nil && len(*s.FilterName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) - } - if s.FilterPattern == nil { - invalidParams.Add(request.NewErrParamRequired("FilterPattern")) +func (s *StartLiveTailInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartLiveTailInput"} + if s.LogGroupIdentifiers == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupIdentifiers")) } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.MetricTransformations == nil { - invalidParams.Add(request.NewErrParamRequired("MetricTransformations")) + if s.LogGroupIdentifiers != nil && len(s.LogGroupIdentifiers) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupIdentifiers", 1)) } - if s.MetricTransformations != nil && len(s.MetricTransformations) < 1 { - invalidParams.Add(request.NewErrParamMinLen("MetricTransformations", 1)) + if s.LogStreamNamePrefixes != nil && len(s.LogStreamNamePrefixes) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamNamePrefixes", 1)) } - if s.MetricTransformations != nil { - for i, v := range s.MetricTransformations { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricTransformations", i), err.(request.ErrInvalidParams)) - } - } + if s.LogStreamNames != nil && len(s.LogStreamNames) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogStreamNames", 1)) } if invalidParams.Len() > 0 { @@ -8550,192 +19296,337 @@ func (s *PutMetricFilterInput) Validate() error { return nil } -// SetFilterName sets the FilterName field's value. -func (s *PutMetricFilterInput) SetFilterName(v string) *PutMetricFilterInput { - s.FilterName = &v +// SetLogEventFilterPattern sets the LogEventFilterPattern field's value. +func (s *StartLiveTailInput) SetLogEventFilterPattern(v string) *StartLiveTailInput { + s.LogEventFilterPattern = &v return s } -// SetFilterPattern sets the FilterPattern field's value. -func (s *PutMetricFilterInput) SetFilterPattern(v string) *PutMetricFilterInput { - s.FilterPattern = &v +// SetLogGroupIdentifiers sets the LogGroupIdentifiers field's value. +func (s *StartLiveTailInput) SetLogGroupIdentifiers(v []*string) *StartLiveTailInput { + s.LogGroupIdentifiers = v return s } -// SetLogGroupName sets the LogGroupName field's value. -func (s *PutMetricFilterInput) SetLogGroupName(v string) *PutMetricFilterInput { - s.LogGroupName = &v +// SetLogStreamNamePrefixes sets the LogStreamNamePrefixes field's value. +func (s *StartLiveTailInput) SetLogStreamNamePrefixes(v []*string) *StartLiveTailInput { + s.LogStreamNamePrefixes = v return s } -// SetMetricTransformations sets the MetricTransformations field's value. -func (s *PutMetricFilterInput) SetMetricTransformations(v []*MetricTransformation) *PutMetricFilterInput { - s.MetricTransformations = v +// SetLogStreamNames sets the LogStreamNames field's value. +func (s *StartLiveTailInput) SetLogStreamNames(v []*string) *StartLiveTailInput { + s.LogStreamNames = v return s } -type PutMetricFilterOutput struct { +type StartLiveTailOutput struct { _ struct{} `type:"structure"` + + eventStream *StartLiveTailEventStream } -// String returns the string representation -func (s PutMetricFilterOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartLiveTailOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutMetricFilterOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartLiveTailOutput) GoString() string { return s.String() } -type PutQueryDefinitionInput struct { - _ struct{} `type:"structure"` +// GetStream returns the type to interact with the event stream. +func (s *StartLiveTailOutput) GetStream() *StartLiveTailEventStream { + return s.eventStream +} - // Use this parameter to include specific log groups as part of your query definition. - // - // If you are updating a query definition and you omit this parameter, then - // the updated definition will contain no log groups. - LogGroupNames []*string `locationName:"logGroupNames" type:"list"` +// The StartLiveTailOutput is and event in the StartLiveTailResponseStream group of events. +func (s *StartLiveTailOutput) eventStartLiveTailResponseStream() {} - // A name for the query definition. If you are saving a lot of query definitions, - // we recommend that you name them so that you can easily find the ones you - // want by using the first part of the name as a filter in the queryDefinitionNamePrefix - // parameter of DescribeQueryDefinitions (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html). - // - // Name is a required field - Name *string `locationName:"name" min:"1" type:"string" required:"true"` +// UnmarshalEvent unmarshals the EventStream Message into the StartLiveTailOutput value. +// This method is only used internally within the SDK's EventStream handling. +func (s *StartLiveTailOutput) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + if err := payloadUnmarshaler.UnmarshalPayload( + bytes.NewReader(msg.Payload), s, + ); err != nil { + return err + } + return nil +} - // If you are updating a query definition, use this parameter to specify the - // ID of the query definition that you want to update. You can use DescribeQueryDefinitions - // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeQueryDefinitions.html) - // to retrieve the IDs of your saved query definitions. - // - // If you are creating a query definition, do not specify this parameter. CloudWatch - // generates a unique ID for the new query definition and include it in the - // response to this operation. - QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string"` +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (s *StartLiveTailOutput) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err +} - // The query string to use for this definition. For more information, see CloudWatch - // Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). - // - // QueryString is a required field - QueryString *string `locationName:"queryString" min:"1" type:"string" required:"true"` +// StartLiveTailResponseStreamEvent groups together all EventStream +// events writes for StartLiveTailResponseStream. +// +// These events are: +// +// - LiveTailSessionStart +// - LiveTailSessionUpdate +type StartLiveTailResponseStreamEvent interface { + eventStartLiveTailResponseStream() + eventstreamapi.Marshaler + eventstreamapi.Unmarshaler } -// String returns the string representation -func (s PutQueryDefinitionInput) String() string { - return awsutil.Prettify(s) +// StartLiveTailResponseStreamReader provides the interface for reading to the stream. The +// default implementation for this interface will be StartLiveTailResponseStream. +// +// The reader's Close method must allow multiple concurrent calls. +// +// These events are: +// +// - LiveTailSessionStart +// - LiveTailSessionUpdate +// - StartLiveTailResponseStreamUnknownEvent +type StartLiveTailResponseStreamReader interface { + // Returns a channel of events as they are read from the event stream. + Events() <-chan StartLiveTailResponseStreamEvent + + // Close will stop the reader reading events from the stream. + Close() error + + // Returns any error that has occurred while reading from the event stream. + Err() error } -// GoString returns the string representation -func (s PutQueryDefinitionInput) GoString() string { - return s.String() +type readStartLiveTailResponseStream struct { + eventReader *eventstreamapi.EventReader + stream chan StartLiveTailResponseStreamEvent + err *eventstreamapi.OnceError + + done chan struct{} + closeOnce sync.Once } -// Validate inspects the fields of the type to determine if they are valid. -func (s *PutQueryDefinitionInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutQueryDefinitionInput"} - if s.Name == nil { - invalidParams.Add(request.NewErrParamRequired("Name")) - } - if s.Name != nil && len(*s.Name) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Name", 1)) - } - if s.QueryString == nil { - invalidParams.Add(request.NewErrParamRequired("QueryString")) - } - if s.QueryString != nil && len(*s.QueryString) < 1 { - invalidParams.Add(request.NewErrParamMinLen("QueryString", 1)) +func newReadStartLiveTailResponseStream(eventReader *eventstreamapi.EventReader) *readStartLiveTailResponseStream { + r := &readStartLiveTailResponseStream{ + eventReader: eventReader, + stream: make(chan StartLiveTailResponseStreamEvent), + done: make(chan struct{}), + err: eventstreamapi.NewOnceError(), } + go r.readEventStream() - if invalidParams.Len() > 0 { - return invalidParams - } - return nil + return r } -// SetLogGroupNames sets the LogGroupNames field's value. -func (s *PutQueryDefinitionInput) SetLogGroupNames(v []*string) *PutQueryDefinitionInput { - s.LogGroupNames = v - return s +// Close will close the underlying event stream reader. +func (r *readStartLiveTailResponseStream) Close() error { + r.closeOnce.Do(r.safeClose) + return r.Err() } -// SetName sets the Name field's value. -func (s *PutQueryDefinitionInput) SetName(v string) *PutQueryDefinitionInput { - s.Name = &v - return s +func (r *readStartLiveTailResponseStream) ErrorSet() <-chan struct{} { + return r.err.ErrorSet() } -// SetQueryDefinitionId sets the QueryDefinitionId field's value. -func (s *PutQueryDefinitionInput) SetQueryDefinitionId(v string) *PutQueryDefinitionInput { - s.QueryDefinitionId = &v - return s +func (r *readStartLiveTailResponseStream) Closed() <-chan struct{} { + return r.done } -// SetQueryString sets the QueryString field's value. -func (s *PutQueryDefinitionInput) SetQueryString(v string) *PutQueryDefinitionInput { - s.QueryString = &v - return s +func (r *readStartLiveTailResponseStream) safeClose() { + close(r.done) } -type PutQueryDefinitionOutput struct { - _ struct{} `type:"structure"` +func (r *readStartLiveTailResponseStream) Err() error { + return r.err.Err() +} - // The ID of the query definition. - QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string"` +func (r *readStartLiveTailResponseStream) Events() <-chan StartLiveTailResponseStreamEvent { + return r.stream } -// String returns the string representation -func (s PutQueryDefinitionOutput) String() string { - return awsutil.Prettify(s) +func (r *readStartLiveTailResponseStream) readEventStream() { + defer r.Close() + defer close(r.stream) + + for { + event, err := r.eventReader.ReadEvent() + if err != nil { + if err == io.EOF { + return + } + select { + case <-r.done: + // If closed already ignore the error + return + default: + } + if _, ok := err.(*eventstreamapi.UnknownMessageTypeError); ok { + continue + } + r.err.SetError(err) + return + } + + select { + case r.stream <- event.(StartLiveTailResponseStreamEvent): + case <-r.done: + return + } + } } -// GoString returns the string representation -func (s PutQueryDefinitionOutput) GoString() string { - return s.String() +type unmarshalerForStartLiveTailResponseStreamEvent struct { + metadata protocol.ResponseMetadata } -// SetQueryDefinitionId sets the QueryDefinitionId field's value. -func (s *PutQueryDefinitionOutput) SetQueryDefinitionId(v string) *PutQueryDefinitionOutput { - s.QueryDefinitionId = &v - return s +func (u unmarshalerForStartLiveTailResponseStreamEvent) UnmarshalerForEventName(eventType string) (eventstreamapi.Unmarshaler, error) { + switch eventType { + case "sessionStart": + return &LiveTailSessionStart{}, nil + case "sessionUpdate": + return &LiveTailSessionUpdate{}, nil + case "SessionStreamingException": + return newErrorSessionStreamingException(u.metadata).(eventstreamapi.Unmarshaler), nil + case "SessionTimeoutException": + return newErrorSessionTimeoutException(u.metadata).(eventstreamapi.Unmarshaler), nil + default: + return &StartLiveTailResponseStreamUnknownEvent{Type: eventType}, nil + } } -type PutResourcePolicyInput struct { +// StartLiveTailResponseStreamUnknownEvent provides a failsafe event for the +// StartLiveTailResponseStream group of events when an unknown event is received. +type StartLiveTailResponseStreamUnknownEvent struct { + Type string + Message eventstream.Message +} + +// The StartLiveTailResponseStreamUnknownEvent is and event in the StartLiveTailResponseStream +// group of events. +func (s *StartLiveTailResponseStreamUnknownEvent) eventStartLiveTailResponseStream() {} + +// MarshalEvent marshals the type into an stream event value. This method +// should only used internally within the SDK's EventStream handling. +func (e *StartLiveTailResponseStreamUnknownEvent) MarshalEvent(pm protocol.PayloadMarshaler) ( + msg eventstream.Message, err error, +) { + return e.Message.Clone(), nil +} + +// UnmarshalEvent unmarshals the EventStream Message into the StartLiveTailResponseStream value. +// This method is only used internally within the SDK's EventStream handling. +func (e *StartLiveTailResponseStreamUnknownEvent) UnmarshalEvent( + payloadUnmarshaler protocol.PayloadUnmarshaler, + msg eventstream.Message, +) error { + e.Message = msg.Clone() + return nil +} + +type StartQueryInput struct { _ struct{} `type:"structure"` - // Details of the new policy, including the identity of the principal that is - // enabled to put logs to this account. This is formatted as a JSON string. - // This parameter is required. + // The end of the time range to query. The range is inclusive, so the specified + // end time is included in the query. Specified as epoch time, the number of + // seconds since January 1, 1970, 00:00:00 UTC. // - // The following example creates a resource policy enabling the Route 53 service - // to put DNS query logs in to the specified log group. Replace "logArn" with - // the ARN of your CloudWatch Logs resource, such as a log group or log stream. + // EndTime is a required field + EndTime *int64 `locationName:"endTime" type:"long" required:"true"` + + // The maximum number of log events to return in the query. If the query string + // uses the fields command, only the specified fields and their values are returned. + // The default is 1000. + Limit *int64 `locationName:"limit" min:"1" type:"integer"` + + // The list of log groups to query. You can include up to 50 log groups. + // + // You can specify them by the log group name or ARN. If a log group that you're + // querying is in a source account and you're using a monitoring account, you + // must specify the ARN of the log group here. The query definition must also + // be defined in the monitoring account. + // + // If you specify an ARN, the ARN can't end with an asterisk (*). + // + // A StartQuery operation must include exactly one of the following parameters: + // logGroupName, logGroupNames, or logGroupIdentifiers. + LogGroupIdentifiers []*string `locationName:"logGroupIdentifiers" type:"list"` + + // The log group on which to perform the query. + // + // A StartQuery operation must include exactly one of the following parameters: + // logGroupName, logGroupNames, or logGroupIdentifiers. + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + + // The list of log groups to be queried. You can include up to 50 log groups. // - // { "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", - // "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] - // }, "Action":"logs:PutLogEvents", "Resource": "logArn" } ] } - PolicyDocument *string `locationName:"policyDocument" min:"1" type:"string"` + // A StartQuery operation must include exactly one of the following parameters: + // logGroupName, logGroupNames, or logGroupIdentifiers. + LogGroupNames []*string `locationName:"logGroupNames" type:"list"` - // Name of the new policy. This parameter is required. - PolicyName *string `locationName:"policyName" type:"string"` + // The query string to use. For more information, see CloudWatch Logs Insights + // Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). + // + // QueryString is a required field + QueryString *string `locationName:"queryString" type:"string" required:"true"` + + // The beginning of the time range to query. The range is inclusive, so the + // specified start time is included in the query. Specified as epoch time, the + // number of seconds since January 1, 1970, 00:00:00 UTC. + // + // StartTime is a required field + StartTime *int64 `locationName:"startTime" type:"long" required:"true"` } -// String returns the string representation -func (s PutResourcePolicyInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartQueryInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutResourcePolicyInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartQueryInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *PutResourcePolicyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} - if s.PolicyDocument != nil && len(*s.PolicyDocument) < 1 { - invalidParams.Add(request.NewErrParamMinLen("PolicyDocument", 1)) +func (s *StartQueryInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartQueryInput"} + if s.EndTime == nil { + invalidParams.Add(request.NewErrParamRequired("EndTime")) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.QueryString == nil { + invalidParams.Add(request.NewErrParamRequired("QueryString")) + } + if s.StartTime == nil { + invalidParams.Add(request.NewErrParamRequired("StartTime")) } if invalidParams.Len() > 0 { @@ -8744,81 +19635,111 @@ func (s *PutResourcePolicyInput) Validate() error { return nil } -// SetPolicyDocument sets the PolicyDocument field's value. -func (s *PutResourcePolicyInput) SetPolicyDocument(v string) *PutResourcePolicyInput { - s.PolicyDocument = &v +// SetEndTime sets the EndTime field's value. +func (s *StartQueryInput) SetEndTime(v int64) *StartQueryInput { + s.EndTime = &v return s } -// SetPolicyName sets the PolicyName field's value. -func (s *PutResourcePolicyInput) SetPolicyName(v string) *PutResourcePolicyInput { - s.PolicyName = &v +// SetLimit sets the Limit field's value. +func (s *StartQueryInput) SetLimit(v int64) *StartQueryInput { + s.Limit = &v return s } -type PutResourcePolicyOutput struct { +// SetLogGroupIdentifiers sets the LogGroupIdentifiers field's value. +func (s *StartQueryInput) SetLogGroupIdentifiers(v []*string) *StartQueryInput { + s.LogGroupIdentifiers = v + return s +} + +// SetLogGroupName sets the LogGroupName field's value. +func (s *StartQueryInput) SetLogGroupName(v string) *StartQueryInput { + s.LogGroupName = &v + return s +} + +// SetLogGroupNames sets the LogGroupNames field's value. +func (s *StartQueryInput) SetLogGroupNames(v []*string) *StartQueryInput { + s.LogGroupNames = v + return s +} + +// SetQueryString sets the QueryString field's value. +func (s *StartQueryInput) SetQueryString(v string) *StartQueryInput { + s.QueryString = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *StartQueryInput) SetStartTime(v int64) *StartQueryInput { + s.StartTime = &v + return s +} + +type StartQueryOutput struct { _ struct{} `type:"structure"` - // The new policy. - ResourcePolicy *ResourcePolicy `locationName:"resourcePolicy" type:"structure"` + // The unique ID of the query. + QueryId *string `locationName:"queryId" type:"string"` } -// String returns the string representation -func (s PutResourcePolicyOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartQueryOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutResourcePolicyOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartQueryOutput) GoString() string { return s.String() } -// SetResourcePolicy sets the ResourcePolicy field's value. -func (s *PutResourcePolicyOutput) SetResourcePolicy(v *ResourcePolicy) *PutResourcePolicyOutput { - s.ResourcePolicy = v +// SetQueryId sets the QueryId field's value. +func (s *StartQueryOutput) SetQueryId(v string) *StartQueryOutput { + s.QueryId = &v return s } -type PutRetentionPolicyInput struct { +type StopQueryInput struct { _ struct{} `type:"structure"` - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - - // The number of days to retain the log events in the specified log group. Possible - // values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, - // 1827, and 3653. - // - // If you omit retentionInDays in a PutRetentionPolicy operation, the events - // in the log group are always retained and never expire. + // The ID number of the query to stop. To find this ID number, use DescribeQueries. // - // RetentionInDays is a required field - RetentionInDays *int64 `locationName:"retentionInDays" type:"integer" required:"true"` + // QueryId is a required field + QueryId *string `locationName:"queryId" type:"string" required:"true"` } -// String returns the string representation -func (s PutRetentionPolicyInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopQueryInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutRetentionPolicyInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopQueryInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *PutRetentionPolicyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutRetentionPolicyInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.RetentionInDays == nil { - invalidParams.Add(request.NewErrParamRequired("RetentionInDays")) +func (s *StopQueryInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StopQueryInput"} + if s.QueryId == nil { + invalidParams.Add(request.NewErrParamRequired("QueryId")) } if invalidParams.Len() > 0 { @@ -8827,487 +19748,496 @@ func (s *PutRetentionPolicyInput) Validate() error { return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *PutRetentionPolicyInput) SetLogGroupName(v string) *PutRetentionPolicyInput { - s.LogGroupName = &v - return s -} - -// SetRetentionInDays sets the RetentionInDays field's value. -func (s *PutRetentionPolicyInput) SetRetentionInDays(v int64) *PutRetentionPolicyInput { - s.RetentionInDays = &v +// SetQueryId sets the QueryId field's value. +func (s *StopQueryInput) SetQueryId(v string) *StopQueryInput { + s.QueryId = &v return s } -type PutRetentionPolicyOutput struct { +type StopQueryOutput struct { _ struct{} `type:"structure"` + + // This is true if the query was stopped by the StopQuery operation. + Success *bool `locationName:"success" type:"boolean"` } -// String returns the string representation -func (s PutRetentionPolicyOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopQueryOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutRetentionPolicyOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopQueryOutput) GoString() string { return s.String() } -type PutSubscriptionFilterInput struct { +// SetSuccess sets the Success field's value. +func (s *StopQueryOutput) SetSuccess(v bool) *StopQueryOutput { + s.Success = &v + return s +} + +// Represents a subscription filter. +type SubscriptionFilter struct { _ struct{} `type:"structure"` - // The ARN of the destination to deliver matching log events to. Currently, - // the supported destinations are: - // - // * An Amazon Kinesis stream belonging to the same account as the subscription - // filter, for same-account delivery. - // - // * A logical destination (specified using an ARN) belonging to a different - // account, for cross-account delivery. - // - // * An Amazon Kinesis Firehose delivery stream belonging to the same account - // as the subscription filter, for same-account delivery. - // - // * An AWS Lambda function belonging to the same account as the subscription - // filter, for same-account delivery. - // - // DestinationArn is a required field - DestinationArn *string `locationName:"destinationArn" min:"1" type:"string" required:"true"` + // The creation time of the subscription filter, expressed as the number of + // milliseconds after Jan 1, 1970 00:00:00 UTC. + CreationTime *int64 `locationName:"creationTime" type:"long"` - // The method used to distribute log data to the destination. By default, log - // data is grouped by log stream, but the grouping can be set to random for - // a more even distribution. This property is only applicable when the destination - // is an Amazon Kinesis stream. + // The Amazon Resource Name (ARN) of the destination. + DestinationArn *string `locationName:"destinationArn" min:"1" type:"string"` + + // The method used to distribute log data to the destination, which can be either + // random or grouped by log stream. Distribution *string `locationName:"distribution" type:"string" enum:"Distribution"` - // A name for the subscription filter. If you are updating an existing filter, - // you must specify the correct name in filterName. Otherwise, the call fails - // because you cannot associate a second filter with a log group. To find the - // name of the filter currently associated with a log group, use DescribeSubscriptionFilters - // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeSubscriptionFilters.html). - // - // FilterName is a required field - FilterName *string `locationName:"filterName" min:"1" type:"string" required:"true"` + // The name of the subscription filter. + FilterName *string `locationName:"filterName" min:"1" type:"string"` - // A filter pattern for subscribing to a filtered stream of log events. - // - // FilterPattern is a required field - FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"` + // A symbolic description of how CloudWatch Logs should interpret the data in + // each log event. For example, a log event can contain timestamps, IP addresses, + // strings, and so on. You use the filter pattern to specify what to look for + // in the log event message. + FilterPattern *string `locationName:"filterPattern" type:"string"` // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` - // The ARN of an IAM role that grants CloudWatch Logs permissions to deliver - // ingested log events to the destination stream. You don't need to provide - // the ARN when you are working with a logical destination for cross-account - // delivery. RoleArn *string `locationName:"roleArn" min:"1" type:"string"` } -// String returns the string representation -func (s PutSubscriptionFilterInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubscriptionFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s PutSubscriptionFilterInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubscriptionFilter) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *PutSubscriptionFilterInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "PutSubscriptionFilterInput"} - if s.DestinationArn == nil { - invalidParams.Add(request.NewErrParamRequired("DestinationArn")) - } - if s.DestinationArn != nil && len(*s.DestinationArn) < 1 { - invalidParams.Add(request.NewErrParamMinLen("DestinationArn", 1)) - } - if s.FilterName == nil { - invalidParams.Add(request.NewErrParamRequired("FilterName")) - } - if s.FilterName != nil && len(*s.FilterName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("FilterName", 1)) - } - if s.FilterPattern == nil { - invalidParams.Add(request.NewErrParamRequired("FilterPattern")) - } - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.RoleArn != nil && len(*s.RoleArn) < 1 { - invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// SetCreationTime sets the CreationTime field's value. +func (s *SubscriptionFilter) SetCreationTime(v int64) *SubscriptionFilter { + s.CreationTime = &v + return s } // SetDestinationArn sets the DestinationArn field's value. -func (s *PutSubscriptionFilterInput) SetDestinationArn(v string) *PutSubscriptionFilterInput { +func (s *SubscriptionFilter) SetDestinationArn(v string) *SubscriptionFilter { s.DestinationArn = &v return s } // SetDistribution sets the Distribution field's value. -func (s *PutSubscriptionFilterInput) SetDistribution(v string) *PutSubscriptionFilterInput { +func (s *SubscriptionFilter) SetDistribution(v string) *SubscriptionFilter { s.Distribution = &v return s } // SetFilterName sets the FilterName field's value. -func (s *PutSubscriptionFilterInput) SetFilterName(v string) *PutSubscriptionFilterInput { +func (s *SubscriptionFilter) SetFilterName(v string) *SubscriptionFilter { s.FilterName = &v return s } // SetFilterPattern sets the FilterPattern field's value. -func (s *PutSubscriptionFilterInput) SetFilterPattern(v string) *PutSubscriptionFilterInput { +func (s *SubscriptionFilter) SetFilterPattern(v string) *SubscriptionFilter { s.FilterPattern = &v return s } // SetLogGroupName sets the LogGroupName field's value. -func (s *PutSubscriptionFilterInput) SetLogGroupName(v string) *PutSubscriptionFilterInput { +func (s *SubscriptionFilter) SetLogGroupName(v string) *SubscriptionFilter { s.LogGroupName = &v return s } // SetRoleArn sets the RoleArn field's value. -func (s *PutSubscriptionFilterInput) SetRoleArn(v string) *PutSubscriptionFilterInput { +func (s *SubscriptionFilter) SetRoleArn(v string) *SubscriptionFilter { s.RoleArn = &v return s } -type PutSubscriptionFilterOutput struct { - _ struct{} `type:"structure"` -} - -// String returns the string representation -func (s PutSubscriptionFilterOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s PutSubscriptionFilterOutput) GoString() string { - return s.String() -} - -// Reserved. -type QueryCompileError struct { +// If you are suppressing an anomaly temporariliy, this structure defines how +// long the suppression period is to be. +type SuppressionPeriod struct { _ struct{} `type:"structure"` - // Reserved. - Location *QueryCompileErrorLocation `locationName:"location" type:"structure"` + // Specifies whether the value of value is in seconds, minutes, or hours. + SuppressionUnit *string `locationName:"suppressionUnit" type:"string" enum:"SuppressionUnit"` - // Reserved. - Message *string `locationName:"message" type:"string"` + // Specifies the number of seconds, minutes or hours to suppress this anomaly. + // There is no maximum. + Value *int64 `locationName:"value" type:"integer"` } -// String returns the string representation -func (s QueryCompileError) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SuppressionPeriod) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s QueryCompileError) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SuppressionPeriod) GoString() string { return s.String() } -// SetLocation sets the Location field's value. -func (s *QueryCompileError) SetLocation(v *QueryCompileErrorLocation) *QueryCompileError { - s.Location = v +// SetSuppressionUnit sets the SuppressionUnit field's value. +func (s *SuppressionPeriod) SetSuppressionUnit(v string) *SuppressionPeriod { + s.SuppressionUnit = &v return s } -// SetMessage sets the Message field's value. -func (s *QueryCompileError) SetMessage(v string) *QueryCompileError { - s.Message = &v +// SetValue sets the Value field's value. +func (s *SuppressionPeriod) SetValue(v int64) *SuppressionPeriod { + s.Value = &v return s } -// Reserved. -type QueryCompileErrorLocation struct { - _ struct{} `type:"structure"` +// Deprecated: Please use the generic tagging API model TagResourceRequest +type TagLogGroupInput struct { + _ struct{} `deprecated:"true" type:"structure"` - // Reserved. - EndCharOffset *int64 `locationName:"endCharOffset" type:"integer"` + // The name of the log group. + // + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - // Reserved. - StartCharOffset *int64 `locationName:"startCharOffset" type:"integer"` + // The key-value pairs to use for the tags. + // + // Tags is a required field + Tags map[string]*string `locationName:"tags" min:"1" type:"map" required:"true"` } -// String returns the string representation -func (s QueryCompileErrorLocation) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagLogGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s QueryCompileErrorLocation) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagLogGroupInput) GoString() string { return s.String() } -// SetEndCharOffset sets the EndCharOffset field's value. -func (s *QueryCompileErrorLocation) SetEndCharOffset(v int64) *QueryCompileErrorLocation { - s.EndCharOffset = &v - return s -} - -// SetStartCharOffset sets the StartCharOffset field's value. -func (s *QueryCompileErrorLocation) SetStartCharOffset(v int64) *QueryCompileErrorLocation { - s.StartCharOffset = &v - return s -} - -// This structure contains details about a saved CloudWatch Logs Insights query -// definition. -type QueryDefinition struct { - _ struct{} `type:"structure"` - - // The date that the query definition was most recently modified. - LastModified *int64 `locationName:"lastModified" type:"long"` - - // If this query definition contains a list of log groups that it is limited - // to, that list appears here. - LogGroupNames []*string `locationName:"logGroupNames" type:"list"` - - // The name of the query definition. - Name *string `locationName:"name" min:"1" type:"string"` - - // The unique ID of the query definition. - QueryDefinitionId *string `locationName:"queryDefinitionId" type:"string"` - - // The query string to use for this definition. For more information, see CloudWatch - // Logs Insights Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). - QueryString *string `locationName:"queryString" min:"1" type:"string"` -} - -// String returns the string representation -func (s QueryDefinition) String() string { - return awsutil.Prettify(s) -} +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagLogGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagLogGroupInput"} + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) + } + if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } -// GoString returns the string representation -func (s QueryDefinition) GoString() string { - return s.String() + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetLastModified sets the LastModified field's value. -func (s *QueryDefinition) SetLastModified(v int64) *QueryDefinition { - s.LastModified = &v +// SetLogGroupName sets the LogGroupName field's value. +func (s *TagLogGroupInput) SetLogGroupName(v string) *TagLogGroupInput { + s.LogGroupName = &v return s } -// SetLogGroupNames sets the LogGroupNames field's value. -func (s *QueryDefinition) SetLogGroupNames(v []*string) *QueryDefinition { - s.LogGroupNames = v +// SetTags sets the Tags field's value. +func (s *TagLogGroupInput) SetTags(v map[string]*string) *TagLogGroupInput { + s.Tags = v return s } -// SetName sets the Name field's value. -func (s *QueryDefinition) SetName(v string) *QueryDefinition { - s.Name = &v - return s +type TagLogGroupOutput struct { + _ struct{} `type:"structure"` } -// SetQueryDefinitionId sets the QueryDefinitionId field's value. -func (s *QueryDefinition) SetQueryDefinitionId(v string) *QueryDefinition { - s.QueryDefinitionId = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagLogGroupOutput) String() string { + return awsutil.Prettify(s) } -// SetQueryString sets the QueryString field's value. -func (s *QueryDefinition) SetQueryString(v string) *QueryDefinition { - s.QueryString = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagLogGroupOutput) GoString() string { + return s.String() } -// Information about one CloudWatch Logs Insights query that matches the request -// in a DescribeQueries operation. -type QueryInfo struct { +type TagResourceInput struct { _ struct{} `type:"structure"` - // The date and time that this query was created. - CreateTime *int64 `locationName:"createTime" type:"long"` - - // The name of the log group scanned by this query. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` - - // The unique ID number of this query. - QueryId *string `locationName:"queryId" type:"string"` - - // The query string used in this query. - QueryString *string `locationName:"queryString" type:"string"` + // The ARN of the resource that you're adding tags to. + // + // The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name + // + // The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name + // + // For more information about ARN format, see CloudWatch Logs resources and + // operations (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html). + // + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"` - // The status of this query. Possible values are Cancelled, Complete, Failed, - // Running, Scheduled, and Unknown. - Status *string `locationName:"status" type:"string" enum:"QueryStatus"` + // The list of key-value pairs to associate with the resource. + // + // Tags is a required field + Tags map[string]*string `locationName:"tags" min:"1" type:"map" required:"true"` } -// String returns the string representation -func (s QueryInfo) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s QueryInfo) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) GoString() string { return s.String() } -// SetCreateTime sets the CreateTime field's value. -func (s *QueryInfo) SetCreateTime(v int64) *QueryInfo { - s.CreateTime = &v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *QueryInfo) SetLogGroupName(v string) *QueryInfo { - s.LogGroupName = &v +// SetResourceArn sets the ResourceArn field's value. +func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput { + s.ResourceArn = &v return s } -// SetQueryId sets the QueryId field's value. -func (s *QueryInfo) SetQueryId(v string) *QueryInfo { - s.QueryId = &v +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v map[string]*string) *TagResourceInput { + s.Tags = v return s } -// SetQueryString sets the QueryString field's value. -func (s *QueryInfo) SetQueryString(v string) *QueryInfo { - s.QueryString = &v - return s +type TagResourceOutput struct { + _ struct{} `type:"structure"` } -// SetStatus sets the Status field's value. -func (s *QueryInfo) SetStatus(v string) *QueryInfo { - s.Status = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) String() string { + return awsutil.Prettify(s) } -// Contains the number of log events scanned by the query, the number of log -// events that matched the query criteria, and the total number of bytes in -// the log events that were scanned. -type QueryStatistics struct { - _ struct{} `type:"structure"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) GoString() string { + return s.String() +} - // The total number of bytes in the log events scanned during the query. - BytesScanned *float64 `locationName:"bytesScanned" type:"double"` +type TestMetricFilterInput struct { + _ struct{} `type:"structure"` - // The number of log events that matched the query string. - RecordsMatched *float64 `locationName:"recordsMatched" type:"double"` + // A symbolic description of how CloudWatch Logs should interpret the data in + // each log event. For example, a log event can contain timestamps, IP addresses, + // strings, and so on. You use the filter pattern to specify what to look for + // in the log event message. + // + // FilterPattern is a required field + FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"` - // The total number of log events scanned during the query. - RecordsScanned *float64 `locationName:"recordsScanned" type:"double"` + // The log event messages to test. + // + // LogEventMessages is a required field + LogEventMessages []*string `locationName:"logEventMessages" min:"1" type:"list" required:"true"` } -// String returns the string representation -func (s QueryStatistics) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TestMetricFilterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s QueryStatistics) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TestMetricFilterInput) GoString() string { return s.String() } -// SetBytesScanned sets the BytesScanned field's value. -func (s *QueryStatistics) SetBytesScanned(v float64) *QueryStatistics { - s.BytesScanned = &v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *TestMetricFilterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TestMetricFilterInput"} + if s.FilterPattern == nil { + invalidParams.Add(request.NewErrParamRequired("FilterPattern")) + } + if s.LogEventMessages == nil { + invalidParams.Add(request.NewErrParamRequired("LogEventMessages")) + } + if s.LogEventMessages != nil && len(s.LogEventMessages) < 1 { + invalidParams.Add(request.NewErrParamMinLen("LogEventMessages", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetRecordsMatched sets the RecordsMatched field's value. -func (s *QueryStatistics) SetRecordsMatched(v float64) *QueryStatistics { - s.RecordsMatched = &v +// SetFilterPattern sets the FilterPattern field's value. +func (s *TestMetricFilterInput) SetFilterPattern(v string) *TestMetricFilterInput { + s.FilterPattern = &v return s } -// SetRecordsScanned sets the RecordsScanned field's value. -func (s *QueryStatistics) SetRecordsScanned(v float64) *QueryStatistics { - s.RecordsScanned = &v +// SetLogEventMessages sets the LogEventMessages field's value. +func (s *TestMetricFilterInput) SetLogEventMessages(v []*string) *TestMetricFilterInput { + s.LogEventMessages = v return s } -// Represents the rejected events. -type RejectedLogEventsInfo struct { +type TestMetricFilterOutput struct { _ struct{} `type:"structure"` - // The expired log events. - ExpiredLogEventEndIndex *int64 `locationName:"expiredLogEventEndIndex" type:"integer"` - - // The log events that are too new. - TooNewLogEventStartIndex *int64 `locationName:"tooNewLogEventStartIndex" type:"integer"` - - // The log events that are too old. - TooOldLogEventEndIndex *int64 `locationName:"tooOldLogEventEndIndex" type:"integer"` + // The matched events. + Matches []*MetricFilterMatchRecord `locationName:"matches" type:"list"` } -// String returns the string representation -func (s RejectedLogEventsInfo) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TestMetricFilterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s RejectedLogEventsInfo) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TestMetricFilterOutput) GoString() string { return s.String() } -// SetExpiredLogEventEndIndex sets the ExpiredLogEventEndIndex field's value. -func (s *RejectedLogEventsInfo) SetExpiredLogEventEndIndex(v int64) *RejectedLogEventsInfo { - s.ExpiredLogEventEndIndex = &v - return s -} - -// SetTooNewLogEventStartIndex sets the TooNewLogEventStartIndex field's value. -func (s *RejectedLogEventsInfo) SetTooNewLogEventStartIndex(v int64) *RejectedLogEventsInfo { - s.TooNewLogEventStartIndex = &v - return s -} - -// SetTooOldLogEventEndIndex sets the TooOldLogEventEndIndex field's value. -func (s *RejectedLogEventsInfo) SetTooOldLogEventEndIndex(v int64) *RejectedLogEventsInfo { - s.TooOldLogEventEndIndex = &v +// SetMatches sets the Matches field's value. +func (s *TestMetricFilterOutput) SetMatches(v []*MetricFilterMatchRecord) *TestMetricFilterOutput { + s.Matches = v return s } -// The specified resource already exists. -type ResourceAlreadyExistsException struct { +// The request was throttled because of quota limits. +type ThrottlingException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s ResourceAlreadyExistsException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThrottlingException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ResourceAlreadyExistsException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThrottlingException) GoString() string { return s.String() } -func newErrorResourceAlreadyExistsException(v protocol.ResponseMetadata) error { - return &ResourceAlreadyExistsException{ +func newErrorThrottlingException(v protocol.ResponseMetadata) error { + return &ThrottlingException{ RespMetadata: v, } } // Code returns the exception type name. -func (s *ResourceAlreadyExistsException) Code() string { - return "ResourceAlreadyExistsException" +func (s *ThrottlingException) Code() string { + return "ThrottlingException" } // Message returns the exception's message. -func (s *ResourceAlreadyExistsException) Message() string { +func (s *ThrottlingException) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -9315,55 +20245,66 @@ func (s *ResourceAlreadyExistsException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *ResourceAlreadyExistsException) OrigErr() error { +func (s *ThrottlingException) OrigErr() error { return nil } -func (s *ResourceAlreadyExistsException) Error() string { +func (s *ThrottlingException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. -func (s *ResourceAlreadyExistsException) StatusCode() int { +func (s *ThrottlingException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *ResourceAlreadyExistsException) RequestID() string { +func (s *ThrottlingException) RequestID() string { return s.RespMetadata.RequestID } -// The specified resource does not exist. -type ResourceNotFoundException struct { +// A resource can have no more than 50 tags. +type TooManyTagsException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` + + // The name of the resource. + ResourceName *string `locationName:"resourceName" min:"1" type:"string"` } -// String returns the string representation -func (s ResourceNotFoundException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyTagsException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ResourceNotFoundException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyTagsException) GoString() string { return s.String() } -func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { - return &ResourceNotFoundException{ +func newErrorTooManyTagsException(v protocol.ResponseMetadata) error { + return &TooManyTagsException{ RespMetadata: v, } } // Code returns the exception type name. -func (s *ResourceNotFoundException) Code() string { - return "ResourceNotFoundException" +func (s *TooManyTagsException) Code() string { + return "TooManyTagsException" } // Message returns the exception's message. -func (s *ResourceNotFoundException) Message() string { +func (s *TooManyTagsException) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -9371,169 +20312,64 @@ func (s *ResourceNotFoundException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *ResourceNotFoundException) OrigErr() error { +func (s *TooManyTagsException) OrigErr() error { return nil } -func (s *ResourceNotFoundException) Error() string { - return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +func (s *TooManyTagsException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) } // Status code returns the HTTP status code for the request's response error. -func (s *ResourceNotFoundException) StatusCode() int { +func (s *TooManyTagsException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *ResourceNotFoundException) RequestID() string { +func (s *TooManyTagsException) RequestID() string { return s.RespMetadata.RequestID } -// A policy enabling one or more entities to put logs to a log group in this -// account. -type ResourcePolicy struct { - _ struct{} `type:"structure"` - - // Timestamp showing when this policy was last updated, expressed as the number - // of milliseconds after Jan 1, 1970 00:00:00 UTC. - LastUpdatedTime *int64 `locationName:"lastUpdatedTime" type:"long"` - - // The details of the policy. - PolicyDocument *string `locationName:"policyDocument" min:"1" type:"string"` - - // The name of the resource policy. - PolicyName *string `locationName:"policyName" type:"string"` -} - -// String returns the string representation -func (s ResourcePolicy) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s ResourcePolicy) GoString() string { - return s.String() -} - -// SetLastUpdatedTime sets the LastUpdatedTime field's value. -func (s *ResourcePolicy) SetLastUpdatedTime(v int64) *ResourcePolicy { - s.LastUpdatedTime = &v - return s -} - -// SetPolicyDocument sets the PolicyDocument field's value. -func (s *ResourcePolicy) SetPolicyDocument(v string) *ResourcePolicy { - s.PolicyDocument = &v - return s -} - -// SetPolicyName sets the PolicyName field's value. -func (s *ResourcePolicy) SetPolicyName(v string) *ResourcePolicy { - s.PolicyName = &v - return s -} - -// Contains one field from one log event returned by a CloudWatch Logs Insights -// query, along with the value of that field. -// -// For more information about the fields that are generated by CloudWatch logs, -// see Supported Logs and Discovered Fields (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html). -type ResultField struct { - _ struct{} `type:"structure"` - - // The log event field. - Field *string `locationName:"field" type:"string"` - - // The value of this field. - Value *string `locationName:"value" type:"string"` -} - -// String returns the string representation -func (s ResultField) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s ResultField) GoString() string { - return s.String() -} - -// SetField sets the Field field's value. -func (s *ResultField) SetField(v string) *ResultField { - s.Field = &v - return s -} - -// SetValue sets the Value field's value. -func (s *ResultField) SetValue(v string) *ResultField { - s.Value = &v - return s -} - -// Represents the search status of a log stream. -type SearchedLogStream struct { - _ struct{} `type:"structure"` - - // The name of the log stream. - LogStreamName *string `locationName:"logStreamName" min:"1" type:"string"` - - // Indicates whether all the events in this log stream were searched. - SearchedCompletely *bool `locationName:"searchedCompletely" type:"boolean"` -} - -// String returns the string representation -func (s SearchedLogStream) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s SearchedLogStream) GoString() string { - return s.String() -} - -// SetLogStreamName sets the LogStreamName field's value. -func (s *SearchedLogStream) SetLogStreamName(v string) *SearchedLogStream { - s.LogStreamName = &v - return s -} - -// SetSearchedCompletely sets the SearchedCompletely field's value. -func (s *SearchedLogStream) SetSearchedCompletely(v bool) *SearchedLogStream { - s.SearchedCompletely = &v - return s -} - -// The service cannot complete the request. -type ServiceUnavailableException struct { +// The most likely cause is an Amazon Web Services access key ID or secret key +// that's not valid. +type UnrecognizedClientException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s ServiceUnavailableException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnrecognizedClientException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ServiceUnavailableException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnrecognizedClientException) GoString() string { return s.String() } -func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error { - return &ServiceUnavailableException{ +func newErrorUnrecognizedClientException(v protocol.ResponseMetadata) error { + return &UnrecognizedClientException{ RespMetadata: v, } } // Code returns the exception type name. -func (s *ServiceUnavailableException) Code() string { - return "ServiceUnavailableException" +func (s *UnrecognizedClientException) Code() string { + return "UnrecognizedClientException" } // Message returns the exception's message. -func (s *ServiceUnavailableException) Message() string { +func (s *UnrecognizedClientException) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -9541,92 +20377,71 @@ func (s *ServiceUnavailableException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *ServiceUnavailableException) OrigErr() error { +func (s *UnrecognizedClientException) OrigErr() error { return nil } -func (s *ServiceUnavailableException) Error() string { +func (s *UnrecognizedClientException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. -func (s *ServiceUnavailableException) StatusCode() int { +func (s *UnrecognizedClientException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *ServiceUnavailableException) RequestID() string { - return s.RespMetadata.RequestID -} - -type StartQueryInput struct { - _ struct{} `type:"structure"` - - // The end of the time range to query. The range is inclusive, so the specified - // end time is included in the query. Specified as epoch time, the number of - // seconds since January 1, 1970, 00:00:00 UTC. - // - // EndTime is a required field - EndTime *int64 `locationName:"endTime" type:"long" required:"true"` - - // The maximum number of log events to return in the query. If the query string - // uses the fields command, only the specified fields and their values are returned. - // The default is 1000. - Limit *int64 `locationName:"limit" min:"1" type:"integer"` - - // The log group on which to perform the query. - // - // A StartQuery operation must include a logGroupNames or a logGroupName parameter, - // but not both. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` +func (s *UnrecognizedClientException) RequestID() string { + return s.RespMetadata.RequestID +} - // The list of log groups to be queried. You can include up to 20 log groups. - // - // A StartQuery operation must include a logGroupNames or a logGroupName parameter, - // but not both. - LogGroupNames []*string `locationName:"logGroupNames" type:"list"` +// Deprecated: Please use the generic tagging API model UntagResourceRequest +type UntagLogGroupInput struct { + _ struct{} `deprecated:"true" type:"structure"` - // The query string to use. For more information, see CloudWatch Logs Insights - // Query Syntax (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html). + // The name of the log group. // - // QueryString is a required field - QueryString *string `locationName:"queryString" type:"string" required:"true"` + // LogGroupName is a required field + LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - // The beginning of the time range to query. The range is inclusive, so the - // specified start time is included in the query. Specified as epoch time, the - // number of seconds since January 1, 1970, 00:00:00 UTC. + // The tag keys. The corresponding tags are removed from the log group. // - // StartTime is a required field - StartTime *int64 `locationName:"startTime" type:"long" required:"true"` + // Tags is a required field + Tags []*string `locationName:"tags" min:"1" type:"list" required:"true"` } -// String returns the string representation -func (s StartQueryInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagLogGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StartQueryInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagLogGroupInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *StartQueryInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "StartQueryInput"} - if s.EndTime == nil { - invalidParams.Add(request.NewErrParamRequired("EndTime")) - } - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) +func (s *UntagLogGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagLogGroupInput"} + if s.LogGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("LogGroupName")) } if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) } - if s.QueryString == nil { - invalidParams.Add(request.NewErrParamRequired("QueryString")) + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) } - if s.StartTime == nil { - invalidParams.Add(request.NewErrParamRequired("StartTime")) + if s.Tags != nil && len(s.Tags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) } if invalidParams.Len() > 0 { @@ -9635,89 +20450,90 @@ func (s *StartQueryInput) Validate() error { return nil } -// SetEndTime sets the EndTime field's value. -func (s *StartQueryInput) SetEndTime(v int64) *StartQueryInput { - s.EndTime = &v - return s -} - -// SetLimit sets the Limit field's value. -func (s *StartQueryInput) SetLimit(v int64) *StartQueryInput { - s.Limit = &v - return s -} - // SetLogGroupName sets the LogGroupName field's value. -func (s *StartQueryInput) SetLogGroupName(v string) *StartQueryInput { +func (s *UntagLogGroupInput) SetLogGroupName(v string) *UntagLogGroupInput { s.LogGroupName = &v return s } -// SetLogGroupNames sets the LogGroupNames field's value. -func (s *StartQueryInput) SetLogGroupNames(v []*string) *StartQueryInput { - s.LogGroupNames = v - return s -} - -// SetQueryString sets the QueryString field's value. -func (s *StartQueryInput) SetQueryString(v string) *StartQueryInput { - s.QueryString = &v - return s -} - -// SetStartTime sets the StartTime field's value. -func (s *StartQueryInput) SetStartTime(v int64) *StartQueryInput { - s.StartTime = &v +// SetTags sets the Tags field's value. +func (s *UntagLogGroupInput) SetTags(v []*string) *UntagLogGroupInput { + s.Tags = v return s } -type StartQueryOutput struct { +type UntagLogGroupOutput struct { _ struct{} `type:"structure"` - - // The unique ID of the query. - QueryId *string `locationName:"queryId" type:"string"` } -// String returns the string representation -func (s StartQueryOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagLogGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StartQueryOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagLogGroupOutput) GoString() string { return s.String() } -// SetQueryId sets the QueryId field's value. -func (s *StartQueryOutput) SetQueryId(v string) *StartQueryOutput { - s.QueryId = &v - return s -} - -type StopQueryInput struct { +type UntagResourceInput struct { _ struct{} `type:"structure"` - // The ID number of the query to stop. To find this ID number, use DescribeQueries. + // The ARN of the CloudWatch Logs resource that you're removing tags from. // - // QueryId is a required field - QueryId *string `locationName:"queryId" type:"string" required:"true"` + // The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name + // + // The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name + // + // For more information about ARN format, see CloudWatch Logs resources and + // operations (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html). + // + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"` + + // The list of tag keys to remove from the resource. + // + // TagKeys is a required field + TagKeys []*string `locationName:"tagKeys" type:"list" required:"true"` } -// String returns the string representation -func (s StopQueryInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StopQueryInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *StopQueryInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "StopQueryInput"} - if s.QueryId == nil { - invalidParams.Add(request.NewErrParamRequired("QueryId")) +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) } if invalidParams.Len() > 0 { @@ -9726,227 +20542,225 @@ func (s *StopQueryInput) Validate() error { return nil } -// SetQueryId sets the QueryId field's value. -func (s *StopQueryInput) SetQueryId(v string) *StopQueryInput { - s.QueryId = &v +// SetResourceArn sets the ResourceArn field's value. +func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput { + s.ResourceArn = &v return s } -type StopQueryOutput struct { - _ struct{} `type:"structure"` +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} - // This is true if the query was stopped by the StopQuery operation. - Success *bool `locationName:"success" type:"boolean"` +type UntagResourceOutput struct { + _ struct{} `type:"structure"` } -// String returns the string representation -func (s StopQueryOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StopQueryOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) GoString() string { return s.String() } -// SetSuccess sets the Success field's value. -func (s *StopQueryOutput) SetSuccess(v bool) *StopQueryOutput { - s.Success = &v - return s -} - -// Represents a subscription filter. -type SubscriptionFilter struct { +type UpdateAnomalyInput struct { _ struct{} `type:"structure"` - // The creation time of the subscription filter, expressed as the number of - // milliseconds after Jan 1, 1970 00:00:00 UTC. - CreationTime *int64 `locationName:"creationTime" type:"long"` - - // The Amazon Resource Name (ARN) of the destination. - DestinationArn *string `locationName:"destinationArn" min:"1" type:"string"` - - // The method used to distribute log data to the destination, which can be either - // random or grouped by log stream. - Distribution *string `locationName:"distribution" type:"string" enum:"Distribution"` + // The ARN of the anomaly detector that this operation is to act on. + // + // AnomalyDetectorArn is a required field + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string" required:"true"` - // The name of the subscription filter. - FilterName *string `locationName:"filterName" min:"1" type:"string"` + // If you are suppressing or unsuppressing an anomaly, specify its unique ID + // here. You can find anomaly IDs by using the ListAnomalies (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAnomalies.html) + // operation. + AnomalyId *string `locationName:"anomalyId" min:"36" type:"string"` - // A symbolic description of how CloudWatch Logs should interpret the data in - // each log event. For example, a log event can contain timestamps, IP addresses, - // strings, and so on. You use the filter pattern to specify what to look for - // in the log event message. - FilterPattern *string `locationName:"filterPattern" type:"string"` + // If you are suppressing or unsuppressing an pattern, specify its unique ID + // here. You can find pattern IDs by using the ListAnomalies (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAnomalies.html) + // operation. + PatternId *string `locationName:"patternId" min:"32" type:"string"` - // The name of the log group. - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string"` + // If you are temporarily suppressing an anomaly or pattern, use this structure + // to specify how long the suppression is to last. + SuppressionPeriod *SuppressionPeriod `locationName:"suppressionPeriod" type:"structure"` - RoleArn *string `locationName:"roleArn" min:"1" type:"string"` + // Use this to specify whether the suppression to be temporary or infinite. + // If you specify LIMITED, you must also specify a suppressionPeriod. If you + // specify INFINITE, any value for suppressionPeriod is ignored. + SuppressionType *string `locationName:"suppressionType" type:"string" enum:"SuppressionType"` } -// String returns the string representation -func (s SubscriptionFilter) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAnomalyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s SubscriptionFilter) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAnomalyInput) GoString() string { return s.String() } -// SetCreationTime sets the CreationTime field's value. -func (s *SubscriptionFilter) SetCreationTime(v int64) *SubscriptionFilter { - s.CreationTime = &v - return s -} +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateAnomalyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateAnomalyInput"} + if s.AnomalyDetectorArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnomalyDetectorArn")) + } + if s.AnomalyDetectorArn != nil && len(*s.AnomalyDetectorArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AnomalyDetectorArn", 1)) + } + if s.AnomalyId != nil && len(*s.AnomalyId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("AnomalyId", 36)) + } + if s.PatternId != nil && len(*s.PatternId) < 32 { + invalidParams.Add(request.NewErrParamMinLen("PatternId", 32)) + } -// SetDestinationArn sets the DestinationArn field's value. -func (s *SubscriptionFilter) SetDestinationArn(v string) *SubscriptionFilter { - s.DestinationArn = &v - return s + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetDistribution sets the Distribution field's value. -func (s *SubscriptionFilter) SetDistribution(v string) *SubscriptionFilter { - s.Distribution = &v +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *UpdateAnomalyInput) SetAnomalyDetectorArn(v string) *UpdateAnomalyInput { + s.AnomalyDetectorArn = &v return s } -// SetFilterName sets the FilterName field's value. -func (s *SubscriptionFilter) SetFilterName(v string) *SubscriptionFilter { - s.FilterName = &v +// SetAnomalyId sets the AnomalyId field's value. +func (s *UpdateAnomalyInput) SetAnomalyId(v string) *UpdateAnomalyInput { + s.AnomalyId = &v return s } -// SetFilterPattern sets the FilterPattern field's value. -func (s *SubscriptionFilter) SetFilterPattern(v string) *SubscriptionFilter { - s.FilterPattern = &v +// SetPatternId sets the PatternId field's value. +func (s *UpdateAnomalyInput) SetPatternId(v string) *UpdateAnomalyInput { + s.PatternId = &v return s } -// SetLogGroupName sets the LogGroupName field's value. -func (s *SubscriptionFilter) SetLogGroupName(v string) *SubscriptionFilter { - s.LogGroupName = &v +// SetSuppressionPeriod sets the SuppressionPeriod field's value. +func (s *UpdateAnomalyInput) SetSuppressionPeriod(v *SuppressionPeriod) *UpdateAnomalyInput { + s.SuppressionPeriod = v return s } -// SetRoleArn sets the RoleArn field's value. -func (s *SubscriptionFilter) SetRoleArn(v string) *SubscriptionFilter { - s.RoleArn = &v +// SetSuppressionType sets the SuppressionType field's value. +func (s *UpdateAnomalyInput) SetSuppressionType(v string) *UpdateAnomalyInput { + s.SuppressionType = &v return s } -type TagLogGroupInput struct { +type UpdateAnomalyOutput struct { _ struct{} `type:"structure"` - - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` - - // The key-value pairs to use for the tags. - // - // Tags is a required field - Tags map[string]*string `locationName:"tags" min:"1" type:"map" required:"true"` } -// String returns the string representation -func (s TagLogGroupInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAnomalyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s TagLogGroupInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAnomalyOutput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *TagLogGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "TagLogGroupInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.Tags == nil { - invalidParams.Add(request.NewErrParamRequired("Tags")) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetLogGroupName sets the LogGroupName field's value. -func (s *TagLogGroupInput) SetLogGroupName(v string) *TagLogGroupInput { - s.LogGroupName = &v - return s -} - -// SetTags sets the Tags field's value. -func (s *TagLogGroupInput) SetTags(v map[string]*string) *TagLogGroupInput { - s.Tags = v - return s -} - -type TagLogGroupOutput struct { +type UpdateLogAnomalyDetectorInput struct { _ struct{} `type:"structure"` -} -// String returns the string representation -func (s TagLogGroupOutput) String() string { - return awsutil.Prettify(s) -} + // The ARN of the anomaly detector that you want to update. + // + // AnomalyDetectorArn is a required field + AnomalyDetectorArn *string `locationName:"anomalyDetectorArn" min:"1" type:"string" required:"true"` -// GoString returns the string representation -func (s TagLogGroupOutput) GoString() string { - return s.String() -} + // The number of days to use as the life cycle of anomalies. After this time, + // anomalies are automatically baselined and the anomaly detector model will + // treat new occurrences of similar event as normal. Therefore, if you do not + // correct the cause of an anomaly during this time, it will be considered normal + // going forward and will not be detected. + AnomalyVisibilityTime *int64 `locationName:"anomalyVisibilityTime" min:"7" type:"long"` -type TestMetricFilterInput struct { - _ struct{} `type:"structure"` + // Use this parameter to pause or restart the anomaly detector. + // + // Enabled is a required field + Enabled *bool `locationName:"enabled" type:"boolean" required:"true"` + + // Specifies how often the anomaly detector runs and look for anomalies. Set + // this value according to the frequency that the log group receives new logs. + // For example, if the log group receives new log events every 10 minutes, then + // setting evaluationFrequency to FIFTEEN_MIN might be appropriate. + EvaluationFrequency *string `locationName:"evaluationFrequency" type:"string" enum:"EvaluationFrequency"` // A symbolic description of how CloudWatch Logs should interpret the data in // each log event. For example, a log event can contain timestamps, IP addresses, // strings, and so on. You use the filter pattern to specify what to look for // in the log event message. - // - // FilterPattern is a required field - FilterPattern *string `locationName:"filterPattern" type:"string" required:"true"` - - // The log event messages to test. - // - // LogEventMessages is a required field - LogEventMessages []*string `locationName:"logEventMessages" min:"1" type:"list" required:"true"` + FilterPattern *string `locationName:"filterPattern" type:"string"` } -// String returns the string representation -func (s TestMetricFilterInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateLogAnomalyDetectorInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s TestMetricFilterInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateLogAnomalyDetectorInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *TestMetricFilterInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "TestMetricFilterInput"} - if s.FilterPattern == nil { - invalidParams.Add(request.NewErrParamRequired("FilterPattern")) +func (s *UpdateLogAnomalyDetectorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateLogAnomalyDetectorInput"} + if s.AnomalyDetectorArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnomalyDetectorArn")) } - if s.LogEventMessages == nil { - invalidParams.Add(request.NewErrParamRequired("LogEventMessages")) + if s.AnomalyDetectorArn != nil && len(*s.AnomalyDetectorArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AnomalyDetectorArn", 1)) } - if s.LogEventMessages != nil && len(s.LogEventMessages) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogEventMessages", 1)) + if s.AnomalyVisibilityTime != nil && *s.AnomalyVisibilityTime < 7 { + invalidParams.Add(request.NewErrParamMinValue("AnomalyVisibilityTime", 7)) + } + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) } if invalidParams.Len() > 0 { @@ -9955,72 +20769,97 @@ func (s *TestMetricFilterInput) Validate() error { return nil } -// SetFilterPattern sets the FilterPattern field's value. -func (s *TestMetricFilterInput) SetFilterPattern(v string) *TestMetricFilterInput { - s.FilterPattern = &v +// SetAnomalyDetectorArn sets the AnomalyDetectorArn field's value. +func (s *UpdateLogAnomalyDetectorInput) SetAnomalyDetectorArn(v string) *UpdateLogAnomalyDetectorInput { + s.AnomalyDetectorArn = &v return s } -// SetLogEventMessages sets the LogEventMessages field's value. -func (s *TestMetricFilterInput) SetLogEventMessages(v []*string) *TestMetricFilterInput { - s.LogEventMessages = v +// SetAnomalyVisibilityTime sets the AnomalyVisibilityTime field's value. +func (s *UpdateLogAnomalyDetectorInput) SetAnomalyVisibilityTime(v int64) *UpdateLogAnomalyDetectorInput { + s.AnomalyVisibilityTime = &v return s } -type TestMetricFilterOutput struct { - _ struct{} `type:"structure"` +// SetEnabled sets the Enabled field's value. +func (s *UpdateLogAnomalyDetectorInput) SetEnabled(v bool) *UpdateLogAnomalyDetectorInput { + s.Enabled = &v + return s +} - // The matched events. - Matches []*MetricFilterMatchRecord `locationName:"matches" type:"list"` +// SetEvaluationFrequency sets the EvaluationFrequency field's value. +func (s *UpdateLogAnomalyDetectorInput) SetEvaluationFrequency(v string) *UpdateLogAnomalyDetectorInput { + s.EvaluationFrequency = &v + return s } -// String returns the string representation -func (s TestMetricFilterOutput) String() string { - return awsutil.Prettify(s) +// SetFilterPattern sets the FilterPattern field's value. +func (s *UpdateLogAnomalyDetectorInput) SetFilterPattern(v string) *UpdateLogAnomalyDetectorInput { + s.FilterPattern = &v + return s } -// GoString returns the string representation -func (s TestMetricFilterOutput) GoString() string { - return s.String() +type UpdateLogAnomalyDetectorOutput struct { + _ struct{} `type:"structure"` } -// SetMatches sets the Matches field's value. -func (s *TestMetricFilterOutput) SetMatches(v []*MetricFilterMatchRecord) *TestMetricFilterOutput { - s.Matches = v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateLogAnomalyDetectorOutput) String() string { + return awsutil.Prettify(s) } -// The most likely cause is an invalid AWS access key ID or secret key. -type UnrecognizedClientException struct { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateLogAnomalyDetectorOutput) GoString() string { + return s.String() +} + +// One of the parameters for the request is not valid. +type ValidationException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s UnrecognizedClientException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s UnrecognizedClientException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) GoString() string { return s.String() } -func newErrorUnrecognizedClientException(v protocol.ResponseMetadata) error { - return &UnrecognizedClientException{ +func newErrorValidationException(v protocol.ResponseMetadata) error { + return &ValidationException{ RespMetadata: v, } } // Code returns the exception type name. -func (s *UnrecognizedClientException) Code() string { - return "UnrecognizedClientException" +func (s *ValidationException) Code() string { + return "ValidationException" } // Message returns the exception's message. -func (s *UnrecognizedClientException) Message() string { +func (s *ValidationException) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -10028,94 +20867,98 @@ func (s *UnrecognizedClientException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *UnrecognizedClientException) OrigErr() error { +func (s *ValidationException) OrigErr() error { return nil } -func (s *UnrecognizedClientException) Error() string { +func (s *ValidationException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. -func (s *UnrecognizedClientException) StatusCode() int { +func (s *ValidationException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *UnrecognizedClientException) RequestID() string { +func (s *ValidationException) RequestID() string { return s.RespMetadata.RequestID } -type UntagLogGroupInput struct { - _ struct{} `type:"structure"` +const ( + // AnomalyDetectorStatusInitializing is a AnomalyDetectorStatus enum value + AnomalyDetectorStatusInitializing = "INITIALIZING" - // The name of the log group. - // - // LogGroupName is a required field - LogGroupName *string `locationName:"logGroupName" min:"1" type:"string" required:"true"` + // AnomalyDetectorStatusTraining is a AnomalyDetectorStatus enum value + AnomalyDetectorStatusTraining = "TRAINING" - // The tag keys. The corresponding tags are removed from the log group. - // - // Tags is a required field - Tags []*string `locationName:"tags" min:"1" type:"list" required:"true"` -} + // AnomalyDetectorStatusAnalyzing is a AnomalyDetectorStatus enum value + AnomalyDetectorStatusAnalyzing = "ANALYZING" -// String returns the string representation -func (s UntagLogGroupInput) String() string { - return awsutil.Prettify(s) -} + // AnomalyDetectorStatusFailed is a AnomalyDetectorStatus enum value + AnomalyDetectorStatusFailed = "FAILED" -// GoString returns the string representation -func (s UntagLogGroupInput) GoString() string { - return s.String() -} + // AnomalyDetectorStatusDeleted is a AnomalyDetectorStatus enum value + AnomalyDetectorStatusDeleted = "DELETED" -// Validate inspects the fields of the type to determine if they are valid. -func (s *UntagLogGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UntagLogGroupInput"} - if s.LogGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("LogGroupName")) - } - if s.LogGroupName != nil && len(*s.LogGroupName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("LogGroupName", 1)) - } - if s.Tags == nil { - invalidParams.Add(request.NewErrParamRequired("Tags")) - } - if s.Tags != nil && len(s.Tags) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) - } + // AnomalyDetectorStatusPaused is a AnomalyDetectorStatus enum value + AnomalyDetectorStatusPaused = "PAUSED" +) - if invalidParams.Len() > 0 { - return invalidParams +// AnomalyDetectorStatus_Values returns all elements of the AnomalyDetectorStatus enum +func AnomalyDetectorStatus_Values() []string { + return []string{ + AnomalyDetectorStatusInitializing, + AnomalyDetectorStatusTraining, + AnomalyDetectorStatusAnalyzing, + AnomalyDetectorStatusFailed, + AnomalyDetectorStatusDeleted, + AnomalyDetectorStatusPaused, } - return nil } -// SetLogGroupName sets the LogGroupName field's value. -func (s *UntagLogGroupInput) SetLogGroupName(v string) *UntagLogGroupInput { - s.LogGroupName = &v - return s -} +const ( + // DataProtectionStatusActivated is a DataProtectionStatus enum value + DataProtectionStatusActivated = "ACTIVATED" -// SetTags sets the Tags field's value. -func (s *UntagLogGroupInput) SetTags(v []*string) *UntagLogGroupInput { - s.Tags = v - return s -} + // DataProtectionStatusDeleted is a DataProtectionStatus enum value + DataProtectionStatusDeleted = "DELETED" -type UntagLogGroupOutput struct { - _ struct{} `type:"structure"` -} + // DataProtectionStatusArchived is a DataProtectionStatus enum value + DataProtectionStatusArchived = "ARCHIVED" -// String returns the string representation -func (s UntagLogGroupOutput) String() string { - return awsutil.Prettify(s) + // DataProtectionStatusDisabled is a DataProtectionStatus enum value + DataProtectionStatusDisabled = "DISABLED" +) + +// DataProtectionStatus_Values returns all elements of the DataProtectionStatus enum +func DataProtectionStatus_Values() []string { + return []string{ + DataProtectionStatusActivated, + DataProtectionStatusDeleted, + DataProtectionStatusArchived, + DataProtectionStatusDisabled, + } } -// GoString returns the string representation -func (s UntagLogGroupOutput) GoString() string { - return s.String() +const ( + // DeliveryDestinationTypeS3 is a DeliveryDestinationType enum value + DeliveryDestinationTypeS3 = "S3" + + // DeliveryDestinationTypeCwl is a DeliveryDestinationType enum value + DeliveryDestinationTypeCwl = "CWL" + + // DeliveryDestinationTypeFh is a DeliveryDestinationType enum value + DeliveryDestinationTypeFh = "FH" +) + +// DeliveryDestinationType_Values returns all elements of the DeliveryDestinationType enum +func DeliveryDestinationType_Values() []string { + return []string{ + DeliveryDestinationTypeS3, + DeliveryDestinationTypeCwl, + DeliveryDestinationTypeFh, + } } // The method used to distribute log data to the destination, which can be either @@ -10136,6 +20979,38 @@ func Distribution_Values() []string { } } +const ( + // EvaluationFrequencyOneMin is a EvaluationFrequency enum value + EvaluationFrequencyOneMin = "ONE_MIN" + + // EvaluationFrequencyFiveMin is a EvaluationFrequency enum value + EvaluationFrequencyFiveMin = "FIVE_MIN" + + // EvaluationFrequencyTenMin is a EvaluationFrequency enum value + EvaluationFrequencyTenMin = "TEN_MIN" + + // EvaluationFrequencyFifteenMin is a EvaluationFrequency enum value + EvaluationFrequencyFifteenMin = "FIFTEEN_MIN" + + // EvaluationFrequencyThirtyMin is a EvaluationFrequency enum value + EvaluationFrequencyThirtyMin = "THIRTY_MIN" + + // EvaluationFrequencyOneHour is a EvaluationFrequency enum value + EvaluationFrequencyOneHour = "ONE_HOUR" +) + +// EvaluationFrequency_Values returns all elements of the EvaluationFrequency enum +func EvaluationFrequency_Values() []string { + return []string{ + EvaluationFrequencyOneMin, + EvaluationFrequencyFiveMin, + EvaluationFrequencyTenMin, + EvaluationFrequencyFifteenMin, + EvaluationFrequencyThirtyMin, + EvaluationFrequencyOneHour, + } +} + const ( // ExportTaskStatusCodeCancelled is a ExportTaskStatusCode enum value ExportTaskStatusCodeCancelled = "CANCELLED" @@ -10168,6 +21043,34 @@ func ExportTaskStatusCode_Values() []string { } } +const ( + // InheritedPropertyAccountDataProtection is a InheritedProperty enum value + InheritedPropertyAccountDataProtection = "ACCOUNT_DATA_PROTECTION" +) + +// InheritedProperty_Values returns all elements of the InheritedProperty enum +func InheritedProperty_Values() []string { + return []string{ + InheritedPropertyAccountDataProtection, + } +} + +const ( + // LogGroupClassStandard is a LogGroupClass enum value + LogGroupClassStandard = "STANDARD" + + // LogGroupClassInfrequentAccess is a LogGroupClass enum value + LogGroupClassInfrequentAccess = "INFREQUENT_ACCESS" +) + +// LogGroupClass_Values returns all elements of the LogGroupClass enum +func LogGroupClass_Values() []string { + return []string{ + LogGroupClassStandard, + LogGroupClassInfrequentAccess, + } +} + const ( // OrderByLogStreamName is a OrderBy enum value OrderByLogStreamName = "LogStreamName" @@ -10184,6 +21087,50 @@ func OrderBy_Values() []string { } } +const ( + // OutputFormatJson is a OutputFormat enum value + OutputFormatJson = "json" + + // OutputFormatPlain is a OutputFormat enum value + OutputFormatPlain = "plain" + + // OutputFormatW3c is a OutputFormat enum value + OutputFormatW3c = "w3c" + + // OutputFormatRaw is a OutputFormat enum value + OutputFormatRaw = "raw" + + // OutputFormatParquet is a OutputFormat enum value + OutputFormatParquet = "parquet" +) + +// OutputFormat_Values returns all elements of the OutputFormat enum +func OutputFormat_Values() []string { + return []string{ + OutputFormatJson, + OutputFormatPlain, + OutputFormatW3c, + OutputFormatRaw, + OutputFormatParquet, + } +} + +const ( + // PolicyTypeDataProtectionPolicy is a PolicyType enum value + PolicyTypeDataProtectionPolicy = "DATA_PROTECTION_POLICY" + + // PolicyTypeSubscriptionFilterPolicy is a PolicyType enum value + PolicyTypeSubscriptionFilterPolicy = "SUBSCRIPTION_FILTER_POLICY" +) + +// PolicyType_Values returns all elements of the PolicyType enum +func PolicyType_Values() []string { + return []string{ + PolicyTypeDataProtectionPolicy, + PolicyTypeSubscriptionFilterPolicy, + } +} + const ( // QueryStatusScheduled is a QueryStatus enum value QueryStatusScheduled = "Scheduled" @@ -10199,6 +21146,12 @@ const ( // QueryStatusCancelled is a QueryStatus enum value QueryStatusCancelled = "Cancelled" + + // QueryStatusTimeout is a QueryStatus enum value + QueryStatusTimeout = "Timeout" + + // QueryStatusUnknown is a QueryStatus enum value + QueryStatusUnknown = "Unknown" ) // QueryStatus_Values returns all elements of the QueryStatus enum @@ -10209,5 +21162,207 @@ func QueryStatus_Values() []string { QueryStatusComplete, QueryStatusFailed, QueryStatusCancelled, + QueryStatusTimeout, + QueryStatusUnknown, + } +} + +const ( + // ScopeAll is a Scope enum value + ScopeAll = "ALL" +) + +// Scope_Values returns all elements of the Scope enum +func Scope_Values() []string { + return []string{ + ScopeAll, + } +} + +const ( + // StandardUnitSeconds is a StandardUnit enum value + StandardUnitSeconds = "Seconds" + + // StandardUnitMicroseconds is a StandardUnit enum value + StandardUnitMicroseconds = "Microseconds" + + // StandardUnitMilliseconds is a StandardUnit enum value + StandardUnitMilliseconds = "Milliseconds" + + // StandardUnitBytes is a StandardUnit enum value + StandardUnitBytes = "Bytes" + + // StandardUnitKilobytes is a StandardUnit enum value + StandardUnitKilobytes = "Kilobytes" + + // StandardUnitMegabytes is a StandardUnit enum value + StandardUnitMegabytes = "Megabytes" + + // StandardUnitGigabytes is a StandardUnit enum value + StandardUnitGigabytes = "Gigabytes" + + // StandardUnitTerabytes is a StandardUnit enum value + StandardUnitTerabytes = "Terabytes" + + // StandardUnitBits is a StandardUnit enum value + StandardUnitBits = "Bits" + + // StandardUnitKilobits is a StandardUnit enum value + StandardUnitKilobits = "Kilobits" + + // StandardUnitMegabits is a StandardUnit enum value + StandardUnitMegabits = "Megabits" + + // StandardUnitGigabits is a StandardUnit enum value + StandardUnitGigabits = "Gigabits" + + // StandardUnitTerabits is a StandardUnit enum value + StandardUnitTerabits = "Terabits" + + // StandardUnitPercent is a StandardUnit enum value + StandardUnitPercent = "Percent" + + // StandardUnitCount is a StandardUnit enum value + StandardUnitCount = "Count" + + // StandardUnitBytesSecond is a StandardUnit enum value + StandardUnitBytesSecond = "Bytes/Second" + + // StandardUnitKilobytesSecond is a StandardUnit enum value + StandardUnitKilobytesSecond = "Kilobytes/Second" + + // StandardUnitMegabytesSecond is a StandardUnit enum value + StandardUnitMegabytesSecond = "Megabytes/Second" + + // StandardUnitGigabytesSecond is a StandardUnit enum value + StandardUnitGigabytesSecond = "Gigabytes/Second" + + // StandardUnitTerabytesSecond is a StandardUnit enum value + StandardUnitTerabytesSecond = "Terabytes/Second" + + // StandardUnitBitsSecond is a StandardUnit enum value + StandardUnitBitsSecond = "Bits/Second" + + // StandardUnitKilobitsSecond is a StandardUnit enum value + StandardUnitKilobitsSecond = "Kilobits/Second" + + // StandardUnitMegabitsSecond is a StandardUnit enum value + StandardUnitMegabitsSecond = "Megabits/Second" + + // StandardUnitGigabitsSecond is a StandardUnit enum value + StandardUnitGigabitsSecond = "Gigabits/Second" + + // StandardUnitTerabitsSecond is a StandardUnit enum value + StandardUnitTerabitsSecond = "Terabits/Second" + + // StandardUnitCountSecond is a StandardUnit enum value + StandardUnitCountSecond = "Count/Second" + + // StandardUnitNone is a StandardUnit enum value + StandardUnitNone = "None" +) + +// StandardUnit_Values returns all elements of the StandardUnit enum +func StandardUnit_Values() []string { + return []string{ + StandardUnitSeconds, + StandardUnitMicroseconds, + StandardUnitMilliseconds, + StandardUnitBytes, + StandardUnitKilobytes, + StandardUnitMegabytes, + StandardUnitGigabytes, + StandardUnitTerabytes, + StandardUnitBits, + StandardUnitKilobits, + StandardUnitMegabits, + StandardUnitGigabits, + StandardUnitTerabits, + StandardUnitPercent, + StandardUnitCount, + StandardUnitBytesSecond, + StandardUnitKilobytesSecond, + StandardUnitMegabytesSecond, + StandardUnitGigabytesSecond, + StandardUnitTerabytesSecond, + StandardUnitBitsSecond, + StandardUnitKilobitsSecond, + StandardUnitMegabitsSecond, + StandardUnitGigabitsSecond, + StandardUnitTerabitsSecond, + StandardUnitCountSecond, + StandardUnitNone, + } +} + +const ( + // StateActive is a State enum value + StateActive = "Active" + + // StateSuppressed is a State enum value + StateSuppressed = "Suppressed" + + // StateBaseline is a State enum value + StateBaseline = "Baseline" +) + +// State_Values returns all elements of the State enum +func State_Values() []string { + return []string{ + StateActive, + StateSuppressed, + StateBaseline, + } +} + +const ( + // SuppressionStateSuppressed is a SuppressionState enum value + SuppressionStateSuppressed = "SUPPRESSED" + + // SuppressionStateUnsuppressed is a SuppressionState enum value + SuppressionStateUnsuppressed = "UNSUPPRESSED" +) + +// SuppressionState_Values returns all elements of the SuppressionState enum +func SuppressionState_Values() []string { + return []string{ + SuppressionStateSuppressed, + SuppressionStateUnsuppressed, + } +} + +const ( + // SuppressionTypeLimited is a SuppressionType enum value + SuppressionTypeLimited = "LIMITED" + + // SuppressionTypeInfinite is a SuppressionType enum value + SuppressionTypeInfinite = "INFINITE" +) + +// SuppressionType_Values returns all elements of the SuppressionType enum +func SuppressionType_Values() []string { + return []string{ + SuppressionTypeLimited, + SuppressionTypeInfinite, + } +} + +const ( + // SuppressionUnitSeconds is a SuppressionUnit enum value + SuppressionUnitSeconds = "SECONDS" + + // SuppressionUnitMinutes is a SuppressionUnit enum value + SuppressionUnitMinutes = "MINUTES" + + // SuppressionUnitHours is a SuppressionUnit enum value + SuppressionUnitHours = "HOURS" +) + +// SuppressionUnit_Values returns all elements of the SuppressionUnit enum +func SuppressionUnit_Values() []string { + return []string{ + SuppressionUnitSeconds, + SuppressionUnitMinutes, + SuppressionUnitHours, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/doc.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/doc.go index 647d68301..bd52e9d9f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/doc.go @@ -4,42 +4,42 @@ // requests to Amazon CloudWatch Logs. // // You can use Amazon CloudWatch Logs to monitor, store, and access your log -// files from EC2 instances, AWS CloudTrail, or other sources. You can then -// retrieve the associated log data from CloudWatch Logs using the CloudWatch -// console, CloudWatch Logs commands in the AWS CLI, CloudWatch Logs API, or -// CloudWatch Logs SDK. +// files from EC2 instances, CloudTrail, and other sources. You can then retrieve +// the associated log data from CloudWatch Logs using the CloudWatch console. +// Alternatively, you can use CloudWatch Logs commands in the Amazon Web Services +// CLI, CloudWatch Logs API, or CloudWatch Logs SDK. // // You can use CloudWatch Logs to: // -// * Monitor logs from EC2 instances in real-time: You can use CloudWatch -// Logs to monitor applications and systems using log data. For example, -// CloudWatch Logs can track the number of errors that occur in your application -// logs and send you a notification whenever the rate of errors exceeds a -// threshold that you specify. CloudWatch Logs uses your log data for monitoring -// so no code changes are required. For example, you can monitor application -// logs for specific literal terms (such as "NullReferenceException") or -// count the number of occurrences of a literal term at a particular position -// in log data (such as "404" status codes in an Apache access log). When -// the term you are searching for is found, CloudWatch Logs reports the data -// to a CloudWatch metric that you specify. -// -// * Monitor AWS CloudTrail logged events: You can create alarms in CloudWatch -// and receive notifications of particular API activity as captured by CloudTrail. -// You can use the notification to perform troubleshooting. -// -// * Archive log data: You can use CloudWatch Logs to store your log data -// in highly durable storage. You can change the log retention setting so -// that any log events older than this setting are automatically deleted. -// The CloudWatch Logs agent makes it easy to quickly send both rotated and -// non-rotated log data off of a host and into the log service. You can then -// access the raw log data when you need it. +// - Monitor logs from EC2 instances in real time: You can use CloudWatch +// Logs to monitor applications and systems using log data. For example, +// CloudWatch Logs can track the number of errors that occur in your application +// logs. Then, it can send you a notification whenever the rate of errors +// exceeds a threshold that you specify. CloudWatch Logs uses your log data +// for monitoring so no code changes are required. For example, you can monitor +// application logs for specific literal terms (such as "NullReferenceException"). +// You can also count the number of occurrences of a literal term at a particular +// position in log data (such as "404" status codes in an Apache access log). +// When the term you are searching for is found, CloudWatch Logs reports +// the data to a CloudWatch metric that you specify. +// +// - Monitor CloudTrail logged events: You can create alarms in CloudWatch +// and receive notifications of particular API activity as captured by CloudTrail. +// You can use the notification to perform troubleshooting. +// +// - Archive log data: You can use CloudWatch Logs to store your log data +// in highly durable storage. You can change the log retention setting so +// that any log events earlier than this setting are automatically deleted. +// The CloudWatch Logs agent helps to quickly send both rotated and non-rotated +// log data off of a host and into the log service. You can then access the +// raw log data when you need it. // // See https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28 for more information on this service. // // See cloudwatchlogs package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/cloudwatchlogs/ // -// Using the Client +// # Using the Client // // To contact Amazon CloudWatch Logs with the SDK use the New function to create // a new service client. With that client you can make API requests to the service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go index 44e3bb576..4c4ff1b55 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/errors.go @@ -8,10 +8,25 @@ import ( const ( + // ErrCodeAccessDeniedException for service response error code + // "AccessDeniedException". + // + // You don't have sufficient permissions to perform this action. + ErrCodeAccessDeniedException = "AccessDeniedException" + + // ErrCodeConflictException for service response error code + // "ConflictException". + // + // This operation attempted to create a resource that already exists. + ErrCodeConflictException = "ConflictException" + // ErrCodeDataAlreadyAcceptedException for service response error code // "DataAlreadyAcceptedException". // // The event was already logged. + // + // PutLogEvents actions are now always accepted and never return DataAlreadyAcceptedException + // regardless of whether a given batch of log events has already been accepted. ErrCodeDataAlreadyAcceptedException = "DataAlreadyAcceptedException" // ErrCodeInvalidOperationException for service response error code @@ -31,6 +46,9 @@ const ( // // The sequence token is not valid. You can get the correct sequence token in // the expectedSequenceToken field in the InvalidSequenceTokenException message. + // + // PutLogEvents actions are now always accepted and never return InvalidSequenceTokenException + // regardless of receiving an invalid sequence token. ErrCodeInvalidSequenceTokenException = "InvalidSequenceTokenException" // ErrCodeLimitExceededException for service response error code @@ -52,7 +70,7 @@ const ( // ErrCodeOperationAbortedException for service response error code // "OperationAbortedException". // - // Multiple requests to update the same resource were in conflict. + // Multiple concurrent requests to update the same resource were in conflict. ErrCodeOperationAbortedException = "OperationAbortedException" // ErrCodeResourceAlreadyExistsException for service response error code @@ -67,20 +85,60 @@ const ( // The specified resource does not exist. ErrCodeResourceNotFoundException = "ResourceNotFoundException" + // ErrCodeServiceQuotaExceededException for service response error code + // "ServiceQuotaExceededException". + // + // This request exceeds a service quota. + ErrCodeServiceQuotaExceededException = "ServiceQuotaExceededException" + // ErrCodeServiceUnavailableException for service response error code // "ServiceUnavailableException". // // The service cannot complete the request. ErrCodeServiceUnavailableException = "ServiceUnavailableException" + // ErrCodeSessionStreamingException for service response error code + // "SessionStreamingException". + // + // his exception is returned if an unknown error occurs during a Live Tail session. + ErrCodeSessionStreamingException = "SessionStreamingException" + + // ErrCodeSessionTimeoutException for service response error code + // "SessionTimeoutException". + // + // This exception is returned in a Live Tail stream when the Live Tail session + // times out. Live Tail sessions time out after three hours. + ErrCodeSessionTimeoutException = "SessionTimeoutException" + + // ErrCodeThrottlingException for service response error code + // "ThrottlingException". + // + // The request was throttled because of quota limits. + ErrCodeThrottlingException = "ThrottlingException" + + // ErrCodeTooManyTagsException for service response error code + // "TooManyTagsException". + // + // A resource can have no more than 50 tags. + ErrCodeTooManyTagsException = "TooManyTagsException" + // ErrCodeUnrecognizedClientException for service response error code // "UnrecognizedClientException". // - // The most likely cause is an invalid AWS access key ID or secret key. + // The most likely cause is an Amazon Web Services access key ID or secret key + // that's not valid. ErrCodeUnrecognizedClientException = "UnrecognizedClientException" + + // ErrCodeValidationException for service response error code + // "ValidationException". + // + // One of the parameters for the request is not valid. + ErrCodeValidationException = "ValidationException" ) var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "AccessDeniedException": newErrorAccessDeniedException, + "ConflictException": newErrorConflictException, "DataAlreadyAcceptedException": newErrorDataAlreadyAcceptedException, "InvalidOperationException": newErrorInvalidOperationException, "InvalidParameterException": newErrorInvalidParameterException, @@ -90,6 +148,12 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "OperationAbortedException": newErrorOperationAbortedException, "ResourceAlreadyExistsException": newErrorResourceAlreadyExistsException, "ResourceNotFoundException": newErrorResourceNotFoundException, + "ServiceQuotaExceededException": newErrorServiceQuotaExceededException, "ServiceUnavailableException": newErrorServiceUnavailableException, + "SessionStreamingException": newErrorSessionStreamingException, + "SessionTimeoutException": newErrorSessionTimeoutException, + "ThrottlingException": newErrorThrottlingException, + "TooManyTagsException": newErrorTooManyTagsException, "UnrecognizedClientException": newErrorUnrecognizedClientException, + "ValidationException": newErrorValidationException, } diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go index 41520eda9..d6d00aeb4 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudwatchlogs/service.go @@ -40,33 +40,39 @@ const ( // aws.Config parameter to add your extra config. // // Example: -// mySession := session.Must(session.NewSession()) // -// // Create a CloudWatchLogs client from just a session. -// svc := cloudwatchlogs.New(mySession) +// mySession := session.Must(session.NewSession()) // -// // Create a CloudWatchLogs client with additional configuration -// svc := cloudwatchlogs.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +// // Create a CloudWatchLogs client from just a session. +// svc := cloudwatchlogs.New(mySession) +// +// // Create a CloudWatchLogs client with additional configuration +// svc := cloudwatchlogs.New(mySession, aws.NewConfig().WithRegion("us-west-2")) func New(p client.ConfigProvider, cfgs ...*aws.Config) *CloudWatchLogs { c := p.ClientConfig(EndpointsID, cfgs...) - return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = EndpointsID + // No Fallback + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } // newClient creates, initializes and returns a new service client instance. -func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *CloudWatchLogs { +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *CloudWatchLogs { svc := &CloudWatchLogs{ Client: client.New( cfg, metadata.ClientInfo{ - ServiceName: ServiceName, - ServiceID: ServiceID, - SigningName: signingName, - SigningRegion: signingRegion, - PartitionID: partitionID, - Endpoint: endpoint, - APIVersion: "2014-03-28", - JSONVersion: "1.1", - TargetPrefix: "Logs_20140328", + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2014-03-28", + ResolvedRegion: resolvedRegion, + JSONVersion: "1.1", + TargetPrefix: "Logs_20140328", }, handlers, ), @@ -81,6 +87,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), ) + svc.Handlers.BuildStream.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.UnmarshalStream.PushBackNamed(jsonrpc.UnmarshalHandler) + // Run custom client initialization if present if initClient != nil { initClient(svc.Client) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 8e2aae8e5..30d4752cd 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -29,14 +29,13 @@ const opCancelKeyDeletion = "CancelKeyDeletion" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CancelKeyDeletionRequest method. +// req, resp := client.CancelKeyDeletionRequest(params) // -// // Example sending a request using the CancelKeyDeletionRequest method. -// req, resp := client.CancelKeyDeletionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *request.Request, output *CancelKeyDeletionOutput) { @@ -57,17 +56,27 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // CancelKeyDeletion API operation for AWS Key Management Service. // -// Cancels the deletion of a customer master key (CMK). When this operation -// succeeds, the key state of the CMK is Disabled. To enable the CMK, use EnableKey. -// You cannot perform this operation on a CMK in a different AWS account. +// Cancels the deletion of a KMS key. When this operation succeeds, the key +// state of the KMS key is Disabled. To enable the KMS key, use EnableKey. +// +// For more information about scheduling and canceling deletion of a KMS key, +// see Deleting KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the Key Management Service Developer Guide. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // -// For more information about scheduling and canceling deletion of a CMK, see -// Deleting Customer Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) -// in the AWS Key Management Service Developer Guide. +// Required permissions: kms:CancelKeyDeletion (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Related operations: ScheduleKeyDeletion +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -77,29 +86,38 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // API operation CancelKeyDeletion for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { @@ -139,14 +157,13 @@ const opConnectCustomKeyStore = "ConnectCustomKeyStore" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ConnectCustomKeyStoreRequest method. +// req, resp := client.ConnectCustomKeyStoreRequest(params) // -// // Example sending a request using the ConnectCustomKeyStoreRequest method. -// req, resp := client.ConnectCustomKeyStoreRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (req *request.Request, output *ConnectCustomKeyStoreOutput) { @@ -169,32 +186,26 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // ConnectCustomKeyStore API operation for AWS Key Management Service. // // Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// to its associated AWS CloudHSM cluster. -// -// The custom key store must be connected before you can create customer master -// keys (CMKs) in the key store or use the CMKs it contains. You can disconnect -// and reconnect a custom key store at any time. -// -// To connect a custom key store, its associated AWS CloudHSM cluster must have -// at least one active HSM. To get the number of active HSMs in a cluster, use -// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) -// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// (CU) must not be logged into the cluster. This prevents AWS KMS from using -// this account to log in. -// -// The connection process can take an extended amount of time to complete; up -// to 20 minutes. This operation starts the connection process, but it does -// not wait for it to complete. When it succeeds, this operation quickly returns -// an HTTP 200 response and a JSON object with no properties. However, this -// response does not indicate that the custom key store is connected. To get -// the connection state of the custom key store, use the DescribeCustomKeyStores +// to its backing key store. For an CloudHSM key store, ConnectCustomKeyStore +// connects the key store to its associated CloudHSM cluster. For an external +// key store, ConnectCustomKeyStore connects the key store to the external key +// store proxy that communicates with your external key manager. +// +// The custom key store must be connected before you can create KMS keys in +// the key store or use the KMS keys it contains. You can disconnect and reconnect +// a custom key store at any time. +// +// The connection process for a custom key store can take an extended amount +// of time to complete. This operation starts the connection process, but it +// does not wait for it to complete. When it succeeds, this operation quickly +// returns an HTTP 200 response and a JSON object with no properties. However, +// this response does not indicate that the custom key store is connected. To +// get the connection state of the custom key store, use the DescribeCustomKeyStores // operation. // -// During the connection process, AWS KMS finds the AWS CloudHSM cluster that -// is associated with the custom key store, creates the connection infrastructure, -// connects to the cluster, logs into the AWS CloudHSM client as the kmsuser -// CU, and rotates its password. +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. // // The ConnectCustomKeyStore operation might fail for various reasons. To find // the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode @@ -204,9 +215,66 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // the custom key store, correct the error, use the UpdateCustomKeyStore operation // if necessary, and then use ConnectCustomKeyStore again. // -// If you are having trouble connecting or disconnecting a custom key store, -// see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// in the AWS Key Management Service Developer Guide. +// # CloudHSM key store +// +// During the connection process for an CloudHSM key store, KMS finds the CloudHSM +// cluster that is associated with the custom key store, creates the connection +// infrastructure, connects to the cluster, logs into the CloudHSM client as +// the kmsuser CU, and rotates its password. +// +// To connect an CloudHSM key store, its associated CloudHSM cluster must have +// at least one active HSM. To get the number of active HSMs in a cluster, use +// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) +// (CU) must not be logged into the cluster. This prevents KMS from using this +// account to log in. +// +// If you are having trouble connecting or disconnecting a CloudHSM key store, +// see Troubleshooting an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the Key Management Service Developer Guide. +// +// # External key store +// +// When you connect an external key store that uses public endpoint connectivity, +// KMS tests its ability to communicate with your external key manager by sending +// a request via the external key store proxy. +// +// When you connect to an external key store that uses VPC endpoint service +// connectivity, KMS establishes the networking elements that it needs to communicate +// with your external key manager via the external key store proxy. This includes +// creating an interface endpoint to the VPC endpoint service and a private +// hosted zone for traffic between KMS and the VPC endpoint service. +// +// To connect an external key store, KMS must be able to connect to the external +// key store proxy, the external key store proxy must be able to communicate +// with your external key manager, and the external key manager must be available +// for cryptographic operations. +// +// If you are having trouble connecting or disconnecting an external key store, +// see Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different Amazon Web Services account. +// +// Required permissions: kms:ConnectCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations +// +// - CreateCustomKeyStore +// +// - DeleteCustomKeyStore +// +// - DescribeCustomKeyStores +// +// - DisconnectCustomKeyStore +// +// - UpdateCustomKeyStore +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -216,71 +284,80 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // API operation ConnectCustomKeyStore for usage and error information. // // Returned Error Types: -// * CloudHsmClusterNotActiveException -// The request was rejected because the AWS CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. -// -// * CustomKeyStoreInvalidStateException -// The request was rejected because of the ConnectionState of the custom key -// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores -// operation. -// -// This exception is thrown under the following conditions: -// -// * You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. -// -// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation -// on a custom key store that is not disconnected. This operation is valid -// only when the custom key store ConnectionState is DISCONNECTED. -// -// * You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. -// -// * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with -// the specified key store name or ID. -// -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. -// -// * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. -// -// * The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. -// -// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// (cloudhsm-cluster--sg) must include inbound rules and outbound -// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound -// rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) -// operation. -// -// * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. -// -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, -// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// +// - CloudHsmClusterNotActiveException +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// in the CloudHSM User Guide. +// +// - CustomKeyStoreInvalidStateException +// The request was rejected because of the ConnectionState of the custom key +// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores +// operation. +// +// This exception is thrown under the following conditions: +// +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. +// +// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. +// +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. +// +// - CustomKeyStoreNotFoundException +// The request was rejected because KMS cannot find a custom key store with +// the specified key store name or ID. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - CloudHsmClusterInvalidConfigurationException +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for an CloudHSM key store. +// +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. +// +// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster--sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an CloudHSM cluster that is associated +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore func (c *KMS) ConnectCustomKeyStore(input *ConnectCustomKeyStoreInput) (*ConnectCustomKeyStoreOutput, error) { @@ -320,14 +397,13 @@ const opCreateAlias = "CreateAlias" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateAliasRequest method. +// req, resp := client.CreateAliasRequest(params) // -// // Example sending a request using the CreateAliasRequest method. -// req, resp := client.CreateAliasRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) { @@ -349,71 +425,59 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // CreateAlias API operation for AWS Key Management Service. // -// Creates a display name for a customer managed customer master key (CMK). -// You can use an alias to identify a CMK in cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), -// such as Encrypt and GenerateDataKey. You can change the CMK associated with -// the alias at any time. +// Creates a friendly name for a KMS key. +// +// Adding, deleting, or updating an alias can allow or deny permission to the +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. +// +// You can use an alias to identify a KMS key in the KMS console, in the DescribeKey +// operation and in cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), +// such as Encrypt and GenerateDataKey. You can also change the KMS key that's +// associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) +// at any time. These operations don't affect the underlying KMS key. // -// Aliases are easier to remember than key IDs. They can also help to simplify -// your applications. For example, if you use an alias in your code, you can -// change the CMK your code uses by associating a given alias with a different -// CMK. +// You can associate the alias with any customer managed key in the same Amazon +// Web Services Region. Each alias is associated with only one KMS key at a +// time, but a KMS key can have multiple aliases. A valid KMS key is required. +// You can't create an alias without a KMS key. // -// To run the same code in multiple AWS regions, use an alias in your code, -// such as alias/ApplicationKey. Then, in each AWS Region, create an alias/ApplicationKey -// alias that is associated with a CMK in that Region. When you run your code, -// it uses the alias/ApplicationKey CMK for that AWS Region without any Region-specific -// code. +// The alias must be unique in the account and Region, but you can have aliases +// with the same name in different Regions. For detailed information about aliases, +// see Using aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) +// in the Key Management Service Developer Guide. // // This operation does not return a response. To get the alias that you created, // use the ListAliases operation. // -// To use aliases successfully, be aware of the following information. -// -// * Each alias points to only one CMK at a time, although a single CMK can -// have multiple aliases. The alias and its associated CMK must be in the -// same AWS account and Region. -// -// * You can associate an alias with any customer managed CMK in the same -// AWS account and Region. However, you do not have permission to associate -// an alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) -// or an AWS owned CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk). -// -// * To change the CMK associated with an alias, use the UpdateAlias operation. -// The current CMK and the new CMK must be the same type (both symmetric -// or both asymmetric) and they must have the same key usage (ENCRYPT_DECRYPT -// or SIGN_VERIFY). This restriction prevents cryptographic errors in code -// that uses aliases. -// -// * The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. -// It can contain only alphanumeric characters, forward slashes (/), underscores -// (_), and dashes (-). The alias name cannot begin with alias/aws/. The -// alias/aws/ prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). -// -// * The alias name must be unique within an AWS Region. However, you can -// use the same alias name in multiple Regions of the same AWS account. Each -// instance of the alias is associated with a CMK in its Region. -// -// * After you create an alias, you cannot change its alias name. However, -// you can use the DeleteAlias operation to delete the alias and then create -// a new alias with the desired name. -// -// * You can use an alias name or alias ARN to identify a CMK in AWS KMS -// cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) -// and in the DescribeKey operation. However, you cannot use alias names -// or alias ARNs in API operations that manage CMKs, such as DisableKey or -// GetKeyPolicy. For information about the valid CMK identifiers for each -// AWS KMS API operation, see the descriptions of the KeyId parameter in -// the API operation documentation. -// -// Because an alias is not a property of a CMK, you can delete and change the -// aliases of a CMK without affecting the CMK. Also, aliases do not appear in -// the response from the DescribeKey operation. To get the aliases and alias -// ARNs of CMKs in each AWS account and Region, use the ListAliases operation. -// -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on an alias in a +// different Amazon Web Services account. +// +// Required permissions +// +// - kms:CreateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the alias (IAM policy). +// +// - kms:CreateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the KMS key (key policy). +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the Key Management Service Developer Guide. +// +// Related operations: +// +// - DeleteAlias +// +// - ListAliases +// +// - UpdateAlias +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -423,37 +487,46 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // API operation CreateAlias for usage and error information. // // Returned Error Types: -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. // -// * AlreadyExistsException -// The request was rejected because it attempted to create a resource that already -// exists. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - AlreadyExistsException +// The request was rejected because it attempted to create a resource that already +// exists. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InvalidAliasNameException +// The request was rejected because the specified alias name is not valid. // -// * InvalidAliasNameException -// The request was rejected because the specified alias name is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. // -// * LimitExceededException -// The request was rejected because a quota was exceeded. For more information, -// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { @@ -493,14 +566,13 @@ const opCreateCustomKeyStore = "CreateCustomKeyStore" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateCustomKeyStoreRequest method. +// req, resp := client.CreateCustomKeyStoreRequest(params) // -// // Example sending a request using the CreateCustomKeyStoreRequest method. -// req, resp := client.CreateCustomKeyStoreRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req *request.Request, output *CreateCustomKeyStoreOutput) { @@ -522,28 +594,87 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // CreateCustomKeyStore API operation for AWS Key Management Service. // // Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// that is associated with an AWS CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) -// that you own and manage. -// -// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. -// -// Before you create the custom key store, you must assemble the required elements, -// including an AWS CloudHSM cluster that fulfills the requirements for a custom -// key store. For details about the required elements, see Assemble the Prerequisites -// (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. +// backed by a key store that you own and manage. When you use a KMS key in +// a custom key store for a cryptographic operation, the cryptographic operation +// is actually performed in your key store using your keys. KMS supports CloudHSM +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html) +// backed by an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) +// and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html) +// backed by an external key store proxy and external key manager outside of +// Amazon Web Services. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. +// +// Before you create the custom key store, the required elements must be in +// place and operational. We recommend that you use the test tools that KMS +// provides to verify the configuration your external key store proxy. For details +// about the required elements and verification tests, see Assemble the prerequisites +// (for CloudHSM key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// or Assemble the prerequisites (for external key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements) +// in the Key Management Service Developer Guide. +// +// To create a custom key store, use the following parameters. +// +// - To create an CloudHSM key store, specify the CustomKeyStoreName, CloudHsmClusterId, +// KeyStorePassword, and TrustAnchorCertificate. The CustomKeyStoreType parameter +// is optional for CloudHSM key stores. If you include it, set it to the +// default value, AWS_CLOUDHSM. For help with failures, see Troubleshooting +// an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the Key Management Service Developer Guide. +// +// - To create an external key store, specify the CustomKeyStoreName and +// a CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values for XksProxyConnectivity, +// XksProxyAuthenticationCredential, XksProxyUriEndpoint, and XksProxyUriPath. +// If your XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify the +// XksProxyVpcEndpointServiceName parameter. For help with failures, see +// Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html) +// in the Key Management Service Developer Guide. +// +// For external key stores: +// +// Some external key managers provide a simpler method for creating an external +// key store. For details, see your external key manager documentation. +// +// When creating an external key store in the KMS console, you can upload a +// JSON-based proxy configuration file with the desired values. You cannot use +// a proxy configuration with the CreateCustomKeyStore operation. However, you +// can use the values in the file to help you determine the correct values for +// the CreateCustomKeyStore parameters. // // When the operation completes successfully, it returns the ID of the new custom // key store. Before you can use your new custom key store, you need to use -// the ConnectCustomKeyStore operation to connect the new key store to its AWS -// CloudHSM cluster. Even if you are not going to use your custom key store -// immediately, you might want to connect it to verify that all settings are -// correct and then disconnect it until you are ready to use it. +// the ConnectCustomKeyStore operation to connect a new CloudHSM key store to +// its CloudHSM cluster, or to connect a new external key store to the external +// key store proxy for your external key manager. Even if you are not going +// to use your custom key store immediately, you might want to connect it to +// verify that all settings are correct and then disconnect it until you are +// ready to use it. +// +// For help with failures, see Troubleshooting a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different Amazon Web Services account. +// +// Required permissions: kms:CreateCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy). +// +// Related operations: +// +// - ConnectCustomKeyStore +// +// - DeleteCustomKeyStore +// +// - DescribeCustomKeyStores +// +// - DisconnectCustomKeyStore // -// For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// in the AWS Key Management Service Developer Guide. +// - UpdateCustomKeyStore +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -553,76 +684,139 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // API operation CreateCustomKeyStore for usage and error information. // // Returned Error Types: -// * CloudHsmClusterInUseException -// The request was rejected because the specified AWS CloudHSM cluster is already -// associated with a custom key store or it shares a backup history with a cluster -// that is associated with a custom key store. Each custom key store must be -// associated with a different AWS CloudHSM cluster. -// -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) -// operation. -// -// * CustomKeyStoreNameInUseException -// The request was rejected because the specified custom key store name is already -// assigned to another custom key store in the account. Try again with a custom -// key store name that is unique in the account. -// -// * CloudHsmClusterNotFoundException -// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster -// with the specified cluster ID. Retry the request with a different cluster -// ID. -// -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. -// -// * CloudHsmClusterNotActiveException -// The request was rejected because the AWS CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. -// -// * IncorrectTrustAnchorException -// The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified AWS CloudHSM cluster. -// -// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), -// you create the trust anchor certificate and save it in the customerCA.crt -// file. -// -// * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. -// -// * The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. -// -// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// (cloudhsm-cluster--sg) must include inbound rules and outbound -// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound -// rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) -// operation. -// -// * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. -// -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, -// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// +// - CloudHsmClusterInUseException +// The request was rejected because the specified CloudHSM cluster is already +// associated with an CloudHSM key store in the account, or it shares a backup +// history with an CloudHSM key store in the account. Each CloudHSM key store +// in the account must be associated with a different CloudHSM cluster. +// +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. +// +// - CustomKeyStoreNameInUseException +// The request was rejected because the specified custom key store name is already +// assigned to another custom key store in the account. Try again with a custom +// key store name that is unique in the account. +// +// - CloudHsmClusterNotFoundException +// The request was rejected because KMS cannot find the CloudHSM cluster with +// the specified cluster ID. Retry the request with a different cluster ID. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - CloudHsmClusterNotActiveException +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// in the CloudHSM User Guide. +// +// - IncorrectTrustAnchorException +// The request was rejected because the trust anchor certificate in the request +// to create an CloudHSM key store is not the trust anchor certificate for the +// specified CloudHSM cluster. +// +// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// you create the trust anchor certificate and save it in the customerCA.crt +// file. +// +// - CloudHsmClusterInvalidConfigurationException +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for an CloudHSM key store. +// +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. +// +// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster--sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an CloudHSM cluster that is associated +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the CloudHSM User Guide . +// +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. +// +// - XksProxyUriInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with another external key store +// in this Amazon Web Services Region. Each external key store in a Region must +// use a unique external key store proxy API address. +// +// - XksProxyUriEndpointInUseException +// The request was rejected because the XksProxyUriEndpoint is already associated +// with another external key store in this Amazon Web Services Region. To identify +// the cause, see the error message that accompanies the exception. +// +// - XksProxyUriUnreachableException +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +// +// - XksProxyIncorrectAuthenticationCredentialException +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +// +// - XksProxyVpcEndpointServiceInUseException +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with another external key store in this Amazon Web +// Services Region. Each external key store in a Region must use a different +// Amazon VPC endpoint service. +// +// - XksProxyVpcEndpointServiceNotFoundException +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +// +// - XksProxyVpcEndpointServiceInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store. To identify +// the cause, see the error message that accompanies the exception and review +// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +// +// - XksProxyInvalidResponseException +// +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +// +// - XksProxyInvalidConfigurationException +// The request was rejected because the external key store proxy is not configured +// correctly. To identify the cause, see the error message that accompanies +// the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { @@ -662,14 +856,13 @@ const opCreateGrant = "CreateGrant" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateGrantRequest method. +// req, resp := client.CreateGrantRequest(params) // -// // Example sending a request using the CreateGrantRequest method. -// req, resp := client.CreateGrantRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, output *CreateGrantOutput) { @@ -690,49 +883,60 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // CreateGrant API operation for AWS Key Management Service. // -// Adds a grant to a customer master key (CMK). The grant allows the grantee -// principal to use the CMK when the conditions specified in the grant are met. -// When setting permissions, grants are an alternative to key policies. +// Adds a grant to a KMS key. +// +// A grant is a policy instrument that allows Amazon Web Services principals +// to use KMS keys in cryptographic operations. It also can allow them to view +// a KMS key (DescribeKey) and create and manage grants. When authorizing access +// to a KMS key, grants are considered along with key policies and IAM policies. +// Grants are often used for temporary permissions because you can create one, +// use its permissions, and delete it without changing your key policies or +// IAM policies. +// +// For detailed information about grants, including grant terminology, see Grants +// in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). +// +// The CreateGrant operation returns a GrantToken and a GrantId. +// +// - When you create, retire, or revoke a grant, there might be a brief delay, +// usually less than five minutes, until the grant is available throughout +// KMS. This state is known as eventual consistency. Once the grant has achieved +// eventual consistency, the grantee principal can use the permissions in +// the grant without identifying the grant. However, to use the permissions +// in the grant immediately, use the GrantToken that CreateGrant returns. +// For details, see Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) +// in the Key Management Service Developer Guide . +// +// - The CreateGrant operation also returns a GrantId. You can use the GrantId +// and a key identifier to identify the grant in the RetireGrant and RevokeGrant +// operations. To find the grant ID, use the ListGrants or ListRetirableGrants +// operations. // -// To create a grant that allows a cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) -// only when the request includes a particular encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context), -// use the Constraints parameter. For details, see GrantConstraints. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// You can create grants on symmetric and asymmetric CMKs. However, if the grant -// allows an operation that the CMK does not support, CreateGrant fails with -// a ValidationException. +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. // -// * Grants for symmetric CMKs cannot allow operations that are not supported -// for symmetric CMKs, including Sign, Verify, and GetPublicKey. (There are -// limited exceptions to this rule for legacy operations, but you should -// not create a grant for an operation that AWS KMS does not support.) +// Required permissions: kms:CreateGrant (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) // -// * Grants for asymmetric CMKs cannot allow operations that are not supported -// for asymmetric CMKs, including operations that generate data keys (https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey) -// or data key pairs (https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPair), -// or operations related to automatic key rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html), -// imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), -// or CMKs in custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// Related operations: // -// * Grants for asymmetric CMKs with a KeyUsage of ENCRYPT_DECRYPT cannot -// allow the Sign or Verify operations. Grants for asymmetric CMKs with a -// KeyUsage of SIGN_VERIFY cannot allow the Encrypt or Decrypt operations. +// - ListGrants // -// * Grants for asymmetric CMKs cannot include an encryption context grant -// constraint. An encryption context is not supported on asymmetric CMKs. +// - ListRetirableGrants // -// For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// - RetireGrant // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. For more information about grants, -// see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) -// in the AWS Key Management Service Developer Guide . +// - RevokeGrant // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -742,40 +946,52 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // API operation CreateGrant for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * LimitExceededException -// The request was rejected because a quota was exceeded. For more information, -// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { @@ -815,14 +1031,13 @@ const opCreateKey = "CreateKey" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateKeyRequest method. +// req, resp := client.CreateKeyRequest(params) // -// // Example sending a request using the CreateKeyRequest method. -// req, resp := client.CreateKeyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { @@ -843,68 +1058,188 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // CreateKey API operation for AWS Key Management Service. // -// Creates a unique customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master-keys) -// (CMK) in your AWS account and Region. You cannot use this operation to create -// a CMK in a different AWS account. -// -// You can use the CreateKey operation to create symmetric or asymmetric CMKs. -// -// * Symmetric CMKs contain a 256-bit symmetric key that never leaves AWS -// KMS unencrypted. To use the CMK, you must call AWS KMS. You can use a -// symmetric CMK to encrypt and decrypt small amounts of data, but they are -// typically used to generate data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) -// and data keys pairs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-key-pairs). -// For details, see GenerateDataKey and GenerateDataKeyPair. -// -// * Asymmetric CMKs can contain an RSA key pair or an Elliptic Curve (ECC) -// key pair. The private key in an asymmetric CMK never leaves AWS KMS unencrypted. -// However, you can use the GetPublicKey operation to download the public -// key so it can be used outside of AWS KMS. CMKs with RSA key pairs can -// be used to encrypt or decrypt data or sign and verify messages (but not -// both). CMKs with ECC key pairs can be used only to sign and verify messages. +// Creates a unique customer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys) +// in your Amazon Web Services account and Region. You can use a KMS key in +// cryptographic operations, such as encryption and signing. Some Amazon Web +// Services services let you use KMS keys that you create and manage to protect +// your service resources. +// +// A KMS key is a logical representation of a cryptographic key. In addition +// to the key material used in cryptographic operations, a KMS key includes +// metadata, such as the key ID, key policy, creation date, description, and +// key state. For details, see Managing keys (https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html) +// in the Key Management Service Developer Guide +// +// Use the parameters of CreateKey to specify the type of KMS key, the source +// of its key material, its key policy, description, tags, and other properties. +// +// KMS has replaced the term customer master key (CMK) with KMS key and KMS +// key. The concept has not changed. To prevent breaking changes, KMS is keeping +// some variations of this term. +// +// To create different types of KMS keys, use the following guidance: +// +// # Symmetric encryption KMS key +// +// By default, CreateKey creates a symmetric encryption KMS key with key material +// that KMS generates. This is the basic and most widely used type of KMS key, +// and provides the best performance. +// +// To create a symmetric encryption KMS key, you don't need to specify any parameters. +// The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, +// ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric +// encryption KMS key with KMS key material. +// +// If you need a key for basic encryption and decryption or you are creating +// a KMS key to protect your resources in an Amazon Web Services service, create +// a symmetric encryption KMS key. The key material in a symmetric encryption +// key never leaves KMS unencrypted. You can use a symmetric encryption KMS +// key to encrypt and decrypt data up to 4,096 bytes, but they are typically +// used to generate data keys and data keys pairs. For details, see GenerateDataKey +// and GenerateDataKeyPair. +// +// # Asymmetric KMS keys +// +// To create an asymmetric KMS key, use the KeySpec parameter to specify the +// type of key material in the KMS key. Then, use the KeyUsage parameter to +// determine whether the KMS key will be used to encrypt and decrypt or sign +// and verify. You can't change these properties after the KMS key is created. +// +// Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, +// or an SM2 key pair (China Regions only). The private key in an asymmetric +// KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey +// operation to download the public key so it can be used outside of KMS. Each +// KMS key can have only one key usage. KMS keys with RSA key pairs can be used +// to encrypt and decrypt data or sign and verify messages (but not both). KMS +// keys with NIST-recommended ECC key pairs can be used to sign and verify messages +// or derive shared secrets (but not both). KMS keys with ECC_SECG_P256K1 can +// be used only to sign and verify messages. KMS keys with SM2 key pairs (China +// Regions only) can be used to either encrypt and decrypt data, sign and verify +// messages, or derive shared secrets (you must choose one key usage type). +// For information about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. +// +// # HMAC KMS key +// +// To create an HMAC KMS key, set the KeySpec parameter to a key spec value +// for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. +// You must set the key usage even though GENERATE_VERIFY_MAC is the only valid +// key usage value for HMAC KMS keys. You can't change these properties after +// the KMS key is created. +// +// HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can +// use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes +// for messages up to 4096 bytes. +// +// # Multi-Region primary keys +// +// # Imported key material +// +// To create a multi-Region primary key in the local Amazon Web Services Region, +// use the MultiRegion parameter with a value of True. To create a multi-Region +// replica key, that is, a KMS key with the same key ID and key material as +// a primary key, but in a different Amazon Web Services Region, use the ReplicateKey +// operation. To change a replica key to a primary key, and its primary key +// to a replica key, use the UpdatePrimaryRegion operation. +// +// You can create multi-Region KMS keys for all supported KMS key types: symmetric +// encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric +// signing KMS keys. You can also create multi-Region keys with imported key +// material. However, you can't create multi-Region keys in a custom key store. +// +// This operation supports multi-Region keys, an KMS feature that lets you create +// multiple interoperable KMS keys in different Amazon Web Services Regions. +// Because these KMS keys have the same key ID, key material, and other metadata, +// you can use them interchangeably to encrypt data in one Amazon Web Services +// Region and decrypt it in a different Amazon Web Services Region without re-encrypting +// the data or making a cross-Region call. For more information about multi-Region +// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the Key Management Service Developer Guide. +// +// To import your own key material into a KMS key, begin by creating a KMS key +// with no key material. To do this, use the Origin parameter of CreateKey with +// a value of EXTERNAL. Next, use GetParametersForImport operation to get a +// public key and import token. Use the wrapping public key to encrypt your +// key material. Then, use ImportKeyMaterial with your import token to import +// the key material. For step-by-step instructions, see Importing Key Material +// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the Key Management Service Developer Guide . +// +// You can import key material into KMS keys of all supported KMS key types: +// symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, +// and asymmetric signing KMS keys. You can also create multi-Region keys with +// imported key material. However, you can't import key material into a KMS +// key in a custom key store. +// +// To create a multi-Region primary key with imported key material, use the +// Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion +// parameter with a value of True. To create replicas of the multi-Region primary +// key, use the ReplicateKey operation. For instructions, see Importing key +// material into multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html). +// For more information about multi-Region keys, see Multi-Region keys in KMS +// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the Key Management Service Developer Guide. +// +// # Custom key store +// +// A custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// lets you protect your Amazon Web Services resources using keys in a backing +// key store that you own and manage. When you request a cryptographic operation +// with a KMS key in a custom key store, the operation is performed in the backing +// key store using its cryptographic keys. +// +// KMS supports CloudHSM key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html) +// backed by an CloudHSM cluster and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html) +// backed by an external key manager outside of Amazon Web Services. When you +// create a KMS key in an CloudHSM key store, KMS generates an encryption key +// in the CloudHSM cluster and associates it with the KMS key. When you create +// a KMS key in an external key store, you specify an existing encryption key +// in the external key manager. +// +// Some external key managers provide a simpler method for creating a KMS key +// in an external key store. For details, see your external key manager documentation. +// +// Before you create a KMS key in a custom key store, the ConnectionState of +// the key store must be CONNECTED. To connect the custom key store, use the +// ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores +// operation. // -// For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// To create a KMS key in a custom key store, use the CustomKeyStoreId. Use +// the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, +// ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is +// supported in a custom key store. // -// To create different types of CMKs, use the following guidance: +// To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html), +// use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster +// that is associated with the custom key store must have at least two active +// HSMs in different Availability Zones in the Amazon Web Services Region. // -// Asymmetric CMKs +// To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html), +// use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId +// parameter that identifies an existing external key. // -// To create an asymmetric CMK, use the CustomerMasterKeySpec parameter to specify -// the type of key material in the CMK. Then, use the KeyUsage parameter to -// determine whether the CMK will be used to encrypt and decrypt or sign and -// verify. You can't change these properties after the CMK is created. +// Some external key managers provide a simpler method for creating a KMS key +// in an external key store. For details, see your external key manager documentation. // -// Symmetric CMKs +// Cross-account use: No. You cannot use this operation to create a KMS key +// in a different Amazon Web Services account. // -// When creating a symmetric CMK, you don't need to specify the CustomerMasterKeySpec -// or KeyUsage parameters. The default value for CustomerMasterKeySpec, SYMMETRIC_DEFAULT, -// and the default value for KeyUsage, ENCRYPT_DECRYPT, are the only valid values -// for symmetric CMKs. +// Required permissions: kms:CreateKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy). To use the Tags parameter, kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy). For examples and information about related permissions, see +// Allow a user to create KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key) +// in the Key Management Service Developer Guide. // -// Imported Key Material +// Related operations: // -// To import your own key material, begin by creating a symmetric CMK with no -// key material. To do this, use the Origin parameter of CreateKey with a value -// of EXTERNAL. Next, use GetParametersForImport operation to get a public key -// and import token, and use the public key to encrypt your key material. Then, -// use ImportKeyMaterial with your import token to import the key material. -// For step-by-step instructions, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide . You cannot import the -// key material into an asymmetric CMK. +// - DescribeKey // -// Custom Key Stores +// - ListKeys // -// To create a symmetric CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// use the CustomKeyStoreId parameter to specify the custom key store. You must -// also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM -// cluster that is associated with the custom key store must have at least two -// active HSMs in different Availability Zones in the AWS Region. +// - ScheduleKeyDeletion // -// You cannot create an asymmetric CMK in a custom key store. For information -// about custom key stores in AWS KMS see Using Custom Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// in the AWS Key Management Service Developer Guide . +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -914,88 +1249,122 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // API operation CreateKey for usage and error information. // // Returned Error Types: -// * MalformedPolicyDocumentException -// The request was rejected because the specified policy is not syntactically -// or semantically correct. -// -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. -// -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. -// -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. -// -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. -// -// * LimitExceededException -// The request was rejected because a quota was exceeded. For more information, -// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. -// -// * TagException -// The request was rejected because one or more tags are not valid. -// -// * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with -// the specified key store name or ID. -// -// * CustomKeyStoreInvalidStateException -// The request was rejected because of the ConnectionState of the custom key -// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores -// operation. -// -// This exception is thrown under the following conditions: -// -// * You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. -// -// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation -// on a custom key store that is not disconnected. This operation is valid -// only when the custom key store ConnectionState is DISCONNECTED. -// -// * You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. -// -// * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. -// -// * The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. -// -// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// (cloudhsm-cluster--sg) must include inbound rules and outbound -// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound -// rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) -// operation. -// -// * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. -// -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, -// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// +// - MalformedPolicyDocumentException +// The request was rejected because the specified policy is not syntactically +// or semantically correct. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. +// +// - TagException +// The request was rejected because one or more tags are not valid. +// +// - CustomKeyStoreNotFoundException +// The request was rejected because KMS cannot find a custom key store with +// the specified key store name or ID. +// +// - CustomKeyStoreInvalidStateException +// The request was rejected because of the ConnectionState of the custom key +// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores +// operation. +// +// This exception is thrown under the following conditions: +// +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. +// +// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. +// +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. +// +// - CloudHsmClusterInvalidConfigurationException +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for an CloudHSM key store. +// +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. +// +// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster--sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an CloudHSM cluster that is associated +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the CloudHSM User Guide . +// +// - XksKeyInvalidConfigurationException +// The request was rejected because the external key specified by the XksKeyId +// parameter did not meet the configuration requirements for an external key +// store. +// +// The external key must be an AES-256 symmetric key that is enabled and performs +// encryption and decryption. +// +// - XksKeyAlreadyInUseException +// The request was rejected because the (XksKeyId) is already associated with +// another KMS key in this external key store. Each KMS key in an external key +// store must be associated with a different external key. +// +// - XksKeyNotFoundException +// The request was rejected because the external key store proxy could not find +// the external key. This exception is thrown when the value of the XksKeyId +// parameter doesn't identify a key in the external key manager associated with +// the external key proxy. +// +// Verify that the XksKeyId represents an existing key in the external key manager. +// Use the key identifier that the external key store proxy uses to identify +// the key. For details, see the documentation provided with your external key +// store proxy or key manager. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { @@ -1035,14 +1404,13 @@ const opDecrypt = "Decrypt" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DecryptRequest method. +// req, resp := client.DecryptRequest(params) // -// // Example sending a request using the DecryptRequest method. -// req, resp := client.DecryptRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output *DecryptOutput) { @@ -1063,52 +1431,88 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // Decrypt API operation for AWS Key Management Service. // -// Decrypts ciphertext that was encrypted by a AWS KMS customer master key (CMK) -// using any of the following operations: +// Decrypts ciphertext that was encrypted by a KMS key using any of the following +// operations: // -// * Encrypt +// - Encrypt // -// * GenerateDataKey +// - GenerateDataKey // -// * GenerateDataKeyPair +// - GenerateDataKeyPair // -// * GenerateDataKeyWithoutPlaintext +// - GenerateDataKeyWithoutPlaintext // -// * GenerateDataKeyPairWithoutPlaintext +// - GenerateDataKeyPairWithoutPlaintext // // You can use this operation to decrypt ciphertext that was encrypted under -// a symmetric or asymmetric CMK. When the CMK is asymmetric, you must specify -// the CMK and the encryption algorithm that was used to encrypt the ciphertext. -// For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// a symmetric encryption KMS key or an asymmetric encryption KMS key. When +// the KMS key is asymmetric, you must specify the KMS key and the encryption +// algorithm that was used to encrypt the ciphertext. For information about +// asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // // The Decrypt operation also decrypts ciphertext that was encrypted outside -// of AWS KMS by the public key in an AWS KMS asymmetric CMK. However, it cannot -// decrypt ciphertext produced by other libraries, such as the AWS Encryption -// SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// of KMS by the public key in an KMS asymmetric KMS key. However, it cannot +// decrypt symmetric ciphertext produced by other libraries, such as the Amazon +// Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). -// These libraries return a ciphertext format that is incompatible with AWS -// KMS. -// -// If the ciphertext was encrypted under a symmetric CMK, you do not need to -// specify the CMK or the encryption algorithm. AWS KMS can get this information -// from metadata that it adds to the symmetric ciphertext blob. However, if -// you prefer, you can specify the KeyId to ensure that a particular CMK is -// used to decrypt the ciphertext. If you specify a different CMK than the one -// used to encrypt the ciphertext, the Decrypt operation fails. +// These libraries return a ciphertext format that is incompatible with KMS. +// +// If the ciphertext was encrypted under a symmetric encryption KMS key, the +// KeyId parameter is optional. KMS can get this information from metadata that +// it adds to the symmetric ciphertext blob. This feature adds durability to +// your implementation by ensuring that authorized users can decrypt ciphertext +// decades after it was encrypted, even if they've lost track of the key ID. +// However, specifying the KMS key is always recommended as a best practice. +// When you use the KeyId parameter to specify a KMS key, KMS only uses the +// KMS key you specify. If the ciphertext was encrypted under a different KMS +// key, the Decrypt operation fails. This practice ensures that you use the +// KMS key that you intend. // // Whenever possible, use key policies to give users permission to call the -// Decrypt operation on a particular CMK, instead of using IAM policies. Otherwise, -// you might create an IAM user policy that gives the user Decrypt permission -// on all CMKs. This user could decrypt ciphertext that was encrypted by CMKs -// in other accounts if the key policy for the cross-account CMK permits it. -// If you must use an IAM policy for Decrypt permissions, limit the user to -// particular CMKs or particular trusted accounts. +// Decrypt operation on a particular KMS key, instead of using &IAM; policies. +// Otherwise, you might create an &IAM; policy that gives the user Decrypt permission +// on all KMS keys. This user could decrypt ciphertext that was encrypted by +// KMS keys in other accounts if the key policy for the cross-account KMS key +// permits it. If you must use an IAM policy for Decrypt permissions, limit +// the user to particular KMS keys or particular trusted accounts. For details, +// see Best practices for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices) +// in the Key Management Service Developer Guide. +// +// Decrypt also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call Decrypt +// for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. Instead of the plaintext data, the +// response includes the plaintext data encrypted with the public key from the +// attestation document (CiphertextForRecipient). For information about the +// interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon +// Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. If you use the KeyId parameter to identify a KMS +// key in a different Amazon Web Services account, specify the key ARN or the +// alias ARN of the KMS key. +// +// Required permissions: kms:Decrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Related operations: +// +// - Encrypt +// +// - GenerateDataKey +// +// - GenerateDataKeyPair +// +// - ReEncrypt +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1118,64 +1522,79 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // API operation Decrypt for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - InvalidCiphertextException +// From the Decrypt or ReEncrypt operation, the request was rejected because +// the specified ciphertext, or additional authenticated data incorporated into +// the ciphertext, such as the encryption context, is corrupted, missing, or +// otherwise invalid. +// +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. // -// * InvalidCiphertextException -// From the Decrypt or ReEncrypt operation, the request was rejected because -// the specified ciphertext, or additional authenticated data incorporated into -// the ciphertext, such as the encryption context, is corrupted, missing, or -// otherwise invalid. +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// - IncorrectKeyException +// The request was rejected because the specified KMS key cannot decrypt the +// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same KMS key that was used to encrypt the ciphertext. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * IncorrectKeyException -// The request was rejected because the specified CMK cannot decrypt the data. -// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request -// must identify the same CMK that was used to encrypt the ciphertext. +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { @@ -1215,14 +1634,13 @@ const opDeleteAlias = "DeleteAlias" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteAliasRequest method. +// req, resp := client.DeleteAliasRequest(params) // -// // Example sending a request using the DeleteAliasRequest method. -// req, resp := client.DeleteAliasRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) { @@ -1244,17 +1662,45 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // DeleteAlias API operation for AWS Key Management Service. // -// Deletes the specified alias. You cannot perform this operation on an alias -// in a different AWS account. +// Deletes the specified alias. // -// Because an alias is not a property of a CMK, you can delete and change the -// aliases of a CMK without affecting the CMK. Also, aliases do not appear in -// the response from the DescribeKey operation. To get the aliases of all CMKs, -// use the ListAliases operation. +// Adding, deleting, or updating an alias can allow or deny permission to the +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. +// +// Because an alias is not a property of a KMS key, you can delete and change +// the aliases of a KMS key without affecting the KMS key. Also, aliases do +// not appear in the response from the DescribeKey operation. To get the aliases +// of all KMS keys, use the ListAliases operation. +// +// Each KMS key can have multiple aliases. To change the alias of a KMS key, +// use DeleteAlias to delete the current alias and CreateAlias to create a new +// alias. To associate an existing alias with a different KMS key, call UpdateAlias. +// +// Cross-account use: No. You cannot perform this operation on an alias in a +// different Amazon Web Services account. +// +// Required permissions +// +// - kms:DeleteAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the alias (IAM policy). // -// Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias -// to delete the current alias and CreateAlias to create a new alias. To associate -// an existing alias with a different customer master key (CMK), call UpdateAlias. +// - kms:DeleteAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the KMS key (key policy). +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the Key Management Service Developer Guide. +// +// Related operations: +// +// - CreateAlias +// +// - ListAliases +// +// - UpdateAlias +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1264,25 +1710,34 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // API operation DeleteAlias for usage and error information. // // Returned Error Types: -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { @@ -1322,14 +1777,13 @@ const opDeleteCustomKeyStore = "DeleteCustomKeyStore" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteCustomKeyStoreRequest method. +// req, resp := client.DeleteCustomKeyStoreRequest(params) // -// // Example sending a request using the DeleteCustomKeyStoreRequest method. -// req, resp := client.DeleteCustomKeyStoreRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req *request.Request, output *DeleteCustomKeyStoreOutput) { @@ -1352,34 +1806,59 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // DeleteCustomKeyStore API operation for AWS Key Management Service. // // Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// This operation does not delete the AWS CloudHSM cluster that is associated -// with the custom key store, or affect any users or keys in the cluster. +// This operation does not affect any backing elements of the custom key store. +// It does not delete the CloudHSM cluster that is associated with an CloudHSM +// key store, or affect any users or keys in the cluster. For an external key +// store, it does not affect the external key store proxy, external key manager, +// or any external keys. // -// The custom key store that you delete cannot contain any AWS KMS customer -// master keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). -// Before deleting the key store, verify that you will never need to use any -// of the CMKs in the key store for any cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). -// Then, use ScheduleKeyDeletion to delete the AWS KMS customer master keys -// (CMKs) from the key store. When the scheduled waiting period expires, the -// ScheduleKeyDeletion operation deletes the CMKs. Then it makes a best effort -// to delete the key material from the associated cluster. However, you might -// need to manually delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) -// from the cluster and its backups. -// -// After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to -// disconnect the key store from AWS KMS. Then, you can delete the custom key -// store. +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. // -// Instead of deleting the custom key store, consider using DisconnectCustomKeyStore -// to disconnect it from AWS KMS. While the key store is disconnected, you cannot -// create or use the CMKs in the key store. But, you do not need to delete CMKs -// and you can reconnect a disconnected custom key store at any time. +// The custom key store that you delete cannot contain any KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). +// Before deleting the key store, verify that you will never need to use any +// of the KMS keys in the key store for any cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). +// Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. +// After the required waiting period expires and all KMS keys are deleted from +// the custom key store, use DisconnectCustomKeyStore to disconnect the key +// store from KMS. Then, you can delete the custom key store. +// +// For keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes +// a best effort to delete the key material from the associated cluster. However, +// you might need to manually delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// from the cluster and its backups. KMS never creates, manages, or deletes +// cryptographic keys in the external key manager associated with an external +// key store. You must manage them using your external key manager tools. +// +// Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore +// operation to disconnect the custom key store from its backing key store. +// While the key store is disconnected, you cannot create or use the KMS keys +// in the key store. But, you do not need to delete KMS keys and you can reconnect +// a disconnected custom key store at any time. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different Amazon Web Services account. +// +// Required permissions: kms:DeleteCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// - ConnectCustomKeyStore +// +// - CreateCustomKeyStore +// +// - DescribeCustomKeyStores +// +// - DisconnectCustomKeyStore +// +// - UpdateCustomKeyStore +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1389,38 +1868,49 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // API operation DeleteCustomKeyStore for usage and error information. // // Returned Error Types: -// * CustomKeyStoreHasCMKsException -// The request was rejected because the custom key store contains AWS KMS customer -// master keys (CMKs). After verifying that you do not need to use the CMKs, -// use the ScheduleKeyDeletion operation to delete the CMKs. After they are -// deleted, you can delete the custom key store. // -// * CustomKeyStoreInvalidStateException -// The request was rejected because of the ConnectionState of the custom key -// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores -// operation. +// - CustomKeyStoreHasCMKsException +// The request was rejected because the custom key store contains KMS keys. +// After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion +// operation to delete the KMS keys. After they are deleted, you can delete +// the custom key store. +// +// - CustomKeyStoreInvalidStateException +// The request was rejected because of the ConnectionState of the custom key +// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores +// operation. +// +// This exception is thrown under the following conditions: +// +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). // -// This exception is thrown under the following conditions: +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. // -// * You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // -// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation -// on a custom key store that is not disconnected. This operation is valid -// only when the custom key store ConnectionState is DISCONNECTED. +// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. // -// * You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // -// * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with -// the specified key store name or ID. +// - CustomKeyStoreNotFoundException +// The request was rejected because KMS cannot find a custom key store with +// the specified key store name or ID. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore func (c *KMS) DeleteCustomKeyStore(input *DeleteCustomKeyStoreInput) (*DeleteCustomKeyStoreOutput, error) { @@ -1460,14 +1950,13 @@ const opDeleteImportedKeyMaterial = "DeleteImportedKeyMaterial" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteImportedKeyMaterialRequest method. +// req, resp := client.DeleteImportedKeyMaterialRequest(params) // -// // Example sending a request using the DeleteImportedKeyMaterialRequest method. -// req, resp := client.DeleteImportedKeyMaterialRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialInput) (req *request.Request, output *DeleteImportedKeyMaterialOutput) { @@ -1489,21 +1978,34 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // DeleteImportedKeyMaterial API operation for AWS Key Management Service. // -// Deletes key material that you previously imported. This operation makes the -// specified customer master key (CMK) unusable. For more information about -// importing key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide. You cannot perform this -// operation on a CMK in a different AWS account. +// Deletes key material that was previously imported. This operation makes the +// specified KMS key temporarily unusable. To restore the usability of the KMS +// key, reimport the same key material. For more information about importing +// key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the Key Management Service Developer Guide. +// +// When the specified KMS key is in the PendingDeletion state, this operation +// does not change the KMS key's state. Otherwise, it changes the KMS key's +// state to PendingImport. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // -// When the specified CMK is in the PendingDeletion state, this operation does -// not change the CMK's state. Otherwise, it changes the CMK's state to PendingImport. +// Required permissions: kms:DeleteImportedKeyMaterial (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) // -// After you delete key material, you can use ImportKeyMaterial to reimport -// the same key material into the CMK. +// Related operations: // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - GetParametersForImport +// +// - ImportKeyMaterial +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1513,33 +2015,42 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // API operation DeleteImportedKeyMaterial for usage and error information. // // Returned Error Types: -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { @@ -1563,266 +2074,595 @@ func (c *KMS) DeleteImportedKeyMaterialWithContext(ctx aws.Context, input *Delet return out, req.Send() } -const opDescribeCustomKeyStores = "DescribeCustomKeyStores" +const opDeriveSharedSecret = "DeriveSharedSecret" -// DescribeCustomKeyStoresRequest generates a "aws/request.Request" representing the -// client's request for the DescribeCustomKeyStores operation. The "output" return +// DeriveSharedSecretRequest generates a "aws/request.Request" representing the +// client's request for the DeriveSharedSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeCustomKeyStores for more information on using the DescribeCustomKeyStores +// See DeriveSharedSecret for more information on using the DeriveSharedSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeriveSharedSecretRequest method. +// req, resp := client.DeriveSharedSecretRequest(params) // -// // Example sending a request using the DescribeCustomKeyStoresRequest method. -// req, resp := client.DescribeCustomKeyStoresRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores -func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput) (req *request.Request, output *DescribeCustomKeyStoresOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecret +func (c *KMS) DeriveSharedSecretRequest(input *DeriveSharedSecretInput) (req *request.Request, output *DeriveSharedSecretOutput) { op := &request.Operation{ - Name: opDescribeCustomKeyStores, + Name: opDeriveSharedSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DescribeCustomKeyStoresInput{} + input = &DeriveSharedSecretInput{} } - output = &DescribeCustomKeyStoresOutput{} + output = &DeriveSharedSecretOutput{} req = c.newRequest(op, input, output) return } -// DescribeCustomKeyStores API operation for AWS Key Management Service. +// DeriveSharedSecret API operation for AWS Key Management Service. // -// Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// in the account and region. +// Derives a shared secret using a key agreement algorithm. // -// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// You must use an asymmetric NIST-recommended elliptic curve (ECC) or SM2 (China +// Regions only) KMS key pair with a KeyUsage value of KEY_AGREEMENT to call +// DeriveSharedSecret. // -// By default, this operation returns information about all custom key stores -// in the account and region. To get only information about a particular custom -// key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter -// (but not both). +// DeriveSharedSecret uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman +// Primitive (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60) +// (ECDH) to establish a key agreement between two peers by deriving a shared +// secret from their elliptic curve public-private key pairs. You can use the +// raw shared secret that DeriveSharedSecret returns to derive a symmetric key +// that can encrypt and decrypt data that is sent between the two peers, or +// that can generate and verify HMACs. KMS recommends that you follow NIST recommendations +// for key derivation (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf) +// when using the raw shared secret to derive a symmetric key. // -// To determine whether the custom key store is connected to its AWS CloudHSM -// cluster, use the ConnectionState element in the response. If an attempt to -// connect the custom key store failed, the ConnectionState value is FAILED -// and the ConnectionErrorCode element in the response indicates the cause of -// the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. +// The following workflow demonstrates how to establish key agreement over an +// insecure communication channel using DeriveSharedSecret. // -// Custom key stores have a DISCONNECTED connection state if the key store has -// never been connected or you use the DisconnectCustomKeyStore operation to -// disconnect it. If your custom key store state is CONNECTED but you are having -// trouble using it, make sure that its associated AWS CloudHSM cluster is active -// and contains the minimum number of HSMs required for the operation, if any. +// Alice calls CreateKey to create an asymmetric KMS key pair with a KeyUsage +// value of KEY_AGREEMENT. +// +// The asymmetric KMS key must use a NIST-recommended elliptic curve (ECC) or +// SM2 (China Regions only) key spec. +// +// Bob creates an elliptic curve key pair. +// +// Bob can call CreateKey to create an asymmetric KMS key pair or generate a +// key pair outside of KMS. Bob's key pair must use the same NIST-recommended +// elliptic curve (ECC) or SM2 (China Regions ony) curve as Alice. +// +// Alice and Bob exchange their public keys through an insecure communication +// channel (like the internet). +// +// Use GetPublicKey to download the public key of your asymmetric KMS key pair. +// +// KMS strongly recommends verifying that the public key you receive came from +// the expected party before using it to derive a shared secret. +// +// Alice calls DeriveSharedSecret. // -// For help repairing your custom key store, see the Troubleshooting Custom -// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// topic in the AWS Key Management Service Developer Guide. +// KMS uses the private key from the KMS key pair generated in Step 1, Bob's +// public key, and the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive +// to derive the shared secret. The private key in your KMS key pair never leaves +// KMS unencrypted. DeriveSharedSecret returns the raw shared secret. +// +// Bob uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive +// to calculate the same raw secret using his private key and Alice's public +// key. +// +// To derive a shared secret you must provide a key agreement algorithm, the +// private key of the caller's asymmetric NIST-recommended elliptic curve or +// SM2 (China Regions only) KMS key pair, and the public key from your peer's +// NIST-recommended elliptic curve or SM2 (China Regions only) key pair. The +// public key can be from another asymmetric KMS key pair or from a key pair +// generated outside of KMS, but both key pairs must be on the same elliptic +// curve. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:DeriveSharedSecret (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - CreateKey +// +// - GetPublicKey +// +// - DescribeKey +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's -// API operation DescribeCustomKeyStores for usage and error information. +// API operation DeriveSharedSecret for usage and error information. // // Returned Error Types: -// * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with -// the specified key store name or ID. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores -func (c *KMS) DescribeCustomKeyStores(input *DescribeCustomKeyStoresInput) (*DescribeCustomKeyStoresOutput, error) { - req, out := c.DescribeCustomKeyStoresRequest(input) +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// - The KeyUsage value of the KMS key is incompatible with the API operation. +// +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecret +func (c *KMS) DeriveSharedSecret(input *DeriveSharedSecretInput) (*DeriveSharedSecretOutput, error) { + req, out := c.DeriveSharedSecretRequest(input) return out, req.Send() } -// DescribeCustomKeyStoresWithContext is the same as DescribeCustomKeyStores with the addition of +// DeriveSharedSecretWithContext is the same as DeriveSharedSecret with the addition of // the ability to pass a context and additional request options. // -// See DescribeCustomKeyStores for details on how to use this API operation. +// See DeriveSharedSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *KMS) DescribeCustomKeyStoresWithContext(ctx aws.Context, input *DescribeCustomKeyStoresInput, opts ...request.Option) (*DescribeCustomKeyStoresOutput, error) { - req, out := c.DescribeCustomKeyStoresRequest(input) +func (c *KMS) DeriveSharedSecretWithContext(ctx aws.Context, input *DeriveSharedSecretInput, opts ...request.Option) (*DeriveSharedSecretOutput, error) { + req, out := c.DeriveSharedSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDescribeKey = "DescribeKey" +const opDescribeCustomKeyStores = "DescribeCustomKeyStores" -// DescribeKeyRequest generates a "aws/request.Request" representing the -// client's request for the DescribeKey operation. The "output" return +// DescribeCustomKeyStoresRequest generates a "aws/request.Request" representing the +// client's request for the DescribeCustomKeyStores operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeKey for more information on using the DescribeKey +// See DescribeCustomKeyStores for more information on using the DescribeCustomKeyStores // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeCustomKeyStoresRequest method. +// req, resp := client.DescribeCustomKeyStoresRequest(params) // -// // Example sending a request using the DescribeKeyRequest method. -// req, resp := client.DescribeKeyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey -func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores +func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput) (req *request.Request, output *DescribeCustomKeyStoresOutput) { op := &request.Operation{ - Name: opDescribeKey, + Name: opDescribeCustomKeyStores, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, } if input == nil { - input = &DescribeKeyInput{} + input = &DescribeCustomKeyStoresInput{} } - output = &DescribeKeyOutput{} + output = &DescribeCustomKeyStoresOutput{} req = c.newRequest(op, input, output) return } -// DescribeKey API operation for AWS Key Management Service. +// DescribeCustomKeyStores API operation for AWS Key Management Service. // -// Provides detailed information about a customer master key (CMK). You can -// run DescribeKey on a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) -// or an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// in the account and Region. // -// This detailed information includes the key ARN, creation date (and deletion -// date, if applicable), the key state, and the origin and expiration date (if -// any) of the key material. For CMKs in custom key stores, it includes information -// about the custom key store, such as the key store ID and the AWS CloudHSM -// cluster ID. It includes fields, like KeySpec, that help you distinguish symmetric -// from asymmetric CMKs. It also provides information that is particularly important -// to asymmetric CMKs, such as the key usage (encryption or signing) and the -// encryption algorithms or signing algorithms that the CMK supports. +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. // -// DescribeKey does not return the following information: +// By default, this operation returns information about all custom key stores +// in the account and Region. To get only information about a particular custom +// key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter +// (but not both). +// +// To determine whether the custom key store is connected to its CloudHSM cluster +// or external key store proxy, use the ConnectionState element in the response. +// If an attempt to connect the custom key store failed, the ConnectionState +// value is FAILED and the ConnectionErrorCode element in the response indicates +// the cause of the failure. For help interpreting the ConnectionErrorCode, +// see CustomKeyStoresListEntry. +// +// Custom key stores have a DISCONNECTED connection state if the key store has +// never been connected or you used the DisconnectCustomKeyStore operation to +// disconnect it. Otherwise, the connection state is CONNECTED. If your custom +// key store connection state is CONNECTED but you are having trouble using +// it, verify that the backing store is active and available. For an CloudHSM +// key store, verify that the associated CloudHSM cluster is active and contains +// the minimum number of HSMs required for the operation, if any. For an external +// key store, verify that the external key store proxy and its associated external +// key manager are reachable and enabled. +// +// For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html). +// For help repairing your external key store, see the Troubleshooting external +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html). +// Both topics are in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different Amazon Web Services account. // -// * Aliases associated with the CMK. To get this information, use ListAliases. +// Required permissions: kms:DescribeCustomKeyStores (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) // -// * Whether automatic key rotation is enabled on the CMK. To get this information, -// use GetKeyRotationStatus. Also, some key states prevent a CMK from being -// automatically rotated. For details, see How Automatic Key Rotation Works -// (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works) -// in AWS Key Management Service Developer Guide. +// Related operations: // -// * Tags on the CMK. To get this information, use ListResourceTags. +// - ConnectCustomKeyStore // -// * Key policies and grants on the CMK. To get this information, use GetKeyPolicy -// and ListGrants. +// - CreateCustomKeyStore // -// If you call the DescribeKey operation on a predefined AWS alias, that is, -// an AWS alias with no key ID, AWS KMS creates an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). -// Then, it associates the alias with the new CMK, and returns the KeyId and -// Arn of the new CMK in the response. +// - DeleteCustomKeyStore // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN or alias ARN in the value of the KeyId parameter. +// - DisconnectCustomKeyStore +// +// - UpdateCustomKeyStore +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's -// API operation DescribeKey for usage and error information. +// API operation DescribeCustomKeyStores for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - CustomKeyStoreNotFoundException +// The request was rejected because KMS cannot find a custom key store with +// the specified key store name or ID. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey -func (c *KMS) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { - req, out := c.DescribeKeyRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores +func (c *KMS) DescribeCustomKeyStores(input *DescribeCustomKeyStoresInput) (*DescribeCustomKeyStoresOutput, error) { + req, out := c.DescribeCustomKeyStoresRequest(input) return out, req.Send() } -// DescribeKeyWithContext is the same as DescribeKey with the addition of +// DescribeCustomKeyStoresWithContext is the same as DescribeCustomKeyStores with the addition of // the ability to pass a context and additional request options. // -// See DescribeKey for details on how to use this API operation. +// See DescribeCustomKeyStores for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *KMS) DescribeKeyWithContext(ctx aws.Context, input *DescribeKeyInput, opts ...request.Option) (*DescribeKeyOutput, error) { - req, out := c.DescribeKeyRequest(input) +func (c *KMS) DescribeCustomKeyStoresWithContext(ctx aws.Context, input *DescribeCustomKeyStoresInput, opts ...request.Option) (*DescribeCustomKeyStoresOutput, error) { + req, out := c.DescribeCustomKeyStoresRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opDisableKey = "DisableKey" - -// DisableKeyRequest generates a "aws/request.Request" representing the -// client's request for the DisableKey operation. The "output" return -// value will be populated with the request's response once the request completes -// successfully. +// DescribeCustomKeyStoresPages iterates over the pages of a DescribeCustomKeyStores operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeCustomKeyStores method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeCustomKeyStores operation. +// pageNum := 0 +// err := client.DescribeCustomKeyStoresPages(params, +// func(page *kms.DescribeCustomKeyStoresOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *KMS) DescribeCustomKeyStoresPages(input *DescribeCustomKeyStoresInput, fn func(*DescribeCustomKeyStoresOutput, bool) bool) error { + return c.DescribeCustomKeyStoresPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeCustomKeyStoresPagesWithContext same as DescribeCustomKeyStoresPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) DescribeCustomKeyStoresPagesWithContext(ctx aws.Context, input *DescribeCustomKeyStoresInput, fn func(*DescribeCustomKeyStoresOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeCustomKeyStoresInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeCustomKeyStoresRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeCustomKeyStoresOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeKey = "DescribeKey" + +// DescribeKeyRequest generates a "aws/request.Request" representing the +// client's request for the DescribeKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DisableKey for more information on using the DisableKey +// See DescribeKey for more information on using the DescribeKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeKeyRequest method. +// req, resp := client.DescribeKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey +func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { + op := &request.Operation{ + Name: opDescribeKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeKeyInput{} + } + + output = &DescribeKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeKey API operation for AWS Key Management Service. +// +// Provides detailed information about a KMS key. You can run DescribeKey on +// a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) +// or an Amazon Web Services managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// +// This detailed information includes the key ARN, creation date (and deletion +// date, if applicable), the key state, and the origin and expiration date (if +// any) of the key material. It includes fields, like KeySpec, that help you +// distinguish different types of KMS keys. It also displays the key usage (encryption, +// signing, or generating and verifying MACs) and the algorithms that the KMS +// key supports. +// +// For multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html), +// DescribeKey displays the primary key and all related replica keys. For KMS +// keys in CloudHSM key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html), +// it includes information about the key store, such as the key store ID and +// the CloudHSM cluster ID. For KMS keys in external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html), +// it includes the custom key store ID and the ID of the external key. +// +// DescribeKey does not return the following information: +// +// - Aliases associated with the KMS key. To get this information, use ListAliases. +// +// - Whether automatic key rotation is enabled on the KMS key. To get this +// information, use GetKeyRotationStatus. Also, some key states prevent a +// KMS key from being automatically rotated. For details, see How Automatic +// Key Rotation Works (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works) +// in the Key Management Service Developer Guide. +// +// - Tags on the KMS key. To get this information, use ListResourceTags. +// +// - Key policies and grants on the KMS key. To get this information, use +// GetKeyPolicy and ListGrants. +// +// In general, DescribeKey is a non-mutating operation. It returns data about +// KMS keys, but doesn't change them. However, Amazon Web Services services +// use DescribeKey to create Amazon Web Services managed keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) +// from a predefined Amazon Web Services alias with no key ID. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:DescribeKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - GetKeyPolicy +// +// - GetKeyRotationStatus +// +// - ListAliases +// +// - ListGrants +// +// - ListKeys +// +// - ListResourceTags +// +// - ListRetirableGrants +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation DescribeKey for usage and error information. +// +// Returned Error Types: +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey +func (c *KMS) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { + req, out := c.DescribeKeyRequest(input) + return out, req.Send() +} + +// DescribeKeyWithContext is the same as DescribeKey with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) DescribeKeyWithContext(ctx aws.Context, input *DescribeKeyInput, opts ...request.Option) (*DescribeKeyOutput, error) { + req, out := c.DescribeKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisableKey = "DisableKey" + +// DisableKeyRequest generates a "aws/request.Request" representing the +// client's request for the DisableKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableKey for more information on using the DisableKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the DisableKeyRequest method. -// req, resp := client.DisableKeyRequest(params) +// // Example sending a request using the DisableKeyRequest method. +// req, resp := client.DisableKeyRequest(params) // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, output *DisableKeyOutput) { @@ -1844,17 +2684,27 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // DisableKey API operation for AWS Key Management Service. // -// Sets the state of a customer master key (CMK) to disabled, thereby preventing -// its use for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). -// You cannot perform this operation on a CMK in a different AWS account. +// Sets the state of a KMS key to disabled. This change temporarily prevents +// use of the KMS key for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). +// +// For more information about how key state affects the use of a KMS key, see +// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:DisableKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: EnableKey +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1864,29 +2714,38 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // API operation DisableKey for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { @@ -1926,14 +2785,13 @@ const opDisableKeyRotation = "DisableKeyRotation" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DisableKeyRotationRequest method. +// req, resp := client.DisableKeyRotationRequest(params) // -// // Example sending a request using the DisableKeyRotationRequest method. -// req, resp := client.DisableKeyRotationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *request.Request, output *DisableKeyRotationOutput) { @@ -1956,15 +2814,49 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // DisableKeyRotation API operation for AWS Key Management Service. // // Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified symmetric customer master key (CMK). +// of the specified symmetric encryption KMS key. +// +// Automatic key rotation is supported only on symmetric encryption KMS keys. +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), +// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// set the property on the primary key. // -// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported -// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// You cannot perform this operation on a CMK in a different AWS account. +// You can enable (EnableKeyRotation) and disable automatic rotation of the +// key material in customer managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). +// Key material rotation of Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) +// is not configurable. KMS always rotates the key material for every year. +// Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) +// varies. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed +// keys from every three years to every year. For details, see EnableKeyRotation. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:DisableKeyRotation (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - EnableKeyRotation +// +// - GetKeyRotationStatus +// +// - ListKeyRotations +// +// - RotateKeyOnDemand +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1974,36 +2866,45 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // API operation DisableKeyRotation for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation func (c *KMS) DisableKeyRotation(input *DisableKeyRotationInput) (*DisableKeyRotationOutput, error) { @@ -2043,14 +2944,13 @@ const opDisconnectCustomKeyStore = "DisconnectCustomKeyStore" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DisconnectCustomKeyStoreRequest method. +// req, resp := client.DisconnectCustomKeyStoreRequest(params) // -// // Example sending a request using the DisconnectCustomKeyStoreRequest method. -// req, resp := client.DisconnectCustomKeyStoreRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInput) (req *request.Request, output *DisconnectCustomKeyStoreOutput) { @@ -2073,26 +2973,52 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // DisconnectCustomKeyStore API operation for AWS Key Management Service. // // Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// from its associated AWS CloudHSM cluster. While a custom key store is disconnected, -// you can manage the custom key store and its customer master keys (CMKs), -// but you cannot create or use CMKs in the custom key store. You can reconnect +// from its backing key store. This operation disconnects an CloudHSM key store +// from its associated CloudHSM cluster or disconnects an external key store +// from the external key store proxy that communicates with your external key +// manager. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. +// +// While a custom key store is disconnected, you can manage the custom key store +// and its KMS keys, but you cannot create or use its KMS keys. You can reconnect // the custom key store at any time. // -// While a custom key store is disconnected, all attempts to create customer -// master keys (CMKs) in the custom key store or to use existing CMKs in cryptographic -// operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) +// While a custom key store is disconnected, all attempts to create KMS keys +// in the custom key store or to use existing KMS keys in cryptographic operations +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) // will fail. This action can prevent users from storing and accessing sensitive // data. // +// When you disconnect a custom key store, its ConnectionState changes to Disconnected. // To find the connection state of a custom key store, use the DescribeCustomKeyStores // operation. To reconnect a custom key store, use the ConnectCustomKeyStore // operation. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different Amazon Web Services account. +// +// Required permissions: kms:DisconnectCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// - ConnectCustomKeyStore +// +// - CreateCustomKeyStore +// +// - DeleteCustomKeyStore +// +// - DescribeCustomKeyStores +// +// - UpdateCustomKeyStore +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2102,32 +3028,43 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // API operation DisconnectCustomKeyStore for usage and error information. // // Returned Error Types: -// * CustomKeyStoreInvalidStateException -// The request was rejected because of the ConnectionState of the custom key -// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores -// operation. // -// This exception is thrown under the following conditions: +// - CustomKeyStoreInvalidStateException +// The request was rejected because of the ConnectionState of the custom key +// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores +// operation. +// +// This exception is thrown under the following conditions: // -// * You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). // -// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation -// on a custom key store that is not disconnected. This operation is valid -// only when the custom key store ConnectionState is DISCONNECTED. +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. // -// * You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // -// * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with -// the specified key store name or ID. +// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. +// +// - CustomKeyStoreNotFoundException +// The request was rejected because KMS cannot find a custom key store with +// the specified key store name or ID. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore func (c *KMS) DisconnectCustomKeyStore(input *DisconnectCustomKeyStoreInput) (*DisconnectCustomKeyStoreOutput, error) { @@ -2167,14 +3104,13 @@ const opEnableKey = "EnableKey" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the EnableKeyRequest method. +// req, resp := client.EnableKeyRequest(params) // -// // Example sending a request using the EnableKeyRequest method. -// req, resp := client.EnableKeyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, output *EnableKeyOutput) { @@ -2196,13 +3132,23 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // EnableKey API operation for AWS Key Management Service. // -// Sets the key state of a customer master key (CMK) to enabled. This allows -// you to use the CMK for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). -// You cannot perform this operation on a CMK in a different AWS account. +// Sets the key state of a KMS key to enabled. This allows you to use the KMS +// key for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:EnableKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: DisableKey +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2212,34 +3158,43 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // API operation EnableKey for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * LimitExceededException -// The request was rejected because a quota was exceeded. For more information, -// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { @@ -2279,14 +3234,13 @@ const opEnableKeyRotation = "EnableKeyRotation" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the EnableKeyRotationRequest method. +// req, resp := client.EnableKeyRotationRequest(params) // -// // Example sending a request using the EnableKeyRotationRequest method. -// req, resp := client.EnableKeyRotationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *request.Request, output *EnableKeyRotationOutput) { @@ -2308,16 +3262,73 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // EnableKeyRotation API operation for AWS Key Management Service. // -// Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified symmetric customer master key (CMK). You cannot perform -// this operation on a CMK in a different AWS account. +// Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable) +// of the specified symmetric encryption KMS key. +// +// By default, when you enable automatic rotation of a customer managed KMS +// key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), +// KMS rotates the key material of the KMS key one year (approximately 365 days) +// from the enable date and every year thereafter. You can use the optional +// RotationPeriodInDays parameter to specify a custom rotation period when you +// enable key rotation, or you can use RotationPeriodInDays to modify the rotation +// period of a key that you previously enabled automatic key rotation on. +// +// You can monitor rotation of the key material for your KMS keys in CloudTrail +// and Amazon CloudWatch. To disable rotation of the key material in a customer +// managed KMS key, use the DisableKeyRotation operation. You can use the GetKeyRotationStatus +// operation to identify any in progress rotations. You can use the ListKeyRotations +// operation to view the details of completed rotations. +// +// Automatic key rotation is supported only on symmetric encryption KMS keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), +// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// set the property on the primary key. +// +// You cannot enable or disable automatic rotation of Amazon Web Services managed +// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// KMS always rotates the key material of Amazon Web Services managed keys every +// year. Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) +// is managed by the Amazon Web Services service that owns the key. +// +// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed +// keys from every three years (approximately 1,095 days) to every year (approximately +// 365 days). +// +// New Amazon Web Services managed keys are automatically rotated one year after +// they are created, and approximately every year thereafter. +// +// Existing Amazon Web Services managed keys are automatically rotated one year +// after their most recent rotation, and every year thereafter. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:EnableKeyRotation (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - DisableKeyRotation +// +// - GetKeyRotationStatus // -// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported -// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// - ListKeyRotations // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - RotateKeyOnDemand You can perform on-demand (RotateKeyOnDemand) rotation +// of the key material in customer managed KMS keys, regardless of whether +// or not automatic key rotation is enabled. +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2327,36 +3338,45 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // API operation EnableKeyRotation for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation func (c *KMS) EnableKeyRotation(input *EnableKeyRotationInput) (*EnableKeyRotationOutput, error) { @@ -2396,14 +3416,13 @@ const opEncrypt = "Encrypt" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the EncryptRequest method. +// req, resp := client.EncryptRequest(params) // -// // Example sending a request using the EncryptRequest method. -// req, resp := client.EncryptRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output *EncryptOutput) { @@ -2424,68 +3443,72 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // Encrypt API operation for AWS Key Management Service. // -// Encrypts plaintext into ciphertext by using a customer master key (CMK). -// The Encrypt operation has two primary use cases: -// -// * You can encrypt small amounts of arbitrary data, such as a personal -// identifier or database password, or other sensitive information. -// -// * You can use the Encrypt operation to move encrypted data from one AWS -// Region to another. For example, in Region A, generate a data key and use -// the plaintext key to encrypt your data. Then, in Region A, use the Encrypt -// operation to encrypt the plaintext data key under a CMK in Region B. Now, -// you can move the encrypted data and the encrypted data key to Region B. -// When necessary, you can decrypt the encrypted data key and the encrypted -// data entirely within in Region B. +// Encrypts plaintext of up to 4,096 bytes using a KMS key. You can use a symmetric +// or asymmetric KMS key with a KeyUsage of ENCRYPT_DECRYPT. // +// You can use this operation to encrypt small amounts of arbitrary data, such +// as a personal identifier or database password, or other sensitive information. // You don't need to use the Encrypt operation to encrypt a data key. The GenerateDataKey // and GenerateDataKeyPair operations return a plaintext data key and an encrypted // copy of that data key. // -// When you encrypt data, you must specify a symmetric or asymmetric CMK to -// use in the encryption operation. The CMK must have a KeyUsage value of ENCRYPT_DECRYPT. -// To find the KeyUsage of a CMK, use the DescribeKey operation. -// -// If you use a symmetric CMK, you can use an encryption context to add additional -// security to your encryption operation. If you specify an EncryptionContext -// when encrypting data, you must specify the same encryption context (a case-sensitive -// exact match) when decrypting the data. Otherwise, the request to decrypt -// fails with an InvalidCiphertextException. For more information, see Encryption -// Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. -// -// If you specify an asymmetric CMK, you must also specify the encryption algorithm. -// The algorithm must be compatible with the CMK type. -// -// When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record -// the CMK and encryption algorithm that you choose. You will be required to -// provide the same CMK and encryption algorithm when you decrypt the data. -// If the CMK and algorithm do not match the values used to encrypt the data, -// the decrypt operation fails. -// -// You are not required to supply the CMK ID and encryption algorithm when you -// decrypt with symmetric CMKs because AWS KMS stores this information in the -// ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with -// asymmetric keys. The standard format for asymmetric key ciphertext does not -// include configurable fields. +// If you use a symmetric encryption KMS key, you can use an encryption context +// to add additional security to your encryption operation. If you specify an +// EncryptionContext when encrypting data, you must specify the same encryption +// context (a case-sensitive exact match) when decrypting the data. Otherwise, +// the request to decrypt fails with an InvalidCiphertextException. For more +// information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// in the Key Management Service Developer Guide. +// +// If you specify an asymmetric KMS key, you must also specify the encryption +// algorithm. The algorithm must be compatible with the KMS key spec. +// +// When you use an asymmetric KMS key to encrypt or reencrypt data, be sure +// to record the KMS key and encryption algorithm that you choose. You will +// be required to provide the same KMS key and encryption algorithm when you +// decrypt the data. If the KMS key and algorithm do not match the values used +// to encrypt the data, the decrypt operation fails. +// +// You are not required to supply the key ID and encryption algorithm when you +// decrypt with symmetric encryption KMS keys because KMS stores this information +// in the ciphertext blob. KMS cannot store metadata in ciphertext generated +// with asymmetric keys. The standard format for asymmetric key ciphertext does +// not include configurable fields. // // The maximum size of the data that you can encrypt varies with the type of -// CMK and the encryption algorithm that you choose. +// KMS key and the encryption algorithm that you choose. +// +// - Symmetric encryption KMS keys SYMMETRIC_DEFAULT: 4096 bytes // -// * Symmetric CMKs SYMMETRIC_DEFAULT: 4096 bytes +// - RSA_2048 RSAES_OAEP_SHA_1: 214 bytes RSAES_OAEP_SHA_256: 190 bytes // -// * RSA_2048 RSAES_OAEP_SHA_1: 214 bytes RSAES_OAEP_SHA_256: 190 bytes +// - RSA_3072 RSAES_OAEP_SHA_1: 342 bytes RSAES_OAEP_SHA_256: 318 bytes // -// * RSA_3072 RSAES_OAEP_SHA_1: 342 bytes RSAES_OAEP_SHA_256: 318 bytes +// - RSA_4096 RSAES_OAEP_SHA_1: 470 bytes RSAES_OAEP_SHA_256: 446 bytes // -// * RSA_4096 RSAES_OAEP_SHA_1: 470 bytes RSAES_OAEP_SHA_256: 446 bytes +// - SM2PKE: 1024 bytes (China Regions only) // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:Encrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - Decrypt +// +// - GenerateDataKey +// +// - GenerateDataKeyPair +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2495,50 +3518,65 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // API operation Encrypt for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { @@ -2578,14 +3616,13 @@ const opGenerateDataKey = "GenerateDataKey" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GenerateDataKeyRequest method. +// req, resp := client.GenerateDataKeyRequest(params) // -// // Example sending a request using the GenerateDataKeyRequest method. -// req, resp := client.GenerateDataKeyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.Request, output *GenerateDataKeyOutput) { @@ -2606,62 +3643,101 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // GenerateDataKey API operation for AWS Key Management Service. // -// Generates a unique symmetric data key for client-side encryption. This operation +// Returns a unique symmetric data key for use outside of KMS. This operation // returns a plaintext copy of the data key and a copy that is encrypted under -// a customer master key (CMK) that you specify. You can use the plaintext key -// to encrypt your data outside of AWS KMS and store the encrypted data key -// with the encrypted data. +// a symmetric encryption KMS key that you specify. The bytes in the plaintext +// key are random; they are not related to the caller or the KMS key. You can +// use the plaintext key to encrypt your data outside of KMS and store the encrypted +// data key with the encrypted data. // -// GenerateDataKey returns a unique data key for each request. The bytes in -// the plaintext key are not related to the caller or the CMK. +// To generate a data key, specify the symmetric encryption KMS key that will +// be used to encrypt the data key. You cannot use an asymmetric KMS key to +// encrypt data keys. To get the type of your KMS key, use the DescribeKey operation. // -// To generate a data key, specify the symmetric CMK that will be used to encrypt -// the data key. You cannot use an asymmetric CMK to generate data keys. To -// get the type of your CMK, use the DescribeKey operation. You must also specify -// the length of the data key. Use either the KeySpec or NumberOfBytes parameters -// (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter. +// You must also specify the length of the data key. Use either the KeySpec +// or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data +// keys, use the KeySpec parameter. +// +// To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec +// value of AES_128 or a NumberOfBytes value of 16. The symmetric encryption +// key used in China Regions to encrypt your data key is an SM4 encryption key. // // To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. // To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext // operation. To get a cryptographically secure random byte string, use GenerateRandom. // -// You can use the optional encryption context to add additional security to +// You can use an optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. -// -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. -// -// How to use your data key +// in the Key Management Service Developer Guide. +// +// GenerateDataKey also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateDataKey +// for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro +// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. GenerateDataKey returns a copy of the +// data key encrypted under the specified KMS key, as usual. But instead of +// a plaintext copy of the data key, the response includes a copy of the data +// key encrypted under the public key from the attestation document (CiphertextForRecipient). +// For information about the interaction between KMS and Amazon Web Services +// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// # How to use your data key // // We recommend that you use the following pattern to encrypt data locally in // your application. You can write your own code or use a client-side encryption -// library, such as the AWS Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/), +// library, such as the Amazon Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/), // the Amazon DynamoDB Encryption Client (https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/), // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html) // to do these tasks for you. // -// To encrypt data outside of AWS KMS: +// To encrypt data outside of KMS: // // Use the GenerateDataKey operation to get a data key. // // Use the plaintext data key (in the Plaintext field of the response) to encrypt -// your data outside of AWS KMS. Then erase the plaintext data key from memory. +// your data outside of KMS. Then erase the plaintext data key from memory. // // Store the encrypted data key (in the CiphertextBlob field of the response) // with the encrypted data. // -// To decrypt data outside of AWS KMS: +// To decrypt data outside of KMS: // // Use the Decrypt operation to decrypt the encrypted data key. The operation // returns a plaintext copy of the data key. // -// Use the plaintext data key to decrypt data outside of AWS KMS, then erase -// the plaintext data key from memory. +// Use the plaintext data key to decrypt data outside of KMS, then erase the +// plaintext data key from memory. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:GenerateDataKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - Decrypt +// +// - Encrypt +// +// - GenerateDataKeyPair +// +// - GenerateDataKeyPairWithoutPlaintext +// +// - GenerateDataKeyWithoutPlaintext +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2671,50 +3747,65 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // API operation GenerateDataKey for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { @@ -2754,14 +3845,13 @@ const opGenerateDataKeyPair = "GenerateDataKeyPair" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GenerateDataKeyPairRequest method. +// req, resp := client.GenerateDataKeyPairRequest(params) // -// // Example sending a request using the GenerateDataKeyPairRequest method. -// req, resp := client.GenerateDataKeyPairRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPair func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req *request.Request, output *GenerateDataKeyPairOutput) { @@ -2782,24 +3872,29 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // GenerateDataKeyPair API operation for AWS Key Management Service. // -// Generates a unique asymmetric data key pair. The GenerateDataKeyPair operation +// Returns a unique asymmetric data key pair for use outside of KMS. This operation // returns a plaintext public key, a plaintext private key, and a copy of the -// private key that is encrypted under the symmetric CMK you specify. You can -// use the data key pair to perform asymmetric cryptography outside of AWS KMS. -// -// GenerateDataKeyPair returns a unique data key pair for each request. The -// bytes in the keys are not related to the caller or the CMK that is used to -// encrypt the private key. +// private key that is encrypted under the symmetric encryption KMS key you +// specify. You can use the data key pair to perform asymmetric cryptography +// and implement digital signatures outside of KMS. The bytes in the keys are +// random; they are not related to the caller or to the KMS key that is used +// to encrypt the private key. // // You can use the public key that GenerateDataKeyPair returns to encrypt data -// or verify a signature outside of AWS KMS. Then, store the encrypted private -// key with the data. When you are ready to decrypt data or sign a message, -// you can use the Decrypt operation to decrypt the encrypted private key. +// or verify a signature outside of KMS. Then, store the encrypted private key +// with the data. When you are ready to decrypt data or sign a message, you +// can use the Decrypt operation to decrypt the encrypted private key. // -// To generate a data key pair, you must specify a symmetric customer master -// key (CMK) to encrypt the private key in a data key pair. You cannot use an -// asymmetric CMK or a CMK in a custom key store. To get the type and origin -// of your CMK, use the DescribeKey operation. +// To generate a data key pair, you must specify a symmetric encryption KMS +// key to encrypt the private key in a data key pair. You cannot use an asymmetric +// KMS key or a KMS key in a custom key store. To get the type and origin of +// your KMS key, use the DescribeKey operation. +// +// Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data +// key pair. In China Regions, you can also choose an SM2 data key pair. KMS +// recommends that you use ECC key pairs for signing, and use RSA and SM2 key +// pairs for either encryption or signing, but not both. However, KMS cannot +// enforce any restrictions on the use of data key pairs outside of KMS. // // If you are using the data key pair to encrypt data, or for any operation // where you don't immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext @@ -2809,16 +3904,59 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // to decrypt the data or sign a message, use the Decrypt operation to decrypt // the encrypted private key in the data key pair. // -// You can use the optional encryption context to add additional security to +// GenerateDataKeyPair returns a unique data key pair for each request. The +// bytes in the keys are random; they are not related to the caller or the KMS +// key that is used to encrypt the private key. The public key is a DER-encoded +// X.509 SubjectPublicKeyInfo, as specified in RFC 5280 (https://tools.ietf.org/html/rfc5280). +// The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC +// 5958 (https://tools.ietf.org/html/rfc5958). +// +// GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateDataKeyPair +// for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro +// Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. GenerateDataKeyPair returns the public +// data key and a copy of the private data key encrypted under the specified +// KMS key, as usual. But instead of a plaintext copy of the private data key +// (PrivateKeyPlaintext), the response includes a copy of the private data key +// encrypted under the public key from the attestation document (CiphertextForRecipient). +// For information about the interaction between KMS and Amazon Web Services +// Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide.. +// +// You can use an optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:GenerateDataKeyPair (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - Decrypt +// +// - Encrypt // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - GenerateDataKey +// +// - GenerateDataKeyPairWithoutPlaintext +// +// - GenerateDataKeyWithoutPlaintext +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2828,54 +3966,69 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // API operation GenerateDataKeyPair for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPair func (c *KMS) GenerateDataKeyPair(input *GenerateDataKeyPairInput) (*GenerateDataKeyPairOutput, error) { @@ -2915,14 +4068,13 @@ const opGenerateDataKeyPairWithoutPlaintext = "GenerateDataKeyPairWithoutPlainte // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GenerateDataKeyPairWithoutPlaintextRequest method. +// req, resp := client.GenerateDataKeyPairWithoutPlaintextRequest(params) // -// // Example sending a request using the GenerateDataKeyPairWithoutPlaintextRequest method. -// req, resp := client.GenerateDataKeyPairWithoutPlaintextRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPairWithoutPlaintext func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyPairWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyPairWithoutPlaintextOutput) { @@ -2943,93 +4095,138 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // GenerateDataKeyPairWithoutPlaintext API operation for AWS Key Management Service. // -// Generates a unique asymmetric data key pair. The GenerateDataKeyPairWithoutPlaintext -// operation returns a plaintext public key and a copy of the private key that -// is encrypted under the symmetric CMK you specify. Unlike GenerateDataKeyPair, -// this operation does not return a plaintext private key. -// -// To generate a data key pair, you must specify a symmetric customer master -// key (CMK) to encrypt the private key in the data key pair. You cannot use -// an asymmetric CMK or a CMK in a custom key store. To get the type and origin -// of your CMK, use the KeySpec field in the DescribeKey response. +// Returns a unique asymmetric data key pair for use outside of KMS. This operation +// returns a plaintext public key and a copy of the private key that is encrypted +// under the symmetric encryption KMS key you specify. Unlike GenerateDataKeyPair, +// this operation does not return a plaintext private key. The bytes in the +// keys are random; they are not related to the caller or to the KMS key that +// is used to encrypt the private key. // // You can use the public key that GenerateDataKeyPairWithoutPlaintext returns -// to encrypt data or verify a signature outside of AWS KMS. Then, store the -// encrypted private key with the data. When you are ready to decrypt data or -// sign a message, you can use the Decrypt operation to decrypt the encrypted -// private key. +// to encrypt data or verify a signature outside of KMS. Then, store the encrypted +// private key with the data. When you are ready to decrypt data or sign a message, +// you can use the Decrypt operation to decrypt the encrypted private key. +// +// To generate a data key pair, you must specify a symmetric encryption KMS +// key to encrypt the private key in a data key pair. You cannot use an asymmetric +// KMS key or a KMS key in a custom key store. To get the type and origin of +// your KMS key, use the DescribeKey operation. +// +// Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data +// key pair. In China Regions, you can also choose an SM2 data key pair. KMS +// recommends that you use ECC key pairs for signing, and use RSA and SM2 key +// pairs for either encryption or signing, but not both. However, KMS cannot +// enforce any restrictions on the use of data key pairs outside of KMS. // // GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each -// request. The bytes in the key are not related to the caller or CMK that is -// used to encrypt the private key. +// request. The bytes in the key are not related to the caller or KMS key that +// is used to encrypt the private key. The public key is a DER-encoded X.509 +// SubjectPublicKeyInfo, as specified in RFC 5280 (https://tools.ietf.org/html/rfc5280). // -// You can use the optional encryption context to add additional security to +// You can use an optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// Returns awserr.Error for service API and SDK errors. Use runtime type assertions -// with awserr.Error's Code and Message methods to get detailed information about -// the error. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. // -// See the AWS API reference guide for AWS Key Management Service's +// Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - Decrypt +// +// - Encrypt +// +// - GenerateDataKey +// +// - GenerateDataKeyPair +// +// - GenerateDataKeyWithoutPlaintext +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's // API operation GenerateDataKeyPairWithoutPlaintext for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPairWithoutPlaintext func (c *KMS) GenerateDataKeyPairWithoutPlaintext(input *GenerateDataKeyPairWithoutPlaintextInput) (*GenerateDataKeyPairWithoutPlaintextOutput, error) { @@ -3069,14 +4266,13 @@ const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GenerateDataKeyWithoutPlaintextRequest method. +// req, resp := client.GenerateDataKeyWithoutPlaintextRequest(params) // -// // Example sending a request using the GenerateDataKeyWithoutPlaintextRequest method. -// req, resp := client.GenerateDataKeyWithoutPlaintextRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyWithoutPlaintextOutput) { @@ -3097,16 +4293,17 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service. // -// Generates a unique symmetric data key. This operation returns a data key -// that is encrypted under a customer master key (CMK) that you specify. To -// request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext -// operations. +// Returns a unique symmetric data key for use outside of KMS. This operation +// returns a data key that is encrypted under a symmetric encryption KMS key +// that you specify. The bytes in the key are random; they are not related to +// the caller or to the KMS key. // // GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation -// except that returns only the encrypted copy of the data key. This operation -// is useful for systems that need to encrypt data at some point, but not immediately. -// When you need to encrypt the data, you call the Decrypt operation on the -// encrypted copy of the key. +// except that it does not return a plaintext copy of the data key. +// +// This operation is useful for systems that need to encrypt data at some point, +// but not immediately. When you need to encrypt the data, you call the Decrypt +// operation on the encrypted copy of the key. // // It's also useful in distributed systems with different levels of trust. For // example, you might store encrypted data in containers. One component of your @@ -3117,28 +4314,57 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // the plaintext data key. In this system, the component that creates the containers // never sees the plaintext data key. // -// GenerateDataKeyWithoutPlaintext returns a unique data key for each request. -// The bytes in the keys are not related to the caller or CMK that is used to -// encrypt the private key. +// To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext +// operations. // -// To generate a data key, you must specify the symmetric customer master key -// (CMK) that is used to encrypt the data key. You cannot use an asymmetric -// CMK to generate a data key. To get the type of your CMK, use the DescribeKey -// operation. +// To generate a data key, you must specify the symmetric encryption KMS key +// that is used to encrypt the data key. You cannot use an asymmetric KMS key +// or a key in a custom key store to generate a data key. To get the type of +// your KMS key, use the DescribeKey operation. +// +// You must also specify the length of the data key. Use either the KeySpec +// or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data +// keys, use the KeySpec parameter. +// +// To generate an SM4 data key (China Regions only), specify a KeySpec value +// of AES_128 or NumberOfBytes value of 16. The symmetric encryption key used +// in China Regions to encrypt your data key is an SM4 encryption key. // // If the operation succeeds, you will find the encrypted copy of the data key // in the CiphertextBlob field. // -// You can use the optional encryption context to add additional security to +// You can use an optional encryption context to add additional security to // the encryption operation. If you specify an EncryptionContext, you must specify // the same encryption context (a case-sensitive exact match) when decrypting // the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:GenerateDataKeyWithoutPlaintext (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - Decrypt +// +// - Encrypt +// +// - GenerateDataKey +// +// - GenerateDataKeyPair // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - GenerateDataKeyPairWithoutPlaintext +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3148,50 +4374,65 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // API operation GenerateDataKeyWithoutPlaintext for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { @@ -3215,6 +4456,172 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextWithContext(ctx aws.Context, input return out, req.Send() } +const opGenerateMac = "GenerateMac" + +// GenerateMacRequest generates a "aws/request.Request" representing the +// client's request for the GenerateMac operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GenerateMac for more information on using the GenerateMac +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GenerateMacRequest method. +// req, resp := client.GenerateMacRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateMac +func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, output *GenerateMacOutput) { + op := &request.Operation{ + Name: opGenerateMac, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateMacInput{} + } + + output = &GenerateMacOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateMac API operation for AWS Key Management Service. +// +// Generates a hash-based message authentication code (HMAC) for a message using +// an HMAC KMS key and a MAC algorithm that the key supports. HMAC KMS keys +// and the HMAC algorithms that KMS uses conform to industry standards defined +// in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). +// +// You can use value that GenerateMac returns in the VerifyMac operation to +// demonstrate that the original message has not changed. Also, because a secret +// key is used to create the hash, you can verify that the party that generated +// the hash has the required secret key. You can also use the raw result to +// implement HMAC-based algorithms such as key derivation functions. This operation +// is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS +// (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the +// Key Management Service Developer Guide . +// +// Best practices recommend that you limit the time during which any signing +// mechanism, including an HMAC, is effective. This deters an attack where the +// actor uses a signed message to establish validity repeatedly or long after +// the message is superseded. HMAC tags do not include a timestamp, but you +// can include a timestamp in the token or message to help you detect when its +// time to refresh the HMAC. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:GenerateMac (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: VerifyMac +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GenerateMac for usage and error information. +// +// Returned Error Types: +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. +// +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// - The KeyUsage value of the KMS key is incompatible with the API operation. +// +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. +// +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateMac +func (c *KMS) GenerateMac(input *GenerateMacInput) (*GenerateMacOutput, error) { + req, out := c.GenerateMacRequest(input) + return out, req.Send() +} + +// GenerateMacWithContext is the same as GenerateMac with the addition of +// the ability to pass a context and additional request options. +// +// See GenerateMac for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) GenerateMacWithContext(ctx aws.Context, input *GenerateMacInput, opts ...request.Option) (*GenerateMacOutput, error) { + req, out := c.GenerateMacRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGenerateRandom = "GenerateRandom" // GenerateRandomRequest generates a "aws/request.Request" representing the @@ -3231,14 +4638,13 @@ const opGenerateRandom = "GenerateRandom" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GenerateRandomRequest method. +// req, resp := client.GenerateRandomRequest(params) // -// // Example sending a request using the GenerateRandomRequest method. -// req, resp := client.GenerateRandomRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Request, output *GenerateRandomOutput) { @@ -3261,14 +4667,35 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // // Returns a random byte string that is cryptographically secure. // -// By default, the random byte string is generated in AWS KMS. To generate the -// byte string in the AWS CloudHSM cluster that is associated with a custom -// key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// specify the custom key store ID. +// You must use the NumberOfBytes parameter to specify the length of the random +// byte string. There is no default value for string length. +// +// By default, the random byte string is generated in KMS. To generate the byte +// string in the CloudHSM cluster associated with an CloudHSM key store, use +// the CustomKeyStoreId parameter. // -// For more information about entropy and random number generation, see the -// AWS Key Management Service Cryptographic Details (https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf) -// whitepaper. +// GenerateRandom also supports Amazon Web Services Nitro Enclaves (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html), +// which provide an isolated compute environment in Amazon EC2. To call GenerateRandom +// for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) +// or any Amazon Web Services SDK. Use the Recipient parameter to provide the +// attestation document for the enclave. Instead of plaintext bytes, the response +// includes the plaintext bytes encrypted under the public key from the attestation +// document (CiphertextForRecipient).For information about the interaction between +// KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro +// Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. +// +// For more information about entropy and random number generation, see Key +// Management Service Cryptographic Details (https://docs.aws.amazon.com/kms/latest/cryptographic-details/). +// +// Cross-account use: Not applicable. GenerateRandom does not use any account-specific +// resources, such as KMS keys. +// +// Required permissions: kms:GenerateRandom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3278,36 +4705,51 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // API operation GenerateRandom for usage and error information. // // Returned Error Types: -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - CustomKeyStoreNotFoundException +// The request was rejected because KMS cannot find a custom key store with +// the specified key store name or ID. +// +// - CustomKeyStoreInvalidStateException +// The request was rejected because of the ConnectionState of the custom key +// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores +// operation. // -// * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with -// the specified key store name or ID. +// This exception is thrown under the following conditions: // -// * CustomKeyStoreInvalidStateException -// The request was rejected because of the ConnectionState of the custom key -// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores -// operation. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). // -// This exception is thrown under the following conditions: +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. // -// * You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // -// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation -// on a custom key store that is not disconnected. This operation is valid -// only when the custom key store ConnectionState is DISCONNECTED. +// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. // -// * You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { @@ -3347,14 +4789,13 @@ const opGetKeyPolicy = "GetKeyPolicy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetKeyPolicyRequest method. +// req, resp := client.GetKeyPolicyRequest(params) // -// // Example sending a request using the GetKeyPolicyRequest method. -// req, resp := client.GetKeyPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Request, output *GetKeyPolicyOutput) { @@ -3375,8 +4816,18 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // GetKeyPolicy API operation for AWS Key Management Service. // -// Gets a key policy attached to the specified customer master key (CMK). You -// cannot perform this operation on a CMK in a different AWS account. +// Gets a key policy attached to the specified KMS key. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:GetKeyPolicy (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3386,29 +4837,38 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // API operation GetKeyPolicy for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { @@ -3448,14 +4908,13 @@ const opGetKeyRotationStatus = "GetKeyRotationStatus" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetKeyRotationStatusRequest method. +// req, resp := client.GetKeyRotationStatusRequest(params) // -// // Example sending a request using the GetKeyRotationStatusRequest method. -// req, resp := client.GetKeyRotationStatusRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req *request.Request, output *GetKeyRotationStatusOutput) { @@ -3476,28 +4935,72 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // GetKeyRotationStatus API operation for AWS Key Management Service. // -// Gets a Boolean value that indicates whether automatic rotation of the key -// material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// is enabled for the specified customer master key (CMK). +// Provides detailed information about the rotation status for a KMS key, including +// whether automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) +// is enabled for the specified KMS key, the rotation period (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotation-period), +// and the next scheduled rotation date. +// +// Automatic key rotation is supported only on symmetric encryption KMS keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), +// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// set the property on the primary key.. +// +// You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) +// of the key material in customer managed KMS keys. Key material rotation of +// Amazon Web Services managed KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) +// is not configurable. KMS always rotates the key material in Amazon Web Services +// managed KMS keys every year. The key rotation status for Amazon Web Services +// managed KMS keys is always true. +// +// You can perform on-demand (RotateKeyOnDemand) rotation of the key material +// in customer managed KMS keys, regardless of whether or not automatic key +// rotation is enabled. You can use GetKeyRotationStatus to identify the date +// and time that an in progress on-demand rotation was initiated. You can use +// ListKeyRotations to view the details of completed rotations. +// +// In May 2022, KMS changed the rotation schedule for Amazon Web Services managed +// keys from every three years to every year. For details, see EnableKeyRotation. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// - Disabled: The key rotation status does not change when you disable a +// KMS key. However, while the KMS key is disabled, KMS does not rotate the +// key material. When you re-enable the KMS key, rotation resumes. If the +// key material in the re-enabled KMS key hasn't been rotated in one year, +// KMS rotates it immediately, and every year thereafter. If it's been less +// than a year since the key material in the re-enabled KMS key was rotated, +// the KMS key resumes its prior rotation schedule. +// +// - Pending deletion: While a KMS key is pending deletion, its key rotation +// status is false and KMS does not rotate the key material. If you cancel +// the deletion, the original key rotation status returns to true. // -// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported -// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status for these CMKs is always false. +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Required permissions: kms:GetKeyRotationStatus (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) // -// * Disabled: The key rotation status does not change when you disable a -// CMK. However, while the CMK is disabled, AWS KMS does not rotate the backing -// key. +// Related operations: // -// * Pending deletion: While a CMK is pending deletion, its key rotation -// status is false and AWS KMS does not rotate the backing key. If you cancel -// the deletion, the original key rotation status is restored. +// - DisableKeyRotation // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. +// - EnableKeyRotation +// +// - ListKeyRotations +// +// - RotateKeyOnDemand +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3507,33 +5010,42 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // API operation GetKeyRotationStatus for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus func (c *KMS) GetKeyRotationStatus(input *GetKeyRotationStatusInput) (*GetKeyRotationStatusOutput, error) { @@ -3573,14 +5085,13 @@ const opGetParametersForImport = "GetParametersForImport" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetParametersForImportRequest method. +// req, resp := client.GetParametersForImportRequest(params) // -// // Example sending a request using the GetParametersForImportRequest method. -// req, resp := client.GetParametersForImportRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) (req *request.Request, output *GetParametersForImportOutput) { @@ -3601,30 +5112,75 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // GetParametersForImport API operation for AWS Key Management Service. // -// Returns the items you need to import key material into a symmetric, customer -// managed customer master key (CMK). For more information about importing key -// material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide. +// Returns the public key and an import token you need to import or reimport +// key material for a KMS key. +// +// By default, KMS keys are created with key material that KMS generates. This +// operation supports Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// an advanced feature that lets you generate and import the cryptographic key +// material for a KMS key. For more information about importing key material +// into KMS, see Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the Key Management Service Developer Guide. // -// This operation returns a public key and an import token. Use the public key -// to encrypt the symmetric key material. Store the import token to send with -// a subsequent ImportKeyMaterial request. +// Before calling GetParametersForImport, use the CreateKey operation with an +// Origin value of EXTERNAL to create a KMS key with no key material. You can +// import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric +// encryption KMS key, or asymmetric signing KMS key. You can also import key +// material into a multi-Region key (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// of any supported type. However, you can't import key material into a KMS +// key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You can also use GetParametersForImport to get a public key and import token +// to reimport the original key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) +// into a KMS key whose key material expired or was deleted. // -// You must specify the key ID of the symmetric CMK into which you will import -// key material. This CMK's Origin must be EXTERNAL. You must also specify the -// wrapping algorithm and type of wrapping key (public key) that you will use -// to encrypt the key material. You cannot perform this operation on an asymmetric -// CMK or on any CMK in a different AWS account. +// GetParametersForImport returns the items that you need to import your key +// material. // -// To import key material, you must use the public key and import token from -// the same response. These items are valid for 24 hours. The expiration date -// and time appear in the GetParametersForImport response. You cannot use an -// expired token in an ImportKeyMaterial request. If your key and token expire, -// send another GetParametersForImport request. +// - The public key (or "wrapping key") of an RSA key pair that KMS generates. +// You will use this public key to encrypt ("wrap") your key material while +// it's in transit to KMS. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - A import token that ensures that KMS can decrypt your key material and +// associate it with the correct KMS key. +// +// The public key and its import token are permanently linked and must be used +// together. Each public key and import token set is valid for 24 hours. The +// expiration date and time appear in the ParametersValidTo field in the GetParametersForImport +// response. You cannot use an expired public key or import token in an ImportKeyMaterial +// request. If your key and token expire, send another GetParametersForImport +// request. +// +// GetParametersForImport requires the following information: +// +// - The key ID of the KMS key for which you are importing the key material. +// +// - The key spec of the public key ("wrapping key") that you will use to +// encrypt your key material during import. +// +// - The wrapping algorithm that you will use with the public key to encrypt +// your key material. +// +// You can use the same or a different public key spec and wrapping algorithm +// each time you import or reimport the same key material. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:GetParametersForImport (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - ImportKeyMaterial +// +// - DeleteImportedKeyMaterial +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3634,33 +5190,42 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // API operation GetParametersForImport for usage and error information. // // Returned Error Types: -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { @@ -3700,14 +5265,13 @@ const opGetPublicKey = "GetPublicKey" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetPublicKeyRequest method. +// req, resp := client.GetPublicKeyRequest(params) // -// // Example sending a request using the GetPublicKeyRequest method. -// req, resp := client.GetPublicKeyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Request, output *GetPublicKeyOutput) { @@ -3728,47 +5292,63 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // GetPublicKey API operation for AWS Key Management Service. // -// Returns the public key of an asymmetric CMK. Unlike the private key of a -// asymmetric CMK, which never leaves AWS KMS unencrypted, callers with kms:GetPublicKey -// permission can download the public key of an asymmetric CMK. You can share -// the public key to allow others to encrypt messages and verify signatures -// outside of AWS KMS. For information about symmetric and asymmetric CMKs, -// see Using Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// Returns the public key of an asymmetric KMS key. Unlike the private key of +// a asymmetric KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey +// permission can download the public key of an asymmetric KMS key. You can +// share the public key to allow others to encrypt messages and verify signatures +// outside of KMS. For information about asymmetric KMS keys, see Asymmetric +// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // // You do not need to download the public key. Instead, you can use the public -// key within AWS KMS by calling the Encrypt, ReEncrypt, or Verify operations -// with the identifier of an asymmetric CMK. When you use the public key within -// AWS KMS, you benefit from the authentication, authorization, and logging -// that are part of every AWS KMS operation. You also reduce of risk of encrypting -// data that cannot be decrypted. These features are not effective outside of -// AWS KMS. For details, see Special Considerations for Downloading Public Keys -// (https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations). -// -// To help you use the public key safely outside of AWS KMS, GetPublicKey returns +// key within KMS by calling the Encrypt, ReEncrypt, or Verify operations with +// the identifier of an asymmetric KMS key. When you use the public key within +// KMS, you benefit from the authentication, authorization, and logging that +// are part of every KMS operation. You also reduce of risk of encrypting data +// that cannot be decrypted. These features are not effective outside of KMS. +// +// To help you use the public key safely outside of KMS, GetPublicKey returns // important information about the public key in the response, including: // -// * CustomerMasterKeySpec (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-CustomerMasterKeySpec): -// The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521. +// - KeySpec (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeySpec): +// The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521. +// +// - KeyUsage (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage): +// Whether the key is used for encryption, signing, or deriving a shared +// secret. +// +// - EncryptionAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms) +// or SigningAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms): +// A list of the encryption algorithms or the signing algorithms for the +// key. // -// * KeyUsage (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage): -// Whether the key is used for encryption or signing. +// Although KMS cannot enforce these restrictions on external operations, it +// is crucial that you use this information to prevent the public key from being +// used improperly. For example, you can prevent a public signing key from being +// used encrypt data, or prevent a public key from being used with an encryption +// algorithm that is not supported by KMS. You can also avoid errors, such as +// using the wrong signing algorithm in a verification operation. // -// * EncryptionAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms) -// or SigningAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms): -// A list of the encryption algorithms or the signing algorithms for the -// key. +// To verify a signature outside of KMS with an SM2 public key (China Regions +// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 +// as the distinguishing ID. For more information, see Offline verification +// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). // -// Although AWS KMS cannot enforce these restrictions on external operations, -// it is crucial that you use this information to prevent the public key from -// being used improperly. For example, you can prevent a public signing key -// from being used encrypt data, or prevent a public key from being used with -// an encryption algorithm that is not supported by AWS KMS. You can also avoid -// errors, such as using the wrong signing algorithm in a verification operation. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:GetPublicKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: CreateKey +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3778,58 +5358,70 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // API operation GetPublicKey for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey func (c *KMS) GetPublicKey(input *GetPublicKeyInput) (*GetPublicKeyOutput, error) { @@ -3869,14 +5461,13 @@ const opImportKeyMaterial = "ImportKeyMaterial" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ImportKeyMaterialRequest method. +// req, resp := client.ImportKeyMaterialRequest(params) // -// // Example sending a request using the ImportKeyMaterialRequest method. -// req, resp := client.ImportKeyMaterialRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *request.Request, output *ImportKeyMaterialOutput) { @@ -3898,52 +5489,107 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // ImportKeyMaterial API operation for AWS Key Management Service. // -// Imports key material into an existing symmetric AWS KMS customer master key -// (CMK) that was created without key material. After you successfully import -// key material into a CMK, you can reimport the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) -// into that CMK, but you cannot import different key material. -// -// You cannot perform this operation on an asymmetric CMK or on any CMK in a -// different AWS account. For more information about creating CMKs with no key -// material and then importing key material, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide. +// Imports or reimports key material into an existing KMS key that was created +// without key material. ImportKeyMaterial also sets the expiration model and +// expiration date of the imported key material. +// +// By default, KMS keys are created with key material that KMS generates. This +// operation supports Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// an advanced feature that lets you generate and import the cryptographic key +// material for a KMS key. For more information about importing key material +// into KMS, see Importing key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the Key Management Service Developer Guide. +// +// After you successfully import key material into a KMS key, you can reimport +// the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) +// into that KMS key, but you cannot import different key material. You might +// reimport key material to replace key material that expired or key material +// that you deleted. You might also reimport key material to change the expiration +// model or expiration date of the key material. +// +// Each time you import key material into KMS, you can determine whether (ExpirationModel) +// and when (ValidTo) the key material expires. To change the expiration of +// your key material, you must import it again, either by calling ImportKeyMaterial +// or using the import features (kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console) +// of the KMS console. +// +// Before calling ImportKeyMaterial: +// +// - Create or identify a KMS key with no key material. The KMS key must +// have an Origin value of EXTERNAL, which indicates that the KMS key is +// designed for imported key material. To create an new KMS key for imported +// key material, call the CreateKey operation with an Origin value of EXTERNAL. +// You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric +// encryption KMS key, or asymmetric signing KMS key. You can also import +// key material into a multi-Region key (kms/latest/developerguide/multi-region-keys-overview.html) +// of any supported type. However, you can't import key material into a KMS +// key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html). +// +// - Use the DescribeKey operation to verify that the KeyState of the KMS +// key is PendingImport, which indicates that the KMS key has no key material. +// If you are reimporting the same key material into an existing KMS key, +// you might need to call the DeleteImportedKeyMaterial to delete its existing +// key material. +// +// - Call the GetParametersForImport operation to get a public key and import +// token set for importing key material. +// +// - Use the public key in the GetParametersForImport response to encrypt +// your key material. +// +// Then, in an ImportKeyMaterial request, you submit your encrypted key material +// and import token. When calling this operation, you must specify the following +// values: +// +// - The key ID or key ARN of the KMS key to associate with the imported +// key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. +// You cannot perform this operation on a KMS key in a custom key store (kms/latest/developerguide/custom-key-store-overview.html), +// or on a KMS key in a different Amazon Web Services account. To get the +// Origin and KeyState of a KMS key, call DescribeKey. +// +// - The encrypted key material. +// +// - The import token that GetParametersForImport returned. You must use +// a public key and token from the same GetParametersForImport response. +// +// - Whether the key material expires (ExpirationModel) and, if so, when +// (ValidTo). For help with this choice, see Setting an expiration time (https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration) +// in the Key Management Service Developer Guide. If you set an expiration +// date, KMS deletes the key material from the KMS key on the specified date, +// making the KMS key unusable. To use the KMS key in cryptographic operations +// again, you must reimport the same key material. However, you can delete +// and reimport the key material at any time, including before the key material +// expires. Each time you reimport, you can eliminate or reset the expiration +// time. +// +// When this operation is successful, the key state of the KMS key changes from +// PendingImport to Enabled, and you can use the KMS key in cryptographic operations. // -// Before using this operation, call GetParametersForImport. Its response includes -// a public key and an import token. Use the public key to encrypt the key material. -// Then, submit the import token from the same GetParametersForImport response. -// -// When calling this operation, you must specify the following values: +// If this operation fails, use the exception to help determine the problem. +// If the error is related to the key material, the import token, or wrapping +// key, use GetParametersForImport to get a new public key and import token +// for the KMS key and repeat the import procedure. For help, see How To Import +// Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview) +// in the Key Management Service Developer Guide. // -// * The key ID or key ARN of a CMK with no key material. Its Origin must -// be EXTERNAL. To create a CMK with no key material, call CreateKey and -// set the value of its Origin parameter to EXTERNAL. To get the Origin of -// a CMK, call DescribeKey.) +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// * The encrypted key material. To get the public key to encrypt the key -// material, call GetParametersForImport. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. // -// * The import token that GetParametersForImport returned. You must use -// a public key and token from the same GetParametersForImport response. +// Required permissions: kms:ImportKeyMaterial (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) // -// * Whether the key material expires and if so, when. If you set an expiration -// date, AWS KMS deletes the key material from the CMK on the specified date, -// and the CMK becomes unusable. To use the CMK again, you must reimport -// the same key material. The only way to change an expiration date is by -// reimporting the same key material and specifying a new expiration date. +// Related operations: // -// When this operation is successful, the key state of the CMK changes from -// PendingImport to Enabled, and you can use the CMK. +// - DeleteImportedKeyMaterial // -// If this operation fails, use the exception to help determine the problem. -// If the error is related to the key material, the import token, or wrapping -// key, use GetParametersForImport to get a new public key and import token -// for the CMK and repeat the import procedure. For help, see How To Import -// Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview) -// in the AWS Key Management Service Developer Guide. +// - GetParametersForImport // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3953,56 +5599,65 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // API operation ImportKeyMaterial for usage and error information. // // Returned Error Types: -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // -// * InvalidCiphertextException -// From the Decrypt or ReEncrypt operation, the request was rejected because -// the specified ciphertext, or additional authenticated data incorporated into -// the ciphertext, such as the encryption context, is corrupted, missing, or -// otherwise invalid. +// - InvalidCiphertextException +// From the Decrypt or ReEncrypt operation, the request was rejected because +// the specified ciphertext, or additional authenticated data incorporated into +// the ciphertext, such as the encryption context, is corrupted, missing, or +// otherwise invalid. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. // -// * IncorrectKeyMaterialException -// The request was rejected because the key material in the request is, expired, -// invalid, or is not the same key material that was previously imported into -// this customer master key (CMK). +// - IncorrectKeyMaterialException +// The request was rejected because the key material in the request is, expired, +// invalid, or is not the same key material that was previously imported into +// this KMS key. // -// * ExpiredImportTokenException -// The request was rejected because the specified import token is expired. Use -// GetParametersForImport to get a new import token and public key, use the -// new public key to encrypt the key material, and then try the request again. +// - ExpiredImportTokenException +// The request was rejected because the specified import token is expired. Use +// GetParametersForImport to get a new import token and public key, use the +// new public key to encrypt the key material, and then try the request again. // -// * InvalidImportTokenException -// The request was rejected because the provided import token is invalid or -// is associated with a different customer master key (CMK). +// - InvalidImportTokenException +// The request was rejected because the provided import token is invalid or +// is associated with a different KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial func (c *KMS) ImportKeyMaterial(input *ImportKeyMaterialInput) (*ImportKeyMaterialOutput, error) { @@ -4042,14 +5697,13 @@ const opListAliases = "ListAliases" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListAliasesRequest method. +// req, resp := client.ListAliasesRequest(params) // -// // Example sending a request using the ListAliasesRequest method. -// req, resp := client.ListAliasesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) { @@ -4076,22 +5730,44 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // ListAliases API operation for AWS Key Management Service. // -// Gets a list of aliases in the caller's AWS account and region. You cannot -// list aliases in other accounts. For more information about aliases, see CreateAlias. +// Gets a list of aliases in the caller's Amazon Web Services account and region. +// For more information about aliases, see CreateAlias. // -// By default, the ListAliases command returns all aliases in the account and -// region. To get only the aliases that point to a particular customer master -// key (CMK), use the KeyId parameter. +// By default, the ListAliases operation returns all aliases in the account +// and region. To get only the aliases associated with a particular KMS key, +// use the KeyId parameter. // // The ListAliases response can include aliases that you created and associated -// with your customer managed CMKs, and aliases that AWS created and associated -// with AWS managed CMKs in your account. You can recognize AWS aliases because -// their names have the format aws/, such as aws/dynamodb. +// with your customer managed keys, and aliases that Amazon Web Services created +// and associated with Amazon Web Services managed keys in your account. You +// can recognize Amazon Web Services aliases because their names have the format +// aws/, such as aws/dynamodb. // // The response might also include aliases that have no TargetKeyId field. These -// are predefined aliases that AWS has created but has not yet associated with -// a CMK. Aliases that AWS creates in your account, including predefined aliases, -// do not count against your AWS KMS aliases quota (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). +// are predefined aliases that Amazon Web Services has created but has not yet +// associated with a KMS key. Aliases that Amazon Web Services creates in your +// account, including predefined aliases, do not count against your KMS aliases +// quota (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). +// +// Cross-account use: No. ListAliases does not return aliases in other Amazon +// Web Services accounts. +// +// Required permissions: kms:ListAliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the Key Management Service Developer Guide. +// +// Related operations: +// +// - CreateAlias +// +// - DeleteAlias +// +// - UpdateAlias +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4101,25 +5777,26 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // API operation ListAliases for usage and error information. // // Returned Error Types: -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. // -// * InvalidMarkerException -// The request was rejected because the marker that specifies where pagination -// should next begin is not valid. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases func (c *KMS) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) { @@ -4151,15 +5828,14 @@ func (c *KMS) ListAliasesWithContext(ctx aws.Context, input *ListAliasesInput, o // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListAliases operation. -// pageNum := 0 -// err := client.ListAliasesPages(params, -// func(page *kms.ListAliasesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListAliases operation. +// pageNum := 0 +// err := client.ListAliasesPages(params, +// func(page *kms.ListAliasesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *KMS) ListAliasesPages(input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool) error { return c.ListAliasesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -4211,14 +5887,13 @@ const opListGrants = "ListGrants" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListGrantsRequest method. +// req, resp := client.ListGrantsRequest(params) // -// // Example sending a request using the ListGrantsRequest method. -// req, resp := client.ListGrantsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, output *ListGrantsResponse) { @@ -4245,17 +5920,42 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // ListGrants API operation for AWS Key Management Service. // -// Gets a list of all grants for the specified customer master key (CMK). +// Gets a list of all grants for the specified KMS key. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. +// You must specify the KMS key in all requests. You can filter the grant list +// by grant ID or grantee principal. +// +// For detailed information about grants, including grant terminology, see Grants +// in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // // The GranteePrincipal field in the ListGrants response usually contains the // user or role designated as the grantee principal in the grant. However, when -// the grantee principal in the grant is an AWS service, the GranteePrincipal -// field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), +// the grantee principal in the grant is an Amazon Web Services service, the +// GranteePrincipal field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), // which might represent several different grantee principals. // +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. +// +// Required permissions: kms:ListGrants (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - CreateGrant +// +// - ListRetirableGrants +// +// - RetireGrant +// +// - RevokeGrant +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4264,33 +5964,45 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // API operation ListGrants for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// +// - InvalidGrantIdException +// The request was rejected because the specified GrantId is not valid. // -// * InvalidMarkerException -// The request was rejected because the marker that specifies where pagination -// should next begin is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { @@ -4322,15 +6034,14 @@ func (c *KMS) ListGrantsWithContext(ctx aws.Context, input *ListGrantsInput, opt // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListGrants operation. -// pageNum := 0 -// err := client.ListGrantsPages(params, -// func(page *kms.ListGrantsResponse, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListGrants operation. +// pageNum := 0 +// err := client.ListGrantsPages(params, +// func(page *kms.ListGrantsResponse, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *KMS) ListGrantsPages(input *ListGrantsInput, fn func(*ListGrantsResponse, bool) bool) error { return c.ListGrantsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -4382,14 +6093,13 @@ const opListKeyPolicies = "ListKeyPolicies" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListKeyPoliciesRequest method. +// req, resp := client.ListKeyPoliciesRequest(params) // -// // Example sending a request using the ListKeyPoliciesRequest method. -// req, resp := client.ListKeyPoliciesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.Request, output *ListKeyPoliciesOutput) { @@ -4416,10 +6126,24 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // ListKeyPolicies API operation for AWS Key Management Service. // -// Gets the names of the key policies that are attached to a customer master -// key (CMK). This operation is designed to get policy names that you can use -// in a GetKeyPolicy operation. However, the only valid policy name is default. -// You cannot perform this operation on a CMK in a different AWS account. +// Gets the names of the key policies that are attached to a KMS key. This operation +// is designed to get policy names that you can use in a GetKeyPolicy operation. +// However, the only valid policy name is default. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:ListKeyPolicies (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - GetKeyPolicy +// +// - PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4429,29 +6153,38 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // API operation ListKeyPolicies for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { @@ -4483,15 +6216,14 @@ func (c *KMS) ListKeyPoliciesWithContext(ctx aws.Context, input *ListKeyPolicies // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListKeyPolicies operation. -// pageNum := 0 -// err := client.ListKeyPoliciesPages(params, -// func(page *kms.ListKeyPoliciesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListKeyPolicies operation. +// pageNum := 0 +// err := client.ListKeyPoliciesPages(params, +// func(page *kms.ListKeyPoliciesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *KMS) ListKeyPoliciesPages(input *ListKeyPoliciesInput, fn func(*ListKeyPoliciesOutput, bool) bool) error { return c.ListKeyPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -4527,35 +6259,34 @@ func (c *KMS) ListKeyPoliciesPagesWithContext(ctx aws.Context, input *ListKeyPol return p.Err() } -const opListKeys = "ListKeys" +const opListKeyRotations = "ListKeyRotations" -// ListKeysRequest generates a "aws/request.Request" representing the -// client's request for the ListKeys operation. The "output" return +// ListKeyRotationsRequest generates a "aws/request.Request" representing the +// client's request for the ListKeyRotations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListKeys for more information on using the ListKeys +// See ListKeyRotations for more information on using the ListKeyRotations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListKeyRotationsRequest method. +// req, resp := client.ListKeyRotationsRequest(params) // -// // Example sending a request using the ListKeysRequest method. -// req, resp := client.ListKeysRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys -func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotations +func (c *KMS) ListKeyRotationsRequest(input *ListKeyRotationsInput) (req *request.Request, output *ListKeyRotationsOutput) { op := &request.Operation{ - Name: opListKeys, + Name: opListKeyRotations, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ @@ -4567,55 +6298,271 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu } if input == nil { - input = &ListKeysInput{} + input = &ListKeyRotationsInput{} } - output = &ListKeysOutput{} + output = &ListKeyRotationsOutput{} req = c.newRequest(op, input, output) return } -// ListKeys API operation for AWS Key Management Service. +// ListKeyRotations API operation for AWS Key Management Service. +// +// Returns information about all completed key material rotations for the specified +// KMS key. +// +// You must specify the KMS key in all requests. You can refine the key rotations +// list by limiting the number of rotations returned. +// +// For detailed information about automatic and on-demand key rotations, see +// Rotating KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:ListKeyRotations (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - EnableKeyRotation +// +// - DisableKeyRotation // -// Gets a list of all customer master keys (CMKs) in the caller's AWS account -// and Region. +// - GetKeyRotationStatus +// +// - RotateKeyOnDemand +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's -// API operation ListKeys for usage and error information. +// API operation ListKeyRotations for usage and error information. // // Returned Error Types: -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * InvalidMarkerException -// The request was rejected because the marker that specifies where pagination -// should next begin is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys -func (c *KMS) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { - req, out := c.ListKeysRequest(input) +// - InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotations +func (c *KMS) ListKeyRotations(input *ListKeyRotationsInput) (*ListKeyRotationsOutput, error) { + req, out := c.ListKeyRotationsRequest(input) return out, req.Send() } -// ListKeysWithContext is the same as ListKeys with the addition of +// ListKeyRotationsWithContext is the same as ListKeyRotations with the addition of // the ability to pass a context and additional request options. // -// See ListKeys for details on how to use this API operation. +// See ListKeyRotations for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *KMS) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) { +func (c *KMS) ListKeyRotationsWithContext(ctx aws.Context, input *ListKeyRotationsInput, opts ...request.Option) (*ListKeyRotationsOutput, error) { + req, out := c.ListKeyRotationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListKeyRotationsPages iterates over the pages of a ListKeyRotations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListKeyRotations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListKeyRotations operation. +// pageNum := 0 +// err := client.ListKeyRotationsPages(params, +// func(page *kms.ListKeyRotationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *KMS) ListKeyRotationsPages(input *ListKeyRotationsInput, fn func(*ListKeyRotationsOutput, bool) bool) error { + return c.ListKeyRotationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListKeyRotationsPagesWithContext same as ListKeyRotationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) ListKeyRotationsPagesWithContext(ctx aws.Context, input *ListKeyRotationsInput, fn func(*ListKeyRotationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListKeyRotationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListKeyRotationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListKeyRotationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListKeys = "ListKeys" + +// ListKeysRequest generates a "aws/request.Request" representing the +// client's request for the ListKeys operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListKeys for more information on using the ListKeys +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListKeysRequest method. +// req, resp := client.ListKeysRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys +func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { + op := &request.Operation{ + Name: opListKeys, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListKeysInput{} + } + + output = &ListKeysOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListKeys API operation for AWS Key Management Service. +// +// Gets a list of all KMS keys in the caller's Amazon Web Services account and +// Region. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:ListKeys (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// - CreateKey +// +// - DescribeKey +// +// - ListAliases +// +// - ListResourceTags +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ListKeys for usage and error information. +// +// Returned Error Types: +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys +func (c *KMS) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { + req, out := c.ListKeysRequest(input) + return out, req.Send() +} + +// ListKeysWithContext is the same as ListKeys with the addition of +// the ability to pass a context and additional request options. +// +// See ListKeys for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) { req, out := c.ListKeysRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) @@ -4630,15 +6577,14 @@ func (c *KMS) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts .. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListKeys operation. -// pageNum := 0 -// err := client.ListKeysPages(params, -// func(page *kms.ListKeysOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListKeys operation. +// pageNum := 0 +// err := client.ListKeysPages(params, +// func(page *kms.ListKeysOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *KMS) ListKeysPages(input *ListKeysInput, fn func(*ListKeysOutput, bool) bool) error { return c.ListKeysPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -4690,14 +6636,13 @@ const opListResourceTags = "ListResourceTags" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListResourceTagsRequest method. +// req, resp := client.ListResourceTagsRequest(params) // -// // Example sending a request using the ListResourceTagsRequest method. -// req, resp := client.ListResourceTagsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *request.Request, output *ListResourceTagsOutput) { @@ -4705,6 +6650,12 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques Name: opListResourceTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, } if input == nil { @@ -4718,9 +6669,31 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // ListResourceTags API operation for AWS Key Management Service. // -// Returns a list of all tags for the specified customer master key (CMK). +// Returns all tags on the specified KMS key. +// +// For general information about tags, including the format and syntax, see +// Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// in the Amazon Web Services General Reference. For information about using +// tags in KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // -// You cannot perform this operation on a CMK in a different AWS account. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:ListResourceTags (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - CreateKey +// +// - ReplicateKey +// +// - TagResource +// +// - UntagResource +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4730,21 +6703,22 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // API operation ListResourceTags for usage and error information. // // Returned Error Types: -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InvalidMarkerException -// The request was rejected because the marker that specifies where pagination -// should next begin is not valid. +// - InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags func (c *KMS) ListResourceTags(input *ListResourceTagsInput) (*ListResourceTagsOutput, error) { @@ -4768,6 +6742,57 @@ func (c *KMS) ListResourceTagsWithContext(ctx aws.Context, input *ListResourceTa return out, req.Send() } +// ListResourceTagsPages iterates over the pages of a ListResourceTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListResourceTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListResourceTags operation. +// pageNum := 0 +// err := client.ListResourceTagsPages(params, +// func(page *kms.ListResourceTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *KMS) ListResourceTagsPages(input *ListResourceTagsInput, fn func(*ListResourceTagsOutput, bool) bool) error { + return c.ListResourceTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListResourceTagsPagesWithContext same as ListResourceTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) ListResourceTagsPagesWithContext(ctx aws.Context, input *ListResourceTagsInput, fn func(*ListResourceTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListResourceTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListResourceTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListResourceTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListRetirableGrants = "ListRetirableGrants" // ListRetirableGrantsRequest generates a "aws/request.Request" representing the @@ -4784,14 +6809,13 @@ const opListRetirableGrants = "ListRetirableGrants" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListRetirableGrantsRequest method. +// req, resp := client.ListRetirableGrantsRequest(params) // -// // Example sending a request using the ListRetirableGrantsRequest method. -// req, resp := client.ListRetirableGrantsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req *request.Request, output *ListGrantsResponse) { @@ -4799,6 +6823,12 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * Name: opListRetirableGrants, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, } if input == nil { @@ -4812,11 +6842,49 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // ListRetirableGrants API operation for AWS Key Management Service. // -// Returns a list of all grants for which the grant's RetiringPrincipal matches -// the one specified. +// Returns information about all grants in the Amazon Web Services account and +// Region that have the specified retiring principal. +// +// You can specify any principal in your Amazon Web Services account. The grants +// that are returned include grants for KMS keys in your Amazon Web Services +// account and other Amazon Web Services accounts. You might use this operation +// to determine which grants you may retire. To retire a grant, use the RetireGrant +// operation. +// +// For detailed information about grants, including grant terminology, see Grants +// in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). +// +// Cross-account use: You must specify a principal in your Amazon Web Services +// account. This operation returns a list of grants where the retiring principal +// specified in the ListRetirableGrants request is the same retiring principal +// on the grant. This can include grants on KMS keys owned by other Amazon Web +// Services accounts, but you do not need kms:ListRetirableGrants permission +// (or any other additional permission) in any Amazon Web Services account other +// than your own. +// +// Required permissions: kms:ListRetirableGrants (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) in your Amazon Web Services account. +// +// KMS authorizes ListRetirableGrants requests by evaluating the caller account's +// kms:ListRetirableGrants permissions. The authorized resource in ListRetirableGrants +// calls is the retiring principal specified in the request. KMS does not evaluate +// the caller's permissions to verify their access to any KMS keys or grants +// that might be returned by the ListRetirableGrants call. +// +// Related operations: // -// A typical use is to list all grants that you are able to retire. To retire -// a grant, use RetireGrant. +// - CreateGrant +// +// - ListGrants +// +// - RetireGrant +// +// - RevokeGrant +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4826,25 +6894,26 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // API operation ListRetirableGrants for usage and error information. // // Returned Error Types: -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. // -// * InvalidMarkerException -// The request was rejected because the marker that specifies where pagination -// should next begin is not valid. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants func (c *KMS) ListRetirableGrants(input *ListRetirableGrantsInput) (*ListGrantsResponse, error) { @@ -4868,6 +6937,57 @@ func (c *KMS) ListRetirableGrantsWithContext(ctx aws.Context, input *ListRetirab return out, req.Send() } +// ListRetirableGrantsPages iterates over the pages of a ListRetirableGrants operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListRetirableGrants method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListRetirableGrants operation. +// pageNum := 0 +// err := client.ListRetirableGrantsPages(params, +// func(page *kms.ListGrantsResponse, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *KMS) ListRetirableGrantsPages(input *ListRetirableGrantsInput, fn func(*ListGrantsResponse, bool) bool) error { + return c.ListRetirableGrantsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListRetirableGrantsPagesWithContext same as ListRetirableGrantsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) ListRetirableGrantsPagesWithContext(ctx aws.Context, input *ListRetirableGrantsInput, fn func(*ListGrantsResponse, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListRetirableGrantsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListRetirableGrantsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListGrantsResponse), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opPutKeyPolicy = "PutKeyPolicy" // PutKeyPolicyRequest generates a "aws/request.Request" representing the @@ -4884,14 +7004,13 @@ const opPutKeyPolicy = "PutKeyPolicy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutKeyPolicyRequest method. +// req, resp := client.PutKeyPolicyRequest(params) // -// // Example sending a request using the PutKeyPolicyRequest method. -// req, resp := client.PutKeyPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Request, output *PutKeyPolicyOutput) { @@ -4913,11 +7032,26 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // PutKeyPolicy API operation for AWS Key Management Service. // -// Attaches a key policy to the specified customer master key (CMK). You cannot -// perform this operation on a CMK in a different AWS account. +// Attaches a key policy to the specified KMS key. // // For more information about key policies, see Key Policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. For help writing and formatting +// a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) +// in the Identity and Access Management User Guide . For examples of adding +// a key policy in multiple programming languages, see Setting a key policy +// (https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: GetKeyPolicy +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4927,42 +7061,51 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // API operation PutKeyPolicy for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - MalformedPolicyDocumentException +// The request was rejected because the specified policy is not syntactically +// or semantically correct. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * MalformedPolicyDocumentException -// The request was rejected because the specified policy is not syntactically -// or semantically correct. +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * UnsupportedOperationException -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * LimitExceededException -// The request was rejected because a quota was exceeded. For more information, -// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { @@ -5002,14 +7145,13 @@ const opReEncrypt = "ReEncrypt" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ReEncryptRequest method. +// req, resp := client.ReEncryptRequest(params) // -// // Example sending a request using the ReEncryptRequest method. -// req, resp := client.ReEncryptRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, output *ReEncryptOutput) { @@ -5030,68 +7172,93 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // ReEncrypt API operation for AWS Key Management Service. // -// Decrypts ciphertext and then reencrypts it entirely within AWS KMS. You can -// use this operation to change the customer master key (CMK) under which data -// is encrypted, such as when you manually rotate (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually) -// a CMK or change the CMK that protects a ciphertext. You can also use it to -// reencrypt ciphertext under the same CMK, such as to change the encryption -// context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// Decrypts ciphertext and then reencrypts it entirely within KMS. You can use +// this operation to change the KMS key under which data is encrypted, such +// as when you manually rotate (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually) +// a KMS key or change the KMS key that protects a ciphertext. You can also +// use it to reencrypt ciphertext under the same KMS key, such as to change +// the encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // of a ciphertext. // // The ReEncrypt operation can decrypt ciphertext that was encrypted by using -// an AWS KMS CMK in an AWS KMS operation, such as Encrypt or GenerateDataKey. -// It can also decrypt ciphertext that was encrypted by using the public key -// of an asymmetric CMK (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks) -// outside of AWS KMS. However, it cannot decrypt ciphertext produced by other -// libraries, such as the AWS Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// a KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can +// also decrypt ciphertext that was encrypted by using the public key of an +// asymmetric KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks) +// outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, +// such as the Amazon Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). -// These libraries return a ciphertext format that is incompatible with AWS -// KMS. +// These libraries return a ciphertext format that is incompatible with KMS. // // When you use the ReEncrypt operation, you need to provide information for // the decrypt operation and the subsequent encrypt operation. // -// * If your ciphertext was encrypted under an asymmetric CMK, you must identify -// the source CMK, that is, the CMK that encrypted the ciphertext. You must -// also supply the encryption algorithm that was used. This information is -// required to decrypt the data. -// -// * It is optional, but you can specify a source CMK even when the ciphertext -// was encrypted under a symmetric CMK. This ensures that the ciphertext -// is decrypted only by using a particular CMK. If the CMK that you specify -// cannot decrypt the ciphertext, the ReEncrypt operation fails. -// -// * To reencrypt the data, you must specify the destination CMK, that is, -// the CMK that re-encrypts the data after it is decrypted. You can select -// a symmetric or asymmetric CMK. If the destination CMK is an asymmetric -// CMK, you must also provide the encryption algorithm. The algorithm that -// you choose must be compatible with the CMK. When you use an asymmetric -// CMK to encrypt or reencrypt data, be sure to record the CMK and encryption -// algorithm that you choose. You will be required to provide the same CMK -// and encryption algorithm when you decrypt the data. If the CMK and algorithm -// do not match the values used to encrypt the data, the decrypt operation -// fails. You are not required to supply the CMK ID and encryption algorithm -// when you decrypt with symmetric CMKs because AWS KMS stores this information -// in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated -// with asymmetric keys. The standard format for asymmetric key ciphertext -// does not include configurable fields. -// -// Unlike other AWS KMS API operations, ReEncrypt callers must have two permissions: -// -// * kms:ReEncryptFrom permission on the source CMK -// -// * kms:ReEncryptTo permission on the destination CMK -// -// To permit reencryption from or to a CMK, include the "kms:ReEncrypt*" permission -// in your key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html). +// - If your ciphertext was encrypted under an asymmetric KMS key, you must +// use the SourceKeyId parameter to identify the KMS key that encrypted the +// ciphertext. You must also supply the encryption algorithm that was used. +// This information is required to decrypt the data. +// +// - If your ciphertext was encrypted under a symmetric encryption KMS key, +// the SourceKeyId parameter is optional. KMS can get this information from +// metadata that it adds to the symmetric ciphertext blob. This feature adds +// durability to your implementation by ensuring that authorized users can +// decrypt ciphertext decades after it was encrypted, even if they've lost +// track of the key ID. However, specifying the source KMS key is always +// recommended as a best practice. When you use the SourceKeyId parameter +// to specify a KMS key, KMS uses only the KMS key you specify. If the ciphertext +// was encrypted under a different KMS key, the ReEncrypt operation fails. +// This practice ensures that you use the KMS key that you intend. +// +// - To reencrypt the data, you must use the DestinationKeyId parameter to +// specify the KMS key that re-encrypts the data after it is decrypted. If +// the destination KMS key is an asymmetric KMS key, you must also provide +// the encryption algorithm. The algorithm that you choose must be compatible +// with the KMS key. When you use an asymmetric KMS key to encrypt or reencrypt +// data, be sure to record the KMS key and encryption algorithm that you +// choose. You will be required to provide the same KMS key and encryption +// algorithm when you decrypt the data. If the KMS key and algorithm do not +// match the values used to encrypt the data, the decrypt operation fails. +// You are not required to supply the key ID and encryption algorithm when +// you decrypt with symmetric encryption KMS keys because KMS stores this +// information in the ciphertext blob. KMS cannot store metadata in ciphertext +// generated with asymmetric keys. The standard format for asymmetric key +// ciphertext does not include configurable fields. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. The source KMS key and destination KMS key can be +// in different Amazon Web Services accounts. Either or both KMS keys can be +// in a different account than the caller. To specify a KMS key in a different +// account, you must use its key ARN or alias ARN. +// +// Required permissions: +// +// - kms:ReEncryptFrom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// permission on the source KMS key (key policy) +// +// - kms:ReEncryptTo (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// permission on the destination KMS key (key policy) +// +// To permit reencryption from or to a KMS key, include the "kms:ReEncrypt*" +// permission in your key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html). // This permission is automatically included in the key policy when you use -// the console to create a CMK. But you must include it manually when you create -// a CMK programmatically or when you use the PutKeyPolicy operation to set -// a key policy. +// the console to create a KMS key. But you must include it manually when you +// create a KMS key programmatically or when you use the PutKeyPolicy operation +// to set a key policy. +// +// Related operations: +// +// - Decrypt +// +// - Encrypt // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - GenerateDataKey +// +// - GenerateDataKeyPair +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5101,64 +7268,79 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // API operation ReEncrypt for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - InvalidCiphertextException +// From the Decrypt or ReEncrypt operation, the request was rejected because +// the specified ciphertext, or additional authenticated data incorporated into +// the ciphertext, such as the encryption context, is corrupted, missing, or +// otherwise invalid. // -// * InvalidCiphertextException -// From the Decrypt or ReEncrypt operation, the request was rejected because -// the specified ciphertext, or additional authenticated data incorporated into -// the ciphertext, such as the encryption context, is corrupted, missing, or -// otherwise invalid. +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - IncorrectKeyException +// The request was rejected because the specified KMS key cannot decrypt the +// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same KMS key that was used to encrypt the ciphertext. // -// * IncorrectKeyException -// The request was rejected because the specified CMK cannot decrypt the data. -// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request -// must identify the same CMK that was used to encrypt the ciphertext. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { @@ -5182,67 +7364,298 @@ func (c *KMS) ReEncryptWithContext(ctx aws.Context, input *ReEncryptInput, opts return out, req.Send() } -const opRetireGrant = "RetireGrant" +const opReplicateKey = "ReplicateKey" -// RetireGrantRequest generates a "aws/request.Request" representing the -// client's request for the RetireGrant operation. The "output" return +// ReplicateKeyRequest generates a "aws/request.Request" representing the +// client's request for the ReplicateKey operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See RetireGrant for more information on using the RetireGrant +// See ReplicateKey for more information on using the ReplicateKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ReplicateKeyRequest method. +// req, resp := client.ReplicateKeyRequest(params) // -// // Example sending a request using the RetireGrantRequest method. -// req, resp := client.RetireGrantRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant -func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, output *RetireGrantOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReplicateKey +func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Request, output *ReplicateKeyOutput) { op := &request.Operation{ - Name: opRetireGrant, + Name: opReplicateKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &RetireGrantInput{} + input = &ReplicateKeyInput{} } - output = &RetireGrantOutput{} + output = &ReplicateKeyOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// RetireGrant API operation for AWS Key Management Service. -// -// Retires a grant. To clean up, you can retire a grant when you're done using -// it. You should revoke a grant when you intend to actively deny operations -// that depend on it. The following are permitted to call this API: -// -// * The AWS account (root user) under which the grant was created +// ReplicateKey API operation for AWS Key Management Service. +// +// Replicates a multi-Region key into the specified Region. This operation creates +// a multi-Region replica key based on a multi-Region primary key in a different +// Region of the same Amazon Web Services partition. You can create multiple +// replicas of a primary key, but each must be in a different Region. To create +// a multi-Region primary key, use the CreateKey operation. +// +// This operation supports multi-Region keys, an KMS feature that lets you create +// multiple interoperable KMS keys in different Amazon Web Services Regions. +// Because these KMS keys have the same key ID, key material, and other metadata, +// you can use them interchangeably to encrypt data in one Amazon Web Services +// Region and decrypt it in a different Amazon Web Services Region without re-encrypting +// the data or making a cross-Region call. For more information about multi-Region +// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the Key Management Service Developer Guide. +// +// A replica key is a fully-functional KMS key that can be used independently +// of its primary and peer replica keys. A primary key and its replica keys +// share properties that make them interoperable. They have the same key ID +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id) +// and key material. They also have the same key spec (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec), +// key usage (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage), +// key material origin (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin), +// and automatic key rotation status (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html). +// KMS automatically synchronizes these shared properties among related multi-Region +// keys. All other properties of a replica key can differ, including its key +// policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html), +// tags (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html), +// aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html), +// and Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// KMS pricing and quotas for KMS keys apply to each primary key and replica +// key. +// +// When this operation completes, the new replica key has a transient key state +// of Creating. This key state changes to Enabled (or PendingImport) after a +// few seconds when the process of creating the new replica key is complete. +// While the key state is Creating, you can manage key, but you cannot yet use +// it in cryptographic operations. If you are creating and using the replica +// key programmatically, retry on KMSInvalidStateException or call DescribeKey +// to check its KeyState value before using it. For details about the Creating +// key state, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// You cannot create more than one replica of a primary key in any Region. If +// the Region already includes a replica of the key you're trying to replicate, +// ReplicateKey returns an AlreadyExistsException error. If the key state of +// the existing replica is PendingDeletion, you can cancel the scheduled key +// deletion (CancelKeyDeletion) or wait for the key to be deleted. The new replica +// key you create will have the same shared properties (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-sync-properties) +// as the original replica key. +// +// The CloudTrail log of a ReplicateKey operation records a ReplicateKey operation +// in the primary key's Region and a CreateKey operation in the replica key's +// Region. +// +// If you replicate a multi-Region primary key with imported key material, the +// replica key is created with no key material. You must import the same key +// material that you imported into the primary key. For details, see Importing +// key material into multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html) +// in the Key Management Service Developer Guide. +// +// To convert a replica key to a primary key, use the UpdatePrimaryRegion operation. +// +// ReplicateKey uses different default values for the KeyPolicy and Tags parameters +// than those used in the KMS console. For details, see the parameter descriptions. +// +// Cross-account use: No. You cannot use this operation to create a replica +// key in a different Amazon Web Services account. +// +// Required permissions: +// +// - kms:ReplicateKey on the primary key (in the primary key's Region). Include +// this permission in the primary key's key policy. +// +// - kms:CreateKey in an IAM policy in the replica Region. +// +// - To use the Tags parameter, kms:TagResource in an IAM policy in the replica +// Region. +// +// Related operations +// +// - CreateKey +// +// - UpdatePrimaryRegion +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // -// * The RetiringPrincipal, if present in the grant +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ReplicateKey for usage and error information. +// +// Returned Error Types: +// +// - AlreadyExistsException +// The request was rejected because it attempted to create a resource that already +// exists. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. +// +// - MalformedPolicyDocumentException +// The request was rejected because the specified policy is not syntactically +// or semantically correct. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - TagException +// The request was rejected because one or more tags are not valid. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReplicateKey +func (c *KMS) ReplicateKey(input *ReplicateKeyInput) (*ReplicateKeyOutput, error) { + req, out := c.ReplicateKeyRequest(input) + return out, req.Send() +} + +// ReplicateKeyWithContext is the same as ReplicateKey with the addition of +// the ability to pass a context and additional request options. +// +// See ReplicateKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) ReplicateKeyWithContext(ctx aws.Context, input *ReplicateKeyInput, opts ...request.Option) (*ReplicateKeyOutput, error) { + req, out := c.ReplicateKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRetireGrant = "RetireGrant" + +// RetireGrantRequest generates a "aws/request.Request" representing the +// client's request for the RetireGrant operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RetireGrant for more information on using the RetireGrant +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RetireGrantRequest method. +// req, resp := client.RetireGrantRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant +func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, output *RetireGrantOutput) { + op := &request.Operation{ + Name: opRetireGrant, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RetireGrantInput{} + } + + output = &RetireGrantOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// RetireGrant API operation for AWS Key Management Service. +// +// Deletes a grant. Typically, you retire a grant when you no longer need its +// permissions. To identify the grant to retire, use a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token), +// or both the grant ID and a key identifier (key ID or key ARN) of the KMS +// key. The CreateGrant operation returns both values. +// +// This operation can be called by the retiring principal for a grant, by the +// grantee principal if the grant allows the RetireGrant operation, and by the +// Amazon Web Services account in which the grant is created. It can also be +// called by principals to whom permission for retiring a grant is delegated. +// For details, see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) +// in the Key Management Service Developer Guide. +// +// For detailed information about grants, including grant terminology, see Grants +// in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). +// +// Cross-account use: Yes. You can retire a grant on a KMS key in a different +// Amazon Web Services account. +// +// Required permissions: Permission to retire a grant is determined primarily +// by the grant. For details, see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) +// in the Key Management Service Developer Guide. +// +// Related operations: +// +// - CreateGrant // -// * The GranteePrincipal, if RetireGrant is an operation specified in the -// grant +// - ListGrants // -// You must identify the grant to retire by its grant token or by a combination -// of the grant ID and the Amazon Resource Name (ARN) of the customer master -// key (CMK). A grant token is a unique variable-length base64-encoded string. -// A grant ID is a 64 character unique identifier of a grant. The CreateGrant -// operation returns both. +// - ListRetirableGrants +// +// - RevokeGrant +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5252,35 +7665,47 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // API operation RetireGrant for usage and error information. // // Returned Error Types: -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// - InvalidGrantIdException +// The request was rejected because the specified GrantId is not valid. // -// * InvalidGrantIdException -// The request was rejected because the specified GrantId is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { @@ -5320,14 +7745,13 @@ const opRevokeGrant = "RevokeGrant" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RevokeGrantRequest method. +// req, resp := client.RevokeGrantRequest(params) // -// // Example sending a request using the RevokeGrantRequest method. -// req, resp := client.RevokeGrantRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, output *RevokeGrantOutput) { @@ -5349,11 +7773,41 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // RevokeGrant API operation for AWS Key Management Service. // -// Revokes the specified grant for the specified customer master key (CMK). -// You can revoke a grant to actively deny operations that depend on it. +// Deletes the specified grant. You revoke a grant to terminate the permissions +// that the grant allows. For more information, see Retiring and revoking grants +// (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) +// in the Key Management Service Developer Guide . +// +// When you create, retire, or revoke a grant, there might be a brief delay, +// usually less than five minutes, until the grant is available throughout KMS. +// This state is known as eventual consistency. For details, see Eventual consistency +// (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency) +// in the Key Management Service Developer Guide . +// +// For detailed information about grants, including grant terminology, see Grants +// in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the Key Management Service Developer Guide . For examples of working with +// grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). +// +// Cross-account use: Yes. To perform this operation on a KMS key in a different +// Amazon Web Services account, specify the key ARN in the value of the KeyId +// parameter. +// +// Required permissions: kms:RevokeGrant (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy). +// +// Related operations: +// +// - CreateGrant +// +// - ListGrants +// +// - ListRetirableGrants +// +// - RetireGrant // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5363,32 +7817,44 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // API operation RevokeGrant for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InvalidGrantIdException -// The request was rejected because the specified GrantId is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidGrantIdException +// The request was rejected because the specified GrantId is not valid. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { @@ -5412,6 +7878,188 @@ func (c *KMS) RevokeGrantWithContext(ctx aws.Context, input *RevokeGrantInput, o return out, req.Send() } +const opRotateKeyOnDemand = "RotateKeyOnDemand" + +// RotateKeyOnDemandRequest generates a "aws/request.Request" representing the +// client's request for the RotateKeyOnDemand operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RotateKeyOnDemand for more information on using the RotateKeyOnDemand +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RotateKeyOnDemandRequest method. +// req, resp := client.RotateKeyOnDemandRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemand +func (c *KMS) RotateKeyOnDemandRequest(input *RotateKeyOnDemandInput) (req *request.Request, output *RotateKeyOnDemandOutput) { + op := &request.Operation{ + Name: opRotateKeyOnDemand, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RotateKeyOnDemandInput{} + } + + output = &RotateKeyOnDemandOutput{} + req = c.newRequest(op, input, output) + return +} + +// RotateKeyOnDemand API operation for AWS Key Management Service. +// +// Immediately initiates rotation of the key material of the specified symmetric +// encryption KMS key. +// +// You can perform on-demand rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand) +// of the key material in customer managed KMS keys, regardless of whether or +// not automatic key rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable) +// is enabled. On-demand rotations do not change existing automatic rotation +// schedules. For example, consider a KMS key that has automatic key rotation +// enabled with a rotation period of 730 days. If the key is scheduled to automatically +// rotate on April 14, 2024, and you perform an on-demand rotation on April +// 10, 2024, the key will automatically rotate, as scheduled, on April 14, 2024 +// and every 730 days thereafter. +// +// You can perform on-demand key rotation a maximum of 10 times per KMS key. +// You can use the KMS console to view the number of remaining on-demand rotations +// available for a KMS key. +// +// You can use GetKeyRotationStatus to identify any in progress on-demand rotations. +// You can use ListKeyRotations to identify the date that completed on-demand +// rotations were performed. You can monitor rotation of the key material for +// your KMS keys in CloudTrail and Amazon CloudWatch. +// +// On-demand key rotation is supported only on symmetric encryption KMS keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). +// You cannot perform on-demand rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), +// KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// To perform on-demand rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// invoke the on-demand rotation on the primary key. +// +// You cannot initiate on-demand rotation of Amazon Web Services managed KMS +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// KMS always rotates the key material of Amazon Web Services managed keys every +// year. Rotation of Amazon Web Services owned KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) +// is managed by the Amazon Web Services service that owns the key. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:RotateKeyOnDemand (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// - EnableKeyRotation +// +// - DisableKeyRotation +// +// - GetKeyRotationStatus +// +// - ListKeyRotations +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation RotateKeyOnDemand for usage and error information. +// +// Returned Error Types: +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. +// +// - ConflictException +// The request was rejected because an automatic rotation of this key is currently +// in progress or scheduled to begin within the next 20 minutes. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemand +func (c *KMS) RotateKeyOnDemand(input *RotateKeyOnDemandInput) (*RotateKeyOnDemandOutput, error) { + req, out := c.RotateKeyOnDemandRequest(input) + return out, req.Send() +} + +// RotateKeyOnDemandWithContext is the same as RotateKeyOnDemand with the addition of +// the ability to pass a context and additional request options. +// +// See RotateKeyOnDemand for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) RotateKeyOnDemandWithContext(ctx aws.Context, input *RotateKeyOnDemandInput, opts ...request.Option) (*RotateKeyOnDemandOutput, error) { + req, out := c.RotateKeyOnDemandRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opScheduleKeyDeletion = "ScheduleKeyDeletion" // ScheduleKeyDeletionRequest generates a "aws/request.Request" representing the @@ -5428,14 +8076,13 @@ const opScheduleKeyDeletion = "ScheduleKeyDeletion" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ScheduleKeyDeletionRequest method. +// req, resp := client.ScheduleKeyDeletionRequest(params) // -// // Example sending a request using the ScheduleKeyDeletionRequest method. -// req, resp := client.ScheduleKeyDeletionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *request.Request, output *ScheduleKeyDeletionOutput) { @@ -5456,35 +8103,66 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // ScheduleKeyDeletion API operation for AWS Key Management Service. // -// Schedules the deletion of a customer master key (CMK). You may provide a -// waiting period, specified in days, before deletion occurs. If you do not -// provide a waiting period, the default period of 30 days is used. When this -// operation is successful, the key state of the CMK changes to PendingDeletion. -// Before the waiting period ends, you can use CancelKeyDeletion to cancel the -// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK -// and all AWS KMS data associated with it, including all aliases that refer -// to it. -// -// Deleting a CMK is a destructive and potentially dangerous operation. When -// a CMK is deleted, all data that was encrypted under the CMK is unrecoverable. -// To prevent the use of a CMK without deleting it, use DisableKey. -// -// If you schedule deletion of a CMK from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// when the waiting period expires, ScheduleKeyDeletion deletes the CMK from -// AWS KMS. Then AWS KMS makes a best effort to delete the key material from -// the associated AWS CloudHSM cluster. However, you might need to manually -// delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) -// from the cluster and its backups. -// -// You cannot perform this operation on a CMK in a different AWS account. -// -// For more information about scheduling a CMK for deletion, see Deleting Customer -// Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) -// in the AWS Key Management Service Developer Guide. -// -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Schedules the deletion of a KMS key. By default, KMS applies a waiting period +// of 30 days, but you can specify a waiting period of 7-30 days. When this +// operation is successful, the key state of the KMS key changes to PendingDeletion +// and the key can't be used in any cryptographic operations. It remains in +// this state for the duration of the waiting period. Before the waiting period +// ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. +// After the waiting period ends, KMS deletes the KMS key, its key material, +// and all KMS data associated with it, including all aliases that refer to +// it. +// +// Deleting a KMS key is a destructive and potentially dangerous operation. +// When a KMS key is deleted, all data that was encrypted under the KMS key +// is unrecoverable. (The only exception is a multi-Region replica key (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html), +// or an asymmetric or HMAC KMS key with imported key material (kms/latest/developerguide/importing-keys-managing.html#import-delete-key).) +// To prevent the use of a KMS key without deleting it, use DisableKey. +// +// You can schedule the deletion of a multi-Region primary key and its replica +// keys at any time. However, KMS will not delete a multi-Region primary key +// with existing replica keys. If you schedule the deletion of a primary key +// with replicas, its key state changes to PendingReplicaDeletion and it cannot +// be replicated or used in cryptographic operations. This status can continue +// indefinitely. When the last of its replicas keys is deleted (not just scheduled), +// the key state of the primary key changes to PendingDeletion and its waiting +// period (PendingWindowInDays) begins. For details, see Deleting multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) +// in the Key Management Service Developer Guide. +// +// When KMS deletes a KMS key from an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-cmk-keystore.html), +// it makes a best effort to delete the associated key material from the associated +// CloudHSM cluster. However, you might need to manually delete the orphaned +// key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// from the cluster and its backups. Deleting a KMS key from an external key +// store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-xks-key.html) +// has no effect on the associated external key. However, for both types of +// custom key stores, deleting a KMS key is destructive and irreversible. You +// cannot decrypt ciphertext encrypted under the KMS key by using only its associated +// external key or CloudHSM key. Also, you cannot recreate a KMS key in an external +// key store by creating a new KMS key with the same key material. +// +// For more information about scheduling a KMS key for deletion, see Deleting +// KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the Key Management Service Developer Guide. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:ScheduleKeyDeletion (key policy) +// +// Related operations +// +// - CancelKeyDeletion +// +// - DisableKey +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5494,29 +8172,38 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // API operation ScheduleKeyDeletion for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { @@ -5556,14 +8243,13 @@ const opSign = "Sign" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the SignRequest method. +// req, resp := client.SignRequest(params) // -// // Example sending a request using the SignRequest method. -// req, resp := client.SignRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignOutput) { @@ -5586,42 +8272,60 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // // Creates a digital signature (https://en.wikipedia.org/wiki/Digital_signature) // for a message or message digest by using the private key in an asymmetric -// CMK. To verify the signature, use the Verify operation, or use the public -// key in the same asymmetric CMK outside of AWS KMS. For information about -// symmetric and asymmetric CMKs, see Using Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// signing KMS key. To verify the signature, use the Verify operation, or use +// the public key in the same asymmetric KMS key outside of KMS. For information +// about asymmetric KMS keys, see Asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // // Digital signatures are generated and verified by using asymmetric key pair, -// such as an RSA or ECC pair that is represented by an asymmetric customer -// master key (CMK). The key owner (or an authorized user) uses their private -// key to sign a message. Anyone with the public key can verify that the message -// was signed with that particular private key and that the message hasn't changed -// since it was signed. +// such as an RSA or ECC pair that is represented by an asymmetric KMS key. +// The key owner (or an authorized user) uses their private key to sign a message. +// Anyone with the public key can verify that the message was signed with that +// particular private key and that the message hasn't changed since it was signed. // // To use the Sign operation, provide the following information: // -// * Use the KeyId parameter to identify an asymmetric CMK with a KeyUsage -// value of SIGN_VERIFY. To get the KeyUsage value of a CMK, use the DescribeKey -// operation. The caller must have kms:Sign permission on the CMK. +// - Use the KeyId parameter to identify an asymmetric KMS key with a KeyUsage +// value of SIGN_VERIFY. To get the KeyUsage value of a KMS key, use the +// DescribeKey operation. The caller must have kms:Sign permission on the +// KMS key. // -// * Use the Message parameter to specify the message or message digest to -// sign. You can submit messages of up to 4096 bytes. To sign a larger message, -// generate a hash digest of the message, and then provide the hash digest -// in the Message parameter. To indicate whether the message is a full message -// or a digest, use the MessageType parameter. +// - Use the Message parameter to specify the message or message digest to +// sign. You can submit messages of up to 4096 bytes. To sign a larger message, +// generate a hash digest of the message, and then provide the hash digest +// in the Message parameter. To indicate whether the message is a full message +// or a digest, use the MessageType parameter. // -// * Choose a signing algorithm that is compatible with the CMK. +// - Choose a signing algorithm that is compatible with the KMS key. // -// When signing a message, be sure to record the CMK and the signing algorithm. +// When signing a message, be sure to record the KMS key and the signing algorithm. // This information is required to verify the signature. // +// Best practices recommend that you limit the time during which any signature +// is effective. This deters an attack where the actor uses a signed message +// to establish validity repeatedly or long after the message is superseded. +// Signatures do not include a timestamp, but you can include a timestamp in +// the signed message to help you detect when its time to refresh the signature. +// // To verify the signature that this operation generates, use the Verify operation. // Or use the GetPublicKey operation to download the public key and then use -// the public key to verify the signature outside of AWS KMS. +// the public key to verify the signature outside of KMS. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:Sign (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: Verify // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5631,50 +8335,65 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // API operation Sign for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign func (c *KMS) Sign(input *SignInput) (*SignOutput, error) { @@ -5714,14 +8433,13 @@ const opTagResource = "TagResource" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) // -// // Example sending a request using the TagResourceRequest method. -// req, resp := client.TagResourceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { @@ -5743,22 +8461,53 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // TagResource API operation for AWS Key Management Service. // -// Adds or edits tags for a customer master key (CMK). You cannot perform this -// operation on a CMK in a different AWS account. +// Adds or edits tags on a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // -// Each tag consists of a tag key and a tag value. Tag keys and tag values are -// both required, but tag values can be empty (null) strings. +// Tagging or untagging a KMS key can allow or deny permission to the KMS key. +// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. // -// You can only use a tag key once for each CMK. If you use the tag key again, -// AWS KMS replaces the current tag value with the specified value. +// Each tag consists of a tag key and a tag value, both of which are case-sensitive +// strings. The tag value can be an empty (null) string. To add a tag, specify +// a new tag key and a tag value. To edit a tag, specify an existing tag key +// and a new tag value. // -// For information about the rules that apply to tag keys and tag values, see -// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// in the AWS Billing and Cost Management User Guide. +// You can use this operation to tag a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), +// but you cannot tag an Amazon Web Services managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk), +// an Amazon Web Services owned key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk), +// a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept), +// or an alias (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept). +// +// You can also add tags to a KMS key while creating it (CreateKey) or replicating +// it (ReplicateKey). +// +// For information about using tags in KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// For general information about tags, including the format and syntax, see +// Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// in the Amazon Web Services General Reference. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations +// +// - CreateKey +// +// - ListResourceTags +// +// - ReplicateKey // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - UntagResource +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5768,33 +8517,42 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // API operation TagResource for usage and error information. // // Returned Error Types: -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// This exceptions means one of the following: // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // -// * LimitExceededException -// The request was rejected because a quota was exceeded. For more information, -// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. // -// * TagException -// The request was rejected because one or more tags are not valid. +// - TagException +// The request was rejected because one or more tags are not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource func (c *KMS) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { @@ -5834,14 +8592,13 @@ const opUntagResource = "UntagResource" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) // -// // Example sending a request using the UntagResourceRequest method. -// req, resp := client.UntagResourceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { @@ -5863,15 +8620,45 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // UntagResource API operation for AWS Key Management Service. // -// Removes the specified tags from the specified customer master key (CMK). -// You cannot perform this operation on a CMK in a different AWS account. +// Deletes tags from a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). +// To delete a tag, specify the tag key and the KMS key. +// +// Tagging or untagging a KMS key can allow or deny permission to the KMS key. +// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. +// +// When it succeeds, the UntagResource operation doesn't return any output. +// Also, if the specified tag key isn't found on the KMS key, it doesn't throw +// an exception or return a response. To confirm that the operation worked, +// use the ListResourceTags operation. +// +// For information about using tags in KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// For general information about tags, including the format and syntax, see +// Tagging Amazon Web Services resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// in the Amazon Web Services General Reference. // -// To remove a tag, specify the tag key. To change the tag value of an existing -// tag key, use TagResource. +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:UntagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations +// +// - CreateKey +// +// - ListResourceTags +// +// - ReplicateKey +// +// - TagResource +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5881,28 +8668,37 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // API operation UntagResource for usage and error information. // // Returned Error Types: -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: // -// * TagException -// The request was rejected because one or more tags are not valid. +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - TagException +// The request was rejected because one or more tags are not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource func (c *KMS) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { @@ -5942,14 +8738,13 @@ const opUpdateAlias = "UpdateAlias" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the UpdateAliasRequest method. +// req, resp := client.UpdateAliasRequest(params) // -// // Example sending a request using the UpdateAliasRequest method. -// req, resp := client.UpdateAliasRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) { @@ -5971,29 +8766,60 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // UpdateAlias API operation for AWS Key Management Service. // -// Associates an existing AWS KMS alias with a different customer master key -// (CMK). Each alias is associated with only one CMK at a time, although a CMK -// can have multiple aliases. The alias and the CMK must be in the same AWS -// account and region. You cannot perform this operation on an alias in a different -// AWS account. +// Associates an existing KMS alias with a different KMS key. Each alias is +// associated with only one KMS key at a time, although a KMS key can have multiple +// aliases. The alias and the KMS key must be in the same Amazon Web Services +// account and Region. +// +// Adding, deleting, or updating an alias can allow or deny permission to the +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the Key Management Service Developer Guide. // -// The current and new CMK must be the same type (both symmetric or both asymmetric), -// and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). This -// restriction prevents errors in code that uses aliases. If you must assign -// an alias to a different type of CMK, use DeleteAlias to delete the old alias -// and CreateAlias to create a new alias. +// The current and new KMS key must be the same type (both symmetric or both +// asymmetric or both HMAC), and they must have the same key usage. This restriction +// prevents errors in code that uses aliases. If you must assign an alias to +// a different type of KMS key, use DeleteAlias to delete the old alias and +// CreateAlias to create a new alias. // // You cannot use UpdateAlias to change an alias name. To change an alias name, // use DeleteAlias to delete the old alias and CreateAlias to create a new alias. // -// Because an alias is not a property of a CMK, you can create, update, and -// delete the aliases of a CMK without affecting the CMK. Also, aliases do not -// appear in the response from the DescribeKey operation. To get the aliases -// of all CMKs in the account, use the ListAliases operation. +// Because an alias is not a property of a KMS key, you can create, update, +// and delete the aliases of a KMS key without affecting the KMS key. Also, +// aliases do not appear in the response from the DescribeKey operation. To +// get the aliases of all KMS keys in the account, use the ListAliases operation. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions +// +// - kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the alias (IAM policy). // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// - kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the current KMS key (key policy). +// +// - kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the new KMS key (key policy). +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the Key Management Service Developer Guide. +// +// Related operations: +// +// - CreateAlias +// +// - DeleteAlias +// +// - ListAliases +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6003,30 +8829,39 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // API operation UpdateAlias for usage and error information. // // Returned Error Types: -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. // -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * LimitExceededException -// The request was rejected because a quota was exceeded. For more information, -// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { @@ -6066,14 +8901,13 @@ const opUpdateCustomKeyStore = "UpdateCustomKeyStore" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the UpdateCustomKeyStoreRequest method. +// req, resp := client.UpdateCustomKeyStoreRequest(params) // -// // Example sending a request using the UpdateCustomKeyStoreRequest method. -// req, resp := client.UpdateCustomKeyStoreRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req *request.Request, output *UpdateCustomKeyStoreOutput) { @@ -6095,40 +8929,90 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // UpdateCustomKeyStore API operation for AWS Key Management Service. // -// Changes the properties of a custom key store. Use the CustomKeyStoreId parameter -// to identify the custom key store you want to edit. Use the remaining parameters -// to change the properties of the custom key store. +// Changes the properties of a custom key store. You can use this operation +// to change the properties of an CloudHSM key store or an external key store. +// +// Use the required CustomKeyStoreId parameter to identify the custom key store. +// Use the remaining optional parameters to change its properties. This operation +// does not return any property values. To verify the updated property values, +// use the DescribeCustomKeyStores operation. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. +// +// When updating the properties of an external key store, verify that the updated +// settings connect your key store, via the external key store proxy, to the +// same external key manager as the previous settings, or to a backup or snapshot +// of the external key manager with the same cryptographic keys. If the updated +// connection settings fail, you can fix them and retry, although an extended +// delay might disrupt Amazon Web Services services. However, if KMS permanently +// loses its access to cryptographic keys, ciphertext encrypted under those +// keys is unrecoverable. +// +// For external key stores: +// +// Some external key managers provide a simpler method for updating an external +// key store. For details, see your external key manager documentation. +// +// When updating an external key store in the KMS console, you can upload a +// JSON-based proxy configuration file with the desired values. You cannot upload +// the proxy configuration file to the UpdateCustomKeyStore operation. However, +// you can use the file to help you determine the correct values for the UpdateCustomKeyStore +// parameters. +// +// For an CloudHSM key store, you can use this operation to change the custom +// key store friendly name (NewCustomKeyStoreName), to tell KMS about a change +// to the kmsuser crypto user password (KeyStorePassword), or to associate the +// custom key store with a different, but related, CloudHSM cluster (CloudHsmClusterId). +// To update any property of an CloudHSM key store, the ConnectionState of the +// CloudHSM key store must be DISCONNECTED. +// +// For an external key store, you can use this operation to change the custom +// key store friendly name (NewCustomKeyStoreName), or to tell KMS about a change +// to the external key store proxy authentication credentials (XksProxyAuthenticationCredential), +// connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint) +// and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity +// of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint service +// name (XksProxyVpcEndpointServiceName). To update most properties of an external +// key store, the ConnectionState of the external key store must be DISCONNECTED. +// However, you can update the CustomKeyStoreName, XksProxyAuthenticationCredential, +// and XksProxyUriPath of an external key store when it is in the CONNECTED +// or DISCONNECTED state. +// +// If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore, +// use the DisconnectCustomKeyStore operation to disconnect the custom key store. +// After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore +// to reconnect the custom key store. To find the ConnectionState of the custom +// key store, use the DescribeCustomKeyStores operation. +// +// Before updating the custom key store, verify that the new values allow KMS +// to connect the custom key store to its backing key store. For example, before +// you change the XksProxyUriPath value, verify that the external key store +// proxy is reachable at the new path. // -// You can only update a custom key store that is disconnected. To disconnect -// the custom key store, use DisconnectCustomKeyStore. To reconnect the custom -// key store after the update completes, use ConnectCustomKeyStore. To find -// the connection state of a custom key store, use the DescribeCustomKeyStores -// operation. +// If the operation succeeds, it returns a JSON object with no properties. // -// Use the parameters of UpdateCustomKeyStore to edit your keystore settings. +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different Amazon Web Services account. // -// * Use the NewCustomKeyStoreName parameter to change the friendly name -// of the custom key store to the value that you specify. +// Required permissions: kms:UpdateCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) // -// * Use the KeyStorePassword parameter tell AWS KMS the current password -// of the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// in the associated AWS CloudHSM cluster. You can use this parameter to -// fix connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) -// that occur when AWS KMS cannot log into the associated cluster because -// the kmsuser password has changed. This value does not change the password -// in the AWS CloudHSM cluster. +// Related operations: // -// * Use the CloudHsmClusterId parameter to associate the custom key store -// with a different, but related, AWS CloudHSM cluster. You can use this -// parameter to repair a custom key store if its AWS CloudHSM cluster becomes -// corrupted or is deleted, or when you need to create or restore a cluster -// from a backup. +// - ConnectCustomKeyStore // -// If the operation succeeds, it returns a JSON object with no properties. +// - CreateCustomKeyStore +// +// - DeleteCustomKeyStore +// +// - DescribeCustomKeyStores // -// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in AWS KMS, which combines the convenience and extensive integration -// of AWS KMS with the isolation and control of a single-tenant key store. +// - DisconnectCustomKeyStore +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6138,95 +9022,162 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // API operation UpdateCustomKeyStore for usage and error information. // // Returned Error Types: -// * CustomKeyStoreNotFoundException -// The request was rejected because AWS KMS cannot find a custom key store with -// the specified key store name or ID. -// -// * CustomKeyStoreNameInUseException -// The request was rejected because the specified custom key store name is already -// assigned to another custom key store in the account. Try again with a custom -// key store name that is unique in the account. -// -// * CloudHsmClusterNotFoundException -// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster -// with the specified cluster ID. Retry the request with a different cluster -// ID. -// -// * CloudHsmClusterNotRelatedException -// The request was rejected because the specified AWS CloudHSM cluster has a -// different cluster certificate than the original cluster. You cannot use the -// operation to specify an unrelated cluster. -// -// Specify a cluster that shares a backup history with the original cluster. -// This includes clusters that were created from a backup of the current cluster, -// and clusters that were created from the same backup that produced the current -// cluster. -// -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) -// operation. -// -// * CustomKeyStoreInvalidStateException -// The request was rejected because of the ConnectionState of the custom key -// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores -// operation. -// -// This exception is thrown under the following conditions: -// -// * You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. -// -// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation -// on a custom key store that is not disconnected. This operation is valid -// only when the custom key store ConnectionState is DISCONNECTED. -// -// * You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. -// -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. -// -// * CloudHsmClusterNotActiveException -// The request was rejected because the AWS CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. -// -// * CloudHsmClusterInvalidConfigurationException -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. -// -// * The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. -// -// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// (cloudhsm-cluster--sg) must include inbound rules and outbound -// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound -// rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) -// operation. -// -// * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. -// -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, -// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// +// - CustomKeyStoreNotFoundException +// The request was rejected because KMS cannot find a custom key store with +// the specified key store name or ID. +// +// - CustomKeyStoreNameInUseException +// The request was rejected because the specified custom key store name is already +// assigned to another custom key store in the account. Try again with a custom +// key store name that is unique in the account. +// +// - CloudHsmClusterNotFoundException +// The request was rejected because KMS cannot find the CloudHSM cluster with +// the specified cluster ID. Retry the request with a different cluster ID. +// +// - CloudHsmClusterNotRelatedException +// The request was rejected because the specified CloudHSM cluster has a different +// cluster certificate than the original cluster. You cannot use the operation +// to specify an unrelated cluster for an CloudHSM key store. +// +// Specify an CloudHSM cluster that shares a backup history with the original +// cluster. This includes clusters that were created from a backup of the current +// cluster, and clusters that were created from the same backup that produced +// the current cluster. +// +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. +// +// - CustomKeyStoreInvalidStateException +// The request was rejected because of the ConnectionState of the custom key +// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores +// operation. +// +// This exception is thrown under the following conditions: +// +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. +// +// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. +// +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - CloudHsmClusterNotActiveException +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// in the CloudHSM User Guide. +// +// - CloudHsmClusterInvalidConfigurationException +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for an CloudHSM key store. +// +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. +// +// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster--sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an CloudHSM cluster that is associated +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the CloudHSM User Guide . +// +// - XksProxyUriInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with another external key store +// in this Amazon Web Services Region. Each external key store in a Region must +// use a unique external key store proxy API address. +// +// - XksProxyUriEndpointInUseException +// The request was rejected because the XksProxyUriEndpoint is already associated +// with another external key store in this Amazon Web Services Region. To identify +// the cause, see the error message that accompanies the exception. +// +// - XksProxyUriUnreachableException +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +// +// - XksProxyIncorrectAuthenticationCredentialException +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +// +// - XksProxyVpcEndpointServiceInUseException +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with another external key store in this Amazon Web +// Services Region. Each external key store in a Region must use a different +// Amazon VPC endpoint service. +// +// - XksProxyVpcEndpointServiceNotFoundException +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +// +// - XksProxyVpcEndpointServiceInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store. To identify +// the cause, see the error message that accompanies the exception and review +// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +// +// - XksProxyInvalidResponseException +// +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +// +// - XksProxyInvalidConfigurationException +// The request was rejected because the external key store proxy is not configured +// correctly. To identify the cause, see the error message that accompanies +// the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { @@ -6266,14 +9217,13 @@ const opUpdateKeyDescription = "UpdateKeyDescription" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the UpdateKeyDescriptionRequest method. +// req, resp := client.UpdateKeyDescriptionRequest(params) // -// // Example sending a request using the UpdateKeyDescriptionRequest method. -// req, resp := client.UpdateKeyDescriptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req *request.Request, output *UpdateKeyDescriptionOutput) { @@ -6295,14 +9245,27 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // UpdateKeyDescription API operation for AWS Key Management Service. // -// Updates the description of a customer master key (CMK). To see the description -// of a CMK, use DescribeKey. +// Updates the description of a KMS key. To see the description of a KMS key, +// use DescribeKey. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: No. You cannot perform this operation on a KMS key in +// a different Amazon Web Services account. +// +// Required permissions: kms:UpdateKeyDescription (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations +// +// - CreateKey // -// You cannot perform this operation on a CMK in a different AWS account. +// - DescribeKey // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6312,29 +9275,38 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // API operation UpdateKeyDescription for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * InvalidArnException -// The request was rejected because a specified ARN, or an ARN in a key policy, -// is not valid. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { @@ -6358,6 +9330,190 @@ func (c *KMS) UpdateKeyDescriptionWithContext(ctx aws.Context, input *UpdateKeyD return out, req.Send() } +const opUpdatePrimaryRegion = "UpdatePrimaryRegion" + +// UpdatePrimaryRegionRequest generates a "aws/request.Request" representing the +// client's request for the UpdatePrimaryRegion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdatePrimaryRegion for more information on using the UpdatePrimaryRegion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdatePrimaryRegionRequest method. +// req, resp := client.UpdatePrimaryRegionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdatePrimaryRegion +func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req *request.Request, output *UpdatePrimaryRegionOutput) { + op := &request.Operation{ + Name: opUpdatePrimaryRegion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdatePrimaryRegionInput{} + } + + output = &UpdatePrimaryRegionOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UpdatePrimaryRegion API operation for AWS Key Management Service. +// +// Changes the primary key of a multi-Region key. +// +// This operation changes the replica key in the specified Region to a primary +// key and changes the former primary key to a replica key. For example, suppose +// you have a primary key in us-east-1 and a replica key in eu-west-2. If you +// run UpdatePrimaryRegion with a PrimaryRegion value of eu-west-2, the primary +// key is now the key in eu-west-2, and the key in us-east-1 becomes a replica +// key. For details, see Updating the primary Region (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-update) +// in the Key Management Service Developer Guide. +// +// This operation supports multi-Region keys, an KMS feature that lets you create +// multiple interoperable KMS keys in different Amazon Web Services Regions. +// Because these KMS keys have the same key ID, key material, and other metadata, +// you can use them interchangeably to encrypt data in one Amazon Web Services +// Region and decrypt it in a different Amazon Web Services Region without re-encrypting +// the data or making a cross-Region call. For more information about multi-Region +// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the Key Management Service Developer Guide. +// +// The primary key of a multi-Region key is the source for properties that are +// always shared by primary and replica keys, including the key material, key +// ID (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id), +// key spec (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec), +// key usage (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage), +// key material origin (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin), +// and automatic key rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html). +// It's the only key that can be replicated. You cannot delete the primary key +// (https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) +// until all replica keys are deleted. +// +// The key ID and primary Region that you specify uniquely identify the replica +// key that will become the primary key. The primary Region must already have +// a replica key. This operation does not create a KMS key in the specified +// Region. To find the replica keys, use the DescribeKey operation on the primary +// key or any replica key. To create a replica key, use the ReplicateKey operation. +// +// You can run this operation while using the affected multi-Region keys in +// cryptographic operations. This operation should not delay, interrupt, or +// cause failures in cryptographic operations. +// +// Even after this operation completes, the process of updating the primary +// Region might still be in progress for a few more seconds. Operations such +// as DescribeKey might display both the old and new primary keys as replicas. +// The old and new primary keys have a transient key state of Updating. The +// original key state is restored when the update is complete. While the key +// state is Updating, you can use the keys in cryptographic operations, but +// you cannot replicate the new primary key or perform certain management operations, +// such as enabling or disabling these keys. For details about the Updating +// key state, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// This operation does not return any output. To verify that primary key is +// changed, use the DescribeKey operation. +// +// Cross-account use: No. You cannot use this operation in a different Amazon +// Web Services account. +// +// Required permissions: +// +// - kms:UpdatePrimaryRegion on the current primary key (in the primary key's +// Region). Include this permission primary key's key policy. +// +// - kms:UpdatePrimaryRegion on the current replica key (in the replica key's +// Region). Include this permission in the replica key's key policy. +// +// Related operations +// +// - CreateKey +// +// - ReplicateKey +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation UpdatePrimaryRegion for usage and error information. +// +// Returned Error Types: +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdatePrimaryRegion +func (c *KMS) UpdatePrimaryRegion(input *UpdatePrimaryRegionInput) (*UpdatePrimaryRegionOutput, error) { + req, out := c.UpdatePrimaryRegionRequest(input) + return out, req.Send() +} + +// UpdatePrimaryRegionWithContext is the same as UpdatePrimaryRegion with the addition of +// the ability to pass a context and additional request options. +// +// See UpdatePrimaryRegion for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) UpdatePrimaryRegionWithContext(ctx aws.Context, input *UpdatePrimaryRegionInput, opts ...request.Option) (*UpdatePrimaryRegionOutput, error) { + req, out := c.UpdatePrimaryRegionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opVerify = "Verify" // VerifyRequest generates a "aws/request.Request" representing the @@ -6374,14 +9530,13 @@ const opVerify = "Verify" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the VerifyRequest method. +// req, resp := client.VerifyRequest(params) // -// // Example sending a request using the VerifyRequest method. -// req, resp := client.VerifyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Verify func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *VerifyOutput) { @@ -6405,33 +9560,52 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // Verifies a digital signature that was generated by the Sign operation. // // Verification confirms that an authorized user signed the message with the -// specified CMK and signing algorithm, and the message hasn't changed since +// specified KMS key and signing algorithm, and the message hasn't changed since // it was signed. If the signature is verified, the value of the SignatureValid // field in the response is True. If the signature verification fails, the Verify // operation fails with an KMSInvalidSignatureException exception. // // A digital signature is generated by using the private key in an asymmetric -// CMK. The signature is verified by using the public key in the same asymmetric -// CMK. For information about symmetric and asymmetric CMKs, see Using Symmetric -// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. +// KMS key. The signature is verified by using the public key in the same asymmetric +// KMS key. For information about asymmetric KMS keys, see Asymmetric KMS keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the Key Management Service Developer Guide. // -// To verify a digital signature, you can use the Verify operation. Specify -// the same asymmetric CMK, message, and signing algorithm that were used to -// produce the signature. +// To use the Verify operation, specify the same asymmetric KMS key, message, +// and signing algorithm that were used to produce the signature. The message +// type does not need to be the same as the one used for signing, but it must +// indicate whether the value of the Message parameter should be hashed as part +// of the verification process. // // You can also verify the digital signature by using the public key of the -// CMK outside of AWS KMS. Use the GetPublicKey operation to download the public -// key in the asymmetric CMK and then use the public key to verify the signature -// outside of AWS KMS. The advantage of using the Verify operation is that it -// is performed within AWS KMS. As a result, it's easy to call, the operation -// is performed within the FIPS boundary, it is logged in AWS CloudTrail, and -// you can use key policy and IAM policy to determine who is authorized to use -// the CMK to verify signatures. -// -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// KMS key outside of KMS. Use the GetPublicKey operation to download the public +// key in the asymmetric KMS key and then use the public key to verify the signature +// outside of KMS. The advantage of using the Verify operation is that it is +// performed within KMS. As a result, it's easy to call, the operation is performed +// within the FIPS boundary, it is logged in CloudTrail, and you can use key +// policy and IAM policy to determine who is authorized to use the KMS key to +// verify signatures. +// +// To verify a signature outside of KMS with an SM2 public key (China Regions +// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 +// as the distinguishing ID. For more information, see Offline verification +// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:Verify (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: Sign +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6441,55 +9615,70 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // API operation Verify for usage and error information. // // Returned Error Types: -// * NotFoundException -// The request was rejected because the specified entity or resource could not -// be found. // -// * DisabledException -// The request was rejected because the specified CMK is not enabled. +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. // -// * KeyUnavailableException -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// - DependencyTimeoutException +// The system timed out while trying to fulfill the request. You can retry the +// request. // -// * DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * InvalidKeyUsageException -// The request was rejected for one of the following reasons: +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. // -// For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. // -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. // -// * InvalidGrantTokenException -// The request was rejected because the specified grant token is not valid. +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. // -// * InternalException -// The request was rejected because an internal exception occurred. The request -// can be retried. +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. // -// * InvalidStateException -// The request was rejected because the state of the specified resource is not -// valid for this request. +// This exceptions means one of the following: // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . // -// * KMSInvalidSignatureException -// The request was rejected because the signature verification failed. Signature -// verification fails when it cannot confirm that signature was produced by -// signing the specified message with the specified CMK and signing algorithm. +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - KMSInvalidSignatureException +// The request was rejected because the signature verification failed. Signature +// verification fails when it cannot confirm that signature was produced by +// signing the specified message with the specified KMS key and signing algorithm. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Verify func (c *KMS) Verify(input *VerifyInput) (*VerifyOutput, error) { @@ -6513,6 +9702,171 @@ func (c *KMS) VerifyWithContext(ctx aws.Context, input *VerifyInput, opts ...req return out, req.Send() } +const opVerifyMac = "VerifyMac" + +// VerifyMacRequest generates a "aws/request.Request" representing the +// client's request for the VerifyMac operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See VerifyMac for more information on using the VerifyMac +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the VerifyMacRequest method. +// req, resp := client.VerifyMacRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/VerifyMac +func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, output *VerifyMacOutput) { + op := &request.Operation{ + Name: opVerifyMac, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &VerifyMacInput{} + } + + output = &VerifyMacOutput{} + req = c.newRequest(op, input, output) + return +} + +// VerifyMac API operation for AWS Key Management Service. +// +// Verifies the hash-based message authentication code (HMAC) for a specified +// message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes +// an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, +// and compares the computed HMAC to the HMAC that you specify. If the HMACs +// are identical, the verification succeeds; otherwise, it fails. Verification +// indicates that the message hasn't changed since the HMAC was calculated, +// and the specified key was used to generate and verify the HMAC. +// +// HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards +// defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). +// +// This operation is part of KMS support for HMAC KMS keys. For details, see +// HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) +// in the Key Management Service Developer Guide. +// +// The KMS key that you use for this operation must be in a compatible key state. +// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide. +// +// Cross-account use: Yes. To perform this operation with a KMS key in a different +// Amazon Web Services account, specify the key ARN or alias ARN in the value +// of the KeyId parameter. +// +// Required permissions: kms:VerifyMac (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: GenerateMac +// +// Eventual consistency: The KMS API follows an eventual consistency model. +// For more information, see KMS eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation VerifyMac for usage and error information. +// +// Returned Error Types: +// +// - NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// - DisabledException +// The request was rejected because the specified KMS key is not enabled. +// +// - KeyUnavailableException +// The request was rejected because the specified KMS key was not available. +// You can retry the request. +// +// - InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// - The KeyUsage value of the KMS key is incompatible with the API operation. +// +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. +// +// - InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// - InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// - KMSInvalidMacException +// The request was rejected because the HMAC verification failed. HMAC verification +// fails when the HMAC computed by using the specified message, HMAC KMS key, +// and MAC algorithm does not match the HMAC specified in the request. +// +// - InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// +// - DryRunOperationException +// The request was rejected because the DryRun parameter was specified. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/VerifyMac +func (c *KMS) VerifyMac(input *VerifyMacInput) (*VerifyMacOutput, error) { + req, out := c.VerifyMacRequest(input) + return out, req.Send() +} + +// VerifyMacWithContext is the same as VerifyMac with the addition of +// the ability to pass a context and additional request options. +// +// See VerifyMac for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) VerifyMacWithContext(ctx aws.Context, input *VerifyMacInput, opts ...request.Option) (*VerifyMacOutput, error) { + req, out := c.VerifyMacRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + // Contains information about an alias. type AliasListEntry struct { _ struct{} `type:"structure"` @@ -6523,16 +9877,33 @@ type AliasListEntry struct { // String that contains the alias. This value begins with alias/. AliasName *string `min:"1" type:"string"` - // String that contains the key identifier referred to by the alias. + // Date and time that the alias was most recently created in the account and + // Region. Formatted as Unix time. + CreationDate *time.Time `type:"timestamp"` + + // Date and time that the alias was most recently associated with a KMS key + // in the account and Region. Formatted as Unix time. + LastUpdatedDate *time.Time `type:"timestamp"` + + // String that contains the key identifier of the KMS key associated with the + // alias. TargetKeyId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AliasListEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AliasListEntry) GoString() string { return s.String() } @@ -6549,6 +9920,18 @@ func (s *AliasListEntry) SetAliasName(v string) *AliasListEntry { return s } +// SetCreationDate sets the CreationDate field's value. +func (s *AliasListEntry) SetCreationDate(v time.Time) *AliasListEntry { + s.CreationDate = &v + return s +} + +// SetLastUpdatedDate sets the LastUpdatedDate field's value. +func (s *AliasListEntry) SetLastUpdatedDate(v time.Time) *AliasListEntry { + s.LastUpdatedDate = &v + return s +} + // SetTargetKeyId sets the TargetKeyId field's value. func (s *AliasListEntry) SetTargetKeyId(v string) *AliasListEntry { s.TargetKeyId = &v @@ -6564,12 +9947,20 @@ type AlreadyExistsException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AlreadyExistsException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AlreadyExistsException) GoString() string { return s.String() } @@ -6615,10 +10006,9 @@ func (s *AlreadyExistsException) RequestID() string { type CancelKeyDeletionInput struct { _ struct{} `type:"structure"` - // The unique identifier for the customer master key (CMK) for which to cancel - // deletion. + // Identifies the KMS key whose deletion is being canceled. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -6626,18 +10016,26 @@ type CancelKeyDeletionInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelKeyDeletionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelKeyDeletionInput) GoString() string { return s.String() } @@ -6668,16 +10066,24 @@ type CancelKeyDeletionOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK whose deletion is canceled. + // of the KMS key whose deletion is canceled. KeyId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelKeyDeletionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelKeyDeletionOutput) GoString() string { return s.String() } @@ -6688,13 +10094,14 @@ func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { return s } -// The request was rejected because the specified AWS CloudHSM cluster is already -// associated with a custom key store or it shares a backup history with a cluster -// that is associated with a custom key store. Each custom key store must be -// associated with a different AWS CloudHSM cluster. +// The request was rejected because the specified CloudHSM cluster is already +// associated with an CloudHSM key store in the account, or it shares a backup +// history with an CloudHSM key store in the account. Each CloudHSM key store +// in the account must be associated with a different CloudHSM cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. type CloudHsmClusterInUseException struct { _ struct{} `type:"structure"` @@ -6703,12 +10110,20 @@ type CloudHsmClusterInUseException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterInUseException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterInUseException) GoString() string { return s.String() } @@ -6751,36 +10166,35 @@ func (s *CloudHsmClusterInUseException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. -// -// * The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. -// -// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// (cloudhsm-cluster--sg) must include inbound rules and outbound -// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound -// rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) -// operation. -// -// * The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey -// operations, the AWS CloudHSM cluster must have at least two active HSMs, -// each in a different Availability Zone. For the ConnectCustomKeyStore operation, -// the AWS CloudHSM must contain at least one active HSM. -// -// For information about the requirements for an AWS CloudHSM cluster that is -// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. For information about -// creating a private subnet for an AWS CloudHSM cluster, see Create a Private -// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. For information about cluster security groups, +// The request was rejected because the associated CloudHSM cluster did not +// meet the configuration requirements for an CloudHSM key store. +// +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. +// +// - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster--sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the CloudHSM cluster must have at least two active HSMs, each +// in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an CloudHSM cluster that is associated +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the Key Management Service Developer Guide. For information about creating +// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) -// in the AWS CloudHSM User Guide . +// in the CloudHSM User Guide . type CloudHsmClusterInvalidConfigurationException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -6788,12 +10202,20 @@ type CloudHsmClusterInvalidConfigurationException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterInvalidConfigurationException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterInvalidConfigurationException) GoString() string { return s.String() } @@ -6836,11 +10258,10 @@ func (s *CloudHsmClusterInvalidConfigurationException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the AWS CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) -// in the AWS CloudHSM User Guide. +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// in the CloudHSM User Guide. type CloudHsmClusterNotActiveException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -6848,12 +10269,20 @@ type CloudHsmClusterNotActiveException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterNotActiveException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterNotActiveException) GoString() string { return s.String() } @@ -6896,9 +10325,8 @@ func (s *CloudHsmClusterNotActiveException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster -// with the specified cluster ID. Retry the request with a different cluster -// ID. +// The request was rejected because KMS cannot find the CloudHSM cluster with +// the specified cluster ID. Retry the request with a different cluster ID. type CloudHsmClusterNotFoundException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -6906,12 +10334,20 @@ type CloudHsmClusterNotFoundException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterNotFoundException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterNotFoundException) GoString() string { return s.String() } @@ -6954,17 +10390,18 @@ func (s *CloudHsmClusterNotFoundException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the specified AWS CloudHSM cluster has a -// different cluster certificate than the original cluster. You cannot use the -// operation to specify an unrelated cluster. +// The request was rejected because the specified CloudHSM cluster has a different +// cluster certificate than the original cluster. You cannot use the operation +// to specify an unrelated cluster for an CloudHSM key store. // -// Specify a cluster that shares a backup history with the original cluster. -// This includes clusters that were created from a backup of the current cluster, -// and clusters that were created from the same backup that produced the current -// cluster. +// Specify an CloudHSM cluster that shares a backup history with the original +// cluster. This includes clusters that were created from a backup of the current +// cluster, and clusters that were created from the same backup that produced +// the current cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. type CloudHsmClusterNotRelatedException struct { _ struct{} `type:"structure"` @@ -6973,12 +10410,20 @@ type CloudHsmClusterNotRelatedException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterNotRelatedException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudHsmClusterNotRelatedException) GoString() string { return s.String() } @@ -7021,6 +10466,71 @@ func (s *CloudHsmClusterNotRelatedException) RequestID() string { return s.RespMetadata.RequestID } +// The request was rejected because an automatic rotation of this key is currently +// in progress or scheduled to begin within the next 20 minutes. +type ConflictException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) GoString() string { + return s.String() +} + +func newErrorConflictException(v protocol.ResponseMetadata) error { + return &ConflictException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ConflictException) Code() string { + return "ConflictException" +} + +// Message returns the exception's message. +func (s *ConflictException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ConflictException) OrigErr() error { + return nil +} + +func (s *ConflictException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ConflictException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ConflictException) RequestID() string { + return s.RespMetadata.RequestID +} + type ConnectCustomKeyStoreInput struct { _ struct{} `type:"structure"` @@ -7031,12 +10541,20 @@ type ConnectCustomKeyStoreInput struct { CustomKeyStoreId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectCustomKeyStoreInput) GoString() string { return s.String() } @@ -7067,12 +10585,20 @@ type ConnectCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectCustomKeyStoreOutput) GoString() string { return s.String() } @@ -7081,27 +10607,56 @@ type CreateAliasInput struct { _ struct{} `type:"structure"` // Specifies the alias name. This value must begin with alias/ followed by a - // name, such as alias/ExampleAlias. The alias name cannot begin with alias/aws/. - // The alias/aws/ prefix is reserved for AWS managed CMKs. + // name, such as alias/ExampleAlias. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // The AliasName value must be string of 1-256 characters. It can contain only + // alphanumeric characters, forward slashes (/), underscores (_), and dashes + // (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is + // reserved for Amazon Web Services managed keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Identifies the CMK to which the alias refers. Specify the key ID or the Amazon - // Resource Name (ARN) of the CMK. You cannot specify another alias. For help - // finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) - // in the AWS Key Management Service Developer Guide. + // Associates the alias with the specified customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). + // The KMS key must be in the same Amazon Web Services Region. + // + // A valid key ID is required. If you supply a null or empty string value, this + // operation returns an error. + // + // For help finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) + // in the Key Management Service Developer Guide . + // + // Specify the key ID or key ARN of the KMS key. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // TargetKeyId is a required field TargetKeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateAliasInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateAliasInput) GoString() string { return s.String() } @@ -7144,12 +10699,20 @@ type CreateAliasOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateAliasOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateAliasOutput) GoString() string { return s.String() } @@ -7157,46 +10720,178 @@ func (s CreateAliasOutput) GoString() string { type CreateCustomKeyStoreInput struct { _ struct{} `type:"structure"` - // Identifies the AWS CloudHSM cluster for the custom key store. Enter the cluster - // ID of any active AWS CloudHSM cluster that is not already associated with - // a custom key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) - // operation. + // Identifies the CloudHSM cluster for an CloudHSM key store. This parameter + // is required for custom key stores with CustomKeyStoreType of AWS_CLOUDHSM. // - // CloudHsmClusterId is a required field - CloudHsmClusterId *string `min:"19" type:"string" required:"true"` + // Enter the cluster ID of any active CloudHSM cluster that is not already associated + // with a custom key store. To find the cluster ID, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // operation. + CloudHsmClusterId *string `min:"19" type:"string"` // Specifies a friendly name for the custom key store. The name must be unique - // in your AWS account. + // in your Amazon Web Services account and Region. This parameter is required + // for all custom key stores. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` + // Specifies the type of custom key store. The default value is AWS_CLOUDHSM. + // + // For a custom key store backed by an CloudHSM cluster, omit the parameter + // or enter AWS_CLOUDHSM. For a custom key store backed by an external key manager + // outside of Amazon Web Services, enter EXTERNAL_KEY_STORE. You cannot change + // this property after the key store is created. + CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"` + + // Specifies the kmsuser password for an CloudHSM key store. This parameter + // is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. + // // Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) - // in the specified AWS CloudHSM cluster. AWS KMS logs into the cluster as this - // user to manage key material on your behalf. + // in the specified CloudHSM cluster. KMS logs into the cluster as this user + // to manage key material on your behalf. // // The password must be a string of 7 to 32 characters. Its value is case sensitive. // - // This parameter tells AWS KMS the kmsuser account password; it does not change - // the password in the AWS CloudHSM cluster. + // This parameter tells KMS the kmsuser account password; it does not change + // the password in the CloudHSM cluster. // - // KeyStorePassword is a required field - KeyStorePassword *string `min:"7" type:"string" required:"true" sensitive:"true"` + // KeyStorePassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateCustomKeyStoreInput's + // String and GoString methods. + KeyStorePassword *string `min:"7" type:"string" sensitive:"true"` - // Enter the content of the trust anchor certificate for the cluster. This is - // the content of the customerCA.crt file that you created when you initialized - // the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). + // Specifies the certificate for an CloudHSM key store. This parameter is required + // for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. // - // TrustAnchorCertificate is a required field - TrustAnchorCertificate *string `min:"1" type:"string" required:"true"` -} + // Enter the content of the trust anchor certificate for the CloudHSM cluster. + // This is the content of the customerCA.crt file that you created when you + // initialized the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). + TrustAnchorCertificate *string `min:"1" type:"string"` -// String returns the string representation + // Specifies an authentication credential for the external key store proxy (XKS + // proxy). This parameter is required for all custom key stores with a CustomKeyStoreType + // of EXTERNAL_KEY_STORE. + // + // The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, + // a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. + // For character requirements, see XksProxyAuthenticationCredentialType (kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html). + // + // KMS uses this authentication credential to sign requests to the external + // key store proxy on your behalf. This credential is unrelated to Identity + // and Access Management (IAM) and Amazon Web Services credentials. + // + // This parameter doesn't set or change the authentication credentials on the + // XKS proxy. It just tells KMS the credential that you established on your + // external key store proxy. If you rotate your proxy authentication credential, + // use the UpdateCustomKeyStore operation to provide the new credential to KMS. + XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"` + + // Indicates how KMS communicates with the external key store proxy. This parameter + // is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. + // If the external key store proxy uses a Amazon VPC endpoint service for communication + // with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, see + // Choosing a connectivity option (https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity) + // in the Key Management Service Developer Guide. + // + // An Amazon VPC endpoint service keeps your communication with KMS in a private + // address space entirely within Amazon Web Services, but it requires more configuration, + // including establishing a Amazon VPC with multiple subnets, a VPC endpoint + // service, a network load balancer, and a verified private DNS name. A public + // endpoint is simpler to set up, but it might be slower and might not fulfill + // your security requirements. You might consider testing with a public endpoint, + // and then establishing a VPC endpoint service for production tasks. Note that + // this choice does not determine the location of the external key store proxy. + // Even if you choose a VPC endpoint service, the proxy can be hosted within + // the VPC or outside of Amazon Web Services such as in your corporate data + // center. + XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // Specifies the endpoint that KMS uses to send requests to the external key + // store proxy (XKS proxy). This parameter is required for custom key stores + // with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // The protocol must be HTTPS. KMS communicates on port 443. Do not specify + // the port in the XksProxyUriEndpoint value. + // + // For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, + // specify https:// followed by the private DNS name of the VPC endpoint service. + // + // For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint + // must be reachable before you create the custom key store. KMS connects to + // the external key store proxy while creating the custom key store. For external + // key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you + // call the ConnectCustomKeyStore operation. + // + // The value of this parameter must begin with https://. The remainder can contain + // upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), and + // hyphens (-). Additional slashes (/ and \) are not permitted. + // + // Uniqueness requirements: + // + // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be + // unique in the Amazon Web Services account and Region. + // + // * An external key store with PUBLIC_ENDPOINT connectivity cannot use the + // same XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE + // connectivity in this Amazon Web Services Region. + // + // * Each external key store with VPC_ENDPOINT_SERVICE connectivity must + // have its own private DNS name. The XksProxyUriEndpoint value for external + // key stores with VPC_ENDPOINT_SERVICE connectivity (private DNS name) must + // be unique in the Amazon Web Services account and Region. + XksProxyUriEndpoint *string `min:"10" type:"string"` + + // Specifies the base path to the proxy APIs for this external key store. To + // find this value, see the documentation for your external key store proxy. + // This parameter is required for all custom key stores with a CustomKeyStoreType + // of EXTERNAL_KEY_STORE. + // + // The value must start with / and must end with /kms/xks/v1 where v1 represents + // the version of the KMS external key store proxy API. This path can include + // an optional prefix between the required elements such as /prefix/kms/xks/v1. + // + // Uniqueness requirements: + // + // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be + // unique in the Amazon Web Services account and Region. + XksProxyUriPath *string `min:"10" type:"string"` + + // Specifies the name of the Amazon VPC endpoint service for interface endpoints + // that is used to communicate with your external key store proxy (XKS proxy). + // This parameter is required when the value of CustomKeyStoreType is EXTERNAL_KEY_STORE + // and the value of XksProxyConnectivity is VPC_ENDPOINT_SERVICE. + // + // The Amazon VPC endpoint service must fulfill all requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements) + // for use with an external key store. + // + // Uniqueness requirements: + // + // * External key stores with VPC_ENDPOINT_SERVICE connectivity can share + // an Amazon VPC, but each external key store must have its own VPC endpoint + // service and private DNS name. + XksProxyVpcEndpointServiceName *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateCustomKeyStoreInput) GoString() string { return s.String() } @@ -7204,9 +10899,6 @@ func (s CreateCustomKeyStoreInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateCustomKeyStoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateCustomKeyStoreInput"} - if s.CloudHsmClusterId == nil { - invalidParams.Add(request.NewErrParamRequired("CloudHsmClusterId")) - } if s.CloudHsmClusterId != nil && len(*s.CloudHsmClusterId) < 19 { invalidParams.Add(request.NewErrParamMinLen("CloudHsmClusterId", 19)) } @@ -7216,18 +10908,26 @@ func (s *CreateCustomKeyStoreInput) Validate() error { if s.CustomKeyStoreName != nil && len(*s.CustomKeyStoreName) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreName", 1)) } - if s.KeyStorePassword == nil { - invalidParams.Add(request.NewErrParamRequired("KeyStorePassword")) - } if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 7 { invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 7)) } - if s.TrustAnchorCertificate == nil { - invalidParams.Add(request.NewErrParamRequired("TrustAnchorCertificate")) - } if s.TrustAnchorCertificate != nil && len(*s.TrustAnchorCertificate) < 1 { invalidParams.Add(request.NewErrParamMinLen("TrustAnchorCertificate", 1)) } + if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10)) + } + if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10)) + } + if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20)) + } + if s.XksProxyAuthenticationCredential != nil { + if err := s.XksProxyAuthenticationCredential.Validate(); err != nil { + invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -7247,6 +10947,12 @@ func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreName(v string) *CreateCusto return s } +// SetCustomKeyStoreType sets the CustomKeyStoreType field's value. +func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreType(v string) *CreateCustomKeyStoreInput { + s.CustomKeyStoreType = &v + return s +} + // SetKeyStorePassword sets the KeyStorePassword field's value. func (s *CreateCustomKeyStoreInput) SetKeyStorePassword(v string) *CreateCustomKeyStoreInput { s.KeyStorePassword = &v @@ -7259,6 +10965,36 @@ func (s *CreateCustomKeyStoreInput) SetTrustAnchorCertificate(v string) *CreateC return s } +// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *CreateCustomKeyStoreInput { + s.XksProxyAuthenticationCredential = v + return s +} + +// SetXksProxyConnectivity sets the XksProxyConnectivity field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *CreateCustomKeyStoreInput { + s.XksProxyConnectivity = &v + return s +} + +// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *CreateCustomKeyStoreInput { + s.XksProxyUriEndpoint = &v + return s +} + +// SetXksProxyUriPath sets the XksProxyUriPath field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyUriPath(v string) *CreateCustomKeyStoreInput { + s.XksProxyUriPath = &v + return s +} + +// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *CreateCustomKeyStoreInput { + s.XksProxyVpcEndpointServiceName = &v + return s +} + type CreateCustomKeyStoreOutput struct { _ struct{} `type:"structure"` @@ -7266,12 +11002,20 @@ type CreateCustomKeyStoreOutput struct { CustomKeyStoreId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateCustomKeyStoreOutput) GoString() string { return s.String() } @@ -7285,37 +11029,69 @@ func (s *CreateCustomKeyStoreOutput) SetCustomKeyStoreId(v string) *CreateCustom type CreateGrantInput struct { _ struct{} `type:"structure"` - // Allows a cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // only when the encryption context matches or includes the encryption context - // specified in this structure. For more information about encryption context, - // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide . + // Specifies a grant constraint. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // KMS supports the EncryptionContextEquals and EncryptionContextSubset grant + // constraints, which allow the permissions in the grant only when the encryption + // context in the request matches (EncryptionContextEquals) or includes (EncryptionContextSubset) + // the encryption context specified in the constraint. + // + // The encryption context grant constraints are supported only on grant operations + // (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) + // that include an EncryptionContext parameter, such as cryptographic operations + // on symmetric encryption KMS keys. Grants with grant constraints can include + // the DescribeKey and RetireGrant operations, but the constraint doesn't apply + // to these operations. If a grant with a grant constraint includes the CreateGrant + // operation, the constraint requires that any grants created with the CreateGrant + // permission have an equally strict or stricter encryption context constraint. + // + // You cannot use an encryption context grant constraint for cryptographic operations + // with asymmetric KMS keys or HMAC KMS keys. Operations with these keys don't + // support an encryption context. + // + // Each constraint value can include up to 8 encryption context pairs. The encryption + // context value in each constraint cannot exceed 384 characters. For information + // about grant constraints, see Using grant constraints (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) + // in the Key Management Service Developer Guide. For more information about + // encryption context, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide . Constraints *GrantConstraints `type:"structure"` + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // The principal that is given permission to perform the operations that the - // grant permits. + // The identity that gets the permissions specified in the grant. // - // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM - // users, IAM roles, federated users, and assumed role users. For examples of - // the ARN syntax to use for specifying a principal, see AWS Identity and Access - // Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the AWS General Reference. + // To specify the grantee principal, use the Amazon Resource Name (ARN) of an + // Amazon Web Services principal. Valid principals include Amazon Web Services + // accounts, IAM users, IAM roles, federated users, and assumed role users. + // For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) + // in the Identity and Access Management User Guide . // // GranteePrincipal is a required field GranteePrincipal *string `min:"1" type:"string" required:"true"` - // The unique identifier for the customer master key (CMK) that the grant applies - // to. + // Identifies the KMS key for the grant. The grant gives principals permission + // to use this KMS key. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -7323,13 +11099,16 @@ type CreateGrantInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // A friendly name for identifying the grant. Use this value to prevent the - // unintended creation of duplicate grants when retrying this request. + // A friendly name for the grant. Use this value to prevent the unintended creation + // of duplicate grants when retrying this request. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // // When this value is absent, all CreateGrant requests result in a new grant // with a unique GrantId even if all the supplied parameters are identical. @@ -7339,32 +11118,52 @@ type CreateGrantInput struct { // parameters; if the grant already exists, the original GrantId is returned // without creating a new grant. Note that the returned grant token is unique // with every CreateGrant request, even when a duplicate GrantId is returned. - // All grant tokens obtained in this way can be used interchangeably. + // All grant tokens for the same grant ID can be used interchangeably. Name *string `min:"1" type:"string"` // A list of operations that the grant permits. // + // This list must include only operations that are permitted in a grant. Also, + // the operation must be supported on the KMS key. For example, you cannot create + // a grant for a symmetric encryption KMS key that allows the Sign operation, + // or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. + // If you try, KMS returns a ValidationError exception. For details, see Grant + // operations (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) + // in the Key Management Service Developer Guide. + // // Operations is a required field - Operations []*string `type:"list" required:"true"` + Operations []*string `type:"list" required:"true" enum:"GrantOperation"` - // The principal that is given permission to retire the grant by using RetireGrant - // operation. + // The principal that has permission to use the RetireGrant operation to retire + // the grant. // // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM - // users, federated users, and assumed role users. For examples of the ARN syntax - // to use for specifying a principal, see AWS Identity and Access Management - // (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the AWS General Reference. + // of an Amazon Web Services principal. Valid principals include Amazon Web + // Services accounts, IAM users, IAM roles, federated users, and assumed role + // users. For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) + // in the Identity and Access Management User Guide . + // + // The grant determines the retiring principal. Other principals might have + // permission to retire the grant or revoke the grant. For details, see RevokeGrant + // and Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) + // in the Key Management Service Developer Guide. RetiringPrincipal *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGrantInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGrantInput) GoString() string { return s.String() } @@ -7406,6 +11205,12 @@ func (s *CreateGrantInput) SetConstraints(v *GrantConstraints) *CreateGrantInput return s } +// SetDryRun sets the DryRun field's value. +func (s *CreateGrantInput) SetDryRun(v bool) *CreateGrantInput { + s.DryRun = &v + return s +} + // SetGrantTokens sets the GrantTokens field's value. func (s *CreateGrantInput) SetGrantTokens(v []*string) *CreateGrantInput { s.GrantTokens = v @@ -7447,22 +11252,33 @@ type CreateGrantOutput struct { // The unique identifier for the grant. // - // You can use the GrantId in a subsequent RetireGrant or RevokeGrant operation. + // You can use the GrantId in a ListGrants, RetireGrant, or RevokeGrant operation. GrantId *string `min:"1" type:"string"` // The grant token. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantToken *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGrantOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGrantOutput) GoString() string { return s.String() } @@ -7482,160 +11298,260 @@ func (s *CreateGrantOutput) SetGrantToken(v string) *CreateGrantOutput { type CreateKeyInput struct { _ struct{} `type:"structure"` - // A flag to indicate whether to bypass the key policy lockout safety check. + // Skips ("bypasses") the key policy lockout safety check. The default value + // is false. // - // Setting this value to true increases the risk that the CMK becomes unmanageable. + // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // - // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the AWS Key Management Service Developer Guide . - // - // Use this parameter only when you include a policy in the request and you - // intend to prevent the principal that is making the request from making a - // subsequent PutKeyPolicy request on the CMK. + // For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. // - // The default value is false. + // Use this parameter only when you intend to prevent the principal that is + // making the request from making a subsequent PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) + // request on the KMS key. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // Creates the CMK in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // and the key material in its associated AWS CloudHSM cluster. To create a - // CMK in a custom key store, you must also specify the Origin parameter with - // a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with - // the custom key store must have at least two active HSMs, each in a different - // Availability Zone in the Region. + // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // The ConnectionState of the custom key store must be CONNECTED. To find the + // CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation. // - // This parameter is valid only for symmetric CMKs. You cannot create an asymmetric - // CMK in a custom key store. + // This parameter is valid only for symmetric encryption KMS keys in a single + // Region. You cannot create any other type of KMS key in a custom key store. // - // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. + // When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable + // 256-bit symmetric key in its associated CloudHSM cluster and associates it + // with the KMS key. When you create a KMS key in an external key store, you + // must use the XksKeyId parameter to specify an external key that serves as + // key material for the KMS key. + CustomKeyStoreId *string `min:"1" type:"string"` + + // Instead, use the KeySpec parameter. // - // The response includes the custom key store ID and the ID of the AWS CloudHSM - // cluster. + // The KeySpec and CustomerMasterKeySpec parameters work the same way. Only + // the names differ. We recommend that you use KeySpec parameter in your code. + // However, to avoid breaking changes, KMS supports both parameters. // - // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // feature in AWS KMS, which combines the convenience and extensive integration - // of AWS KMS with the isolation and control of a single-tenant key store. - CustomKeyStoreId *string `min:"1" type:"string"` + // Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter. + CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` + + // A description of the KMS key. Use a description that helps you decide whether + // the KMS key is appropriate for a task. The default value is an empty string + // (no description). + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // To set or change the description after the key is created, use UpdateKeyDescription. + Description *string `type:"string"` - // Specifies the type of CMK to create. The default value, SYMMETRIC_DEFAULT, - // creates a CMK with a 256-bit symmetric key for encryption and decryption. - // For help choosing a key spec for your CMK, see How to Choose Your CMK Configuration - // (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) - // in the AWS Key Management Service Developer Guide. - // - // The CustomerMasterKeySpec determines whether the CMK contains a symmetric - // key or an asymmetric key pair. It also determines the encryption algorithms - // or signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec - // after the CMK is created. To further restrict the algorithms that can be - // used with the CMK, use a condition key in its key policy or IAM policy. For - // more information, see kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm) + // Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, + // creates a KMS key with a 256-bit AES-GCM key that is used for encryption + // and decryption, except in China Regions, where it creates a 128-bit symmetric + // key that uses SM4 encryption. For help choosing a key spec for your KMS key, + // see Choosing a KMS key type (https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose) + // in the Key Management Service Developer Guide . + // + // The KeySpec determines whether the KMS key contains a symmetric key or an + // asymmetric key pair. It also determines the algorithms that the KMS key supports. + // You can't change the KeySpec after the KMS key is created. To further restrict + // the algorithms that can be used with the KMS key, use a condition key in + // its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm + // (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), + // kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm) // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide . // - // AWS services that are integrated with AWS KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration) - // use symmetric CMKs to protect your data. These services do not support asymmetric - // CMKs. For help determining whether a CMK is symmetric or asymmetric, see - // Identifying Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) - // in the AWS Key Management Service Developer Guide. + // Amazon Web Services services that are integrated with KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration) + // use symmetric encryption KMS keys to protect your data. These services do + // not support asymmetric KMS keys or HMAC KMS keys. // - // AWS KMS supports the following key specs for CMKs: + // KMS supports the following key specs for KMS keys: // - // * Symmetric key (default) SYMMETRIC_DEFAULT (AES-256-GCM) + // * Symmetric encryption key (default) SYMMETRIC_DEFAULT // - // * Asymmetric RSA key pairs RSA_2048 RSA_3072 RSA_4096 + // * HMAC keys (symmetric) HMAC_224 HMAC_256 HMAC_384 HMAC_512 // - // * Asymmetric NIST-recommended elliptic curve key pairs ECC_NIST_P256 (secp256r1) - // ECC_NIST_P384 (secp384r1) ECC_NIST_P521 (secp521r1) + // * Asymmetric RSA key pairs (encryption and decryption -or- signing and + // verification) RSA_2048 RSA_3072 RSA_4096 // - // * Other asymmetric elliptic curve key pairs ECC_SECG_P256K1 (secp256k1), - // commonly used for cryptocurrencies. - CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` - - // A description of the CMK. + // * Asymmetric NIST-recommended elliptic curve key pairs (signing and verification + // -or- deriving shared secrets) ECC_NIST_P256 (secp256r1) ECC_NIST_P384 + // (secp384r1) ECC_NIST_P521 (secp521r1) // - // Use a description that helps you decide whether the CMK is appropriate for - // a task. - Description *string `type:"string"` + // * Other asymmetric elliptic curve key pairs (signing and verification) + // ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies. + // + // * SM2 key pairs (encryption and decryption -or- signing and verification + // -or- deriving shared secrets) SM2 (China Regions only) + KeySpec *string `type:"string" enum:"KeySpec"` // Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // for which you can use the CMK. The default value is ENCRYPT_DECRYPT. This - // parameter is required only for asymmetric CMKs. You can't change the KeyUsage - // value after the CMK is created. + // for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. + // This parameter is optional when you are creating a symmetric encryption KMS + // key; otherwise, it is required. You can't change the KeyUsage value after + // the KMS key is created. // // Select only one valid value. // - // * For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT. + // * For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT. + // + // * For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC. // - // * For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or - // SIGN_VERIFY. + // * For asymmetric KMS keys with RSA key pairs, specify ENCRYPT_DECRYPT + // or SIGN_VERIFY. // - // * For asymmetric CMKs with ECC key material, specify SIGN_VERIFY. + // * For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, + // specify SIGN_VERIFY or KEY_AGREEMENT. + // + // * For asymmetric KMS keys with ECC_SECG_P256K1 key pairs specify SIGN_VERIFY. + // + // * For asymmetric KMS keys with SM2 key pairs (China Regions only), specify + // ENCRYPT_DECRYPT, SIGN_VERIFY, or KEY_AGREEMENT. KeyUsage *string `type:"string" enum:"KeyUsageType"` - // The source of the key material for the CMK. You cannot change the origin - // after you create the CMK. The default is AWS_KMS, which means AWS KMS creates - // the key material. - // - // When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material - // so that you can import key material from your existing key management infrastructure. - // For more information about importing key material into AWS KMS, see Importing - // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) - // in the AWS Key Management Service Developer Guide. This value is valid only - // for symmetric CMKs. - // - // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS - // KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // and creates its key material in the associated AWS CloudHSM cluster. You - // must also use the CustomKeyStoreId parameter to identify the custom key store. - // This value is valid only for symmetric CMKs. + // Creates a multi-Region primary key that you can replicate into other Amazon + // Web Services Regions. You cannot change this value after you create the KMS + // key. + // + // For a multi-Region key, set this parameter to True. For a single-Region KMS + // key, omit this parameter or set it to False. The default value is False. + // + // This operation supports multi-Region keys, an KMS feature that lets you create + // multiple interoperable KMS keys in different Amazon Web Services Regions. + // Because these KMS keys have the same key ID, key material, and other metadata, + // you can use them interchangeably to encrypt data in one Amazon Web Services + // Region and decrypt it in a different Amazon Web Services Region without re-encrypting + // the data or making a cross-Region call. For more information about multi-Region + // keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) + // in the Key Management Service Developer Guide. + // + // This value creates a primary key, not a replica. To create a replica key, + // use the ReplicateKey operation. + // + // You can create a symmetric or asymmetric multi-Region key, and you can create + // a multi-Region key with imported key material. However, you cannot create + // a multi-Region key in a custom key store. + MultiRegion *bool `type:"boolean"` + + // The source of the key material for the KMS key. You cannot change the origin + // after you create the KMS key. The default is AWS_KMS, which means that KMS + // creates the key material. + // + // To create a KMS key with no key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) + // (for imported key material), set this value to EXTERNAL. For more information + // about importing key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) + // in the Key Management Service Developer Guide. The EXTERNAL origin value + // is valid only for symmetric KMS keys. + // + // To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) + // and create its key material in the associated CloudHSM cluster, set this + // value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to + // identify the CloudHSM key store. The KeySpec value must be SYMMETRIC_DEFAULT. + // + // To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html), + // set this value to EXTERNAL_KEY_STORE. You must also use the CustomKeyStoreId + // parameter to identify the external key store and the XksKeyId parameter to + // identify the associated external key. The KeySpec value must be SYMMETRIC_DEFAULT. Origin *string `type:"string" enum:"OriginType"` - // The key policy to attach to the CMK. + // The key policy to attach to the KMS key. // // If you provide a key policy, it must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy - // must allow the principal that is making the CreateKey request to make - // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that - // the CMK becomes unmanageable. For more information, refer to the scenario - // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the AWS Key Management Service Developer Guide . + // * The key policy must allow the calling principal to make a subsequent + // PutKeyPolicy request on the KMS key. This reduces the risk that the KMS + // key becomes unmanageable. For more information, see Default key policy + // (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. (To omit this condition, + // set BypassPolicyLockoutSafetyCheck to true.) // // * Each statement in the key policy must contain one or more principals. - // The principals in the key policy must exist and be visible to AWS KMS. - // When you create a new AWS principal (for example, an IAM user or role), - // you might need to enforce a delay before including the new principal in - // a key policy because the new principal might not be immediately visible - // to AWS KMS. For more information, see Changes that I make are not always - // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) - // in the AWS Identity and Access Management User Guide. - // - // If you do not provide a key policy, AWS KMS attaches a default key policy - // to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) - // in the AWS Key Management Service Developer Guide. + // The principals in the key policy must exist and be visible to KMS. When + // you create a new Amazon Web Services principal, you might need to enforce + // a delay before including the new principal in a key policy because the + // new principal might not be immediately visible to KMS. For more information, + // see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the Amazon Web Services Identity and Access Management User Guide. + // + // If you do not provide a key policy, KMS attaches a default key policy to + // the KMS key. For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // in the Key Management Service Developer Guide. // // The key policy size quota is 32 kilobytes (32768 bytes). + // + // For help writing and formatting a JSON policy document, see the IAM JSON + // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) + // in the Identity and Access Management User Guide . Policy *string `min:"1" type:"string"` - // One or more tags. Each tag consists of a tag key and a tag value. Both the - // tag key and the tag value are required, but the tag value can be an empty - // (null) string. + // Assigns one or more tags to the KMS key. Use this parameter to tag the KMS + // key when it is created. To tag an existing KMS key, use the TagResource operation. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // Tagging or untagging a KMS key can allow or deny permission to the KMS key. + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the Key Management Service Developer Guide. // - // When you add tags to an AWS resource, AWS generates a cost allocation report - // with usage and costs aggregated by tags. For information about adding, changing, - // deleting and listing tags for CMKs, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). + // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) + // permission in an IAM policy. // - // Use this parameter to tag the CMK when it is created. To add tags to an existing - // CMK, use the TagResource operation. + // Each tag consists of a tag key and a tag value. Both the tag key and the + // tag value are required, but the tag value can be an empty (null) string. + // You cannot have more than one tag on a KMS key with the same tag key. If + // you specify an existing tag key with a different tag value, KMS replaces + // the current tag value with the specified one. + // + // When you add tags to an Amazon Web Services resource, Amazon Web Services + // generates a cost allocation report with usage and costs aggregated by tags. + // Tags can also be used to control access to a KMS key. For details, see Tagging + // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). Tags []*Tag `type:"list"` -} -// String returns the string representation + // Identifies the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) + // that serves as key material for the KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html). + // Specify the ID that the external key store proxy (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy) + // uses to refer to the external key. For help, see the documentation for your + // external key store proxy. + // + // This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE. + // It is not valid for KMS keys with any other Origin value. + // + // The external key must be an existing 256-bit AES symmetric encryption key + // hosted outside of Amazon Web Services in an external key manager associated + // with the external key store specified by the CustomKeyStoreId parameter. + // This key must be enabled and configured to perform encryption and decryption. + // Each KMS key in an external key store must use a different external key. + // For details, see Requirements for a KMS key in an external key store (https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements) + // in the Key Management Service Developer Guide. + // + // Each KMS key in an external key store is associated two backing keys. One + // is key material that KMS generates. The other is the external key specified + // by this parameter. When you use the KMS key in an external key store to encrypt + // data, the encryption operation is performed first by KMS using the KMS key + // material, and then by the external key manager using the specified external + // key, a process known as double encryption. For details, see Double encryption + // (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption) + // in the Key Management Service Developer Guide. + XksKeyId *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateKeyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateKeyInput) GoString() string { return s.String() } @@ -7649,6 +11565,9 @@ func (s *CreateKeyInput) Validate() error { if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } + if s.XksKeyId != nil && len(*s.XksKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("XksKeyId", 1)) + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -7690,12 +11609,24 @@ func (s *CreateKeyInput) SetDescription(v string) *CreateKeyInput { return s } +// SetKeySpec sets the KeySpec field's value. +func (s *CreateKeyInput) SetKeySpec(v string) *CreateKeyInput { + s.KeySpec = &v + return s +} + // SetKeyUsage sets the KeyUsage field's value. func (s *CreateKeyInput) SetKeyUsage(v string) *CreateKeyInput { s.KeyUsage = &v return s } +// SetMultiRegion sets the MultiRegion field's value. +func (s *CreateKeyInput) SetMultiRegion(v bool) *CreateKeyInput { + s.MultiRegion = &v + return s +} + // SetOrigin sets the Origin field's value. func (s *CreateKeyInput) SetOrigin(v string) *CreateKeyInput { s.Origin = &v @@ -7714,19 +11645,33 @@ func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput { return s } +// SetXksKeyId sets the XksKeyId field's value. +func (s *CreateKeyInput) SetXksKeyId(v string) *CreateKeyInput { + s.XksKeyId = &v + return s +} + type CreateKeyOutput struct { _ struct{} `type:"structure"` - // Metadata associated with the CMK. + // Metadata associated with the KMS key. KeyMetadata *KeyMetadata `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateKeyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateKeyOutput) GoString() string { return s.String() } @@ -7737,10 +11682,10 @@ func (s *CreateKeyOutput) SetKeyMetadata(v *KeyMetadata) *CreateKeyOutput { return s } -// The request was rejected because the custom key store contains AWS KMS customer -// master keys (CMKs). After verifying that you do not need to use the CMKs, -// use the ScheduleKeyDeletion operation to delete the CMKs. After they are -// deleted, you can delete the custom key store. +// The request was rejected because the custom key store contains KMS keys. +// After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion +// operation to delete the KMS keys. After they are deleted, you can delete +// the custom key store. type CustomKeyStoreHasCMKsException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -7748,12 +11693,20 @@ type CustomKeyStoreHasCMKsException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreHasCMKsException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreHasCMKsException) GoString() string { return s.String() } @@ -7802,17 +11755,27 @@ func (s *CustomKeyStoreHasCMKsException) RequestID() string { // // This exception is thrown under the following conditions: // -// * You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. // -// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation -// on a custom key store that is not disconnected. This operation is valid -// only when the custom key store ConnectionState is DISCONNECTED. +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // -// * You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. +// +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. type CustomKeyStoreInvalidStateException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -7820,12 +11783,20 @@ type CustomKeyStoreInvalidStateException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreInvalidStateException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreInvalidStateException) GoString() string { return s.String() } @@ -7878,12 +11849,20 @@ type CustomKeyStoreNameInUseException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreNameInUseException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreNameInUseException) GoString() string { return s.String() } @@ -7926,7 +11905,7 @@ func (s *CustomKeyStoreNameInUseException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because AWS KMS cannot find a custom key store with +// The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. type CustomKeyStoreNotFoundException struct { _ struct{} `type:"structure"` @@ -7935,12 +11914,20 @@ type CustomKeyStoreNotFoundException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreNotFoundException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoreNotFoundException) GoString() string { return s.String() } @@ -7988,84 +11975,164 @@ func (s *CustomKeyStoreNotFoundException) RequestID() string { type CustomKeyStoresListEntry struct { _ struct{} `type:"structure"` - // A unique identifier for the AWS CloudHSM cluster that is associated with - // the custom key store. + // A unique identifier for the CloudHSM cluster that is associated with an CloudHSM + // key store. This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM. CloudHsmClusterId *string `min:"19" type:"string"` // Describes the connection error. This field appears in the response only when - // the ConnectionState is FAILED. For help resolving these errors, see How to - // Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) - // in AWS Key Management Service Developer Guide. - // - // Valid values are: + // the ConnectionState is FAILED. // - // * CLUSTER_NOT_FOUND - AWS KMS cannot find the AWS CloudHSM cluster with - // the specified cluster ID. + // Many failures can be resolved by updating the properties of the custom key + // store. To update a custom key store, disconnect it (DisconnectCustomKeyStore), + // correct the errors (UpdateCustomKeyStore), and try to connect again (ConnectCustomKeyStore). + // For additional help resolving these errors, see How to Fix a Connection Failure + // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in Key Management Service Developer Guide. // - // * INSUFFICIENT_CLOUDHSM_HSMS - The associated AWS CloudHSM cluster does - // not contain any active HSMs. To connect a custom key store to its AWS - // CloudHSM cluster, the cluster must contain at least one active HSM. + // All custom key stores: // - // * INTERNAL_ERROR - AWS KMS could not complete the request due to an internal + // * INTERNAL_ERROR — KMS could not complete the request due to an internal // error. Retry the request. For ConnectCustomKeyStore requests, disconnect // the custom key store before trying to connect again. // - // * INVALID_CREDENTIALS - AWS KMS does not have the correct password for - // the kmsuser crypto user in the AWS CloudHSM cluster. Before you can connect - // your custom key store to its AWS CloudHSM cluster, you must change the - // kmsuser account password and update the key store password value for the - // custom key store. - // - // * NETWORK_ERRORS - Network errors are preventing AWS KMS from connecting - // to the custom key store. - // - // * SUBNET_NOT_FOUND - A subnet in the AWS CloudHSM cluster configuration - // was deleted. If AWS KMS cannot find all of the subnets in the cluster - // configuration, attempts to connect the custom key store to the AWS CloudHSM - // cluster fail. To fix this error, create a cluster from a recent backup - // and associate it with your custom key store. (This process creates a new - // cluster configuration with a VPC and private subnets.) For details, see - // How to Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) - // in the AWS Key Management Service Developer Guide. - // - // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated - // AWS CloudHSM cluster due to too many failed password attempts. Before - // you can connect your custom key store to its AWS CloudHSM cluster, you - // must change the kmsuser account password and update the key store password + // * NETWORK_ERRORS — Network errors are preventing KMS from connecting + // the custom key store to its backing key store. + // + // CloudHSM key stores: + // + // * CLUSTER_NOT_FOUND — KMS cannot find the CloudHSM cluster with the + // specified cluster ID. + // + // * INSUFFICIENT_CLOUDHSM_HSMS — The associated CloudHSM cluster does + // not contain any active HSMs. To connect a custom key store to its CloudHSM + // cluster, the cluster must contain at least one active HSM. + // + // * INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET — At least one private subnet + // associated with the CloudHSM cluster doesn't have any available IP addresses. + // A CloudHSM key store connection requires one free IP address in each of + // the associated private subnets, although two are preferable. For details, + // see How to Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in the Key Management Service Developer Guide. + // + // * INVALID_CREDENTIALS — The KeyStorePassword for the custom key store + // doesn't match the current password of the kmsuser crypto user in the CloudHSM + // cluster. Before you can connect your custom key store to its CloudHSM + // cluster, you must change the kmsuser account password and update the KeyStorePassword // value for the custom key store. // - // * USER_LOGGED_IN - The kmsuser CU account is logged into the the associated - // AWS CloudHSM cluster. This prevents AWS KMS from rotating the kmsuser - // account password and logging into the cluster. Before you can connect - // your custom key store to its AWS CloudHSM cluster, you must log the kmsuser - // CU out of the cluster. If you changed the kmsuser password to log into - // the cluster, you must also and update the key store password value for - // the custom key store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2) - // in the AWS Key Management Service Developer Guide. - // - // * USER_NOT_FOUND - AWS KMS cannot find a kmsuser CU account in the associated - // AWS CloudHSM cluster. Before you can connect your custom key store to - // its AWS CloudHSM cluster, you must create a kmsuser CU account in the - // cluster, and then update the key store password value for the custom key - // store. + // * SUBNET_NOT_FOUND — A subnet in the CloudHSM cluster configuration + // was deleted. If KMS cannot find all of the subnets in the cluster configuration, + // attempts to connect the custom key store to the CloudHSM cluster fail. + // To fix this error, create a cluster from a recent backup and associate + // it with your custom key store. (This process creates a new cluster configuration + // with a VPC and private subnets.) For details, see How to Fix a Connection + // Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in the Key Management Service Developer Guide. + // + // * USER_LOCKED_OUT — The kmsuser CU account is locked out of the associated + // CloudHSM cluster due to too many failed password attempts. Before you + // can connect your custom key store to its CloudHSM cluster, you must change + // the kmsuser account password and update the key store password value for + // the custom key store. + // + // * USER_LOGGED_IN — The kmsuser CU account is logged into the associated + // CloudHSM cluster. This prevents KMS from rotating the kmsuser account + // password and logging into the cluster. Before you can connect your custom + // key store to its CloudHSM cluster, you must log the kmsuser CU out of + // the cluster. If you changed the kmsuser password to log into the cluster, + // you must also and update the key store password value for the custom key + // store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2) + // in the Key Management Service Developer Guide. + // + // * USER_NOT_FOUND — KMS cannot find a kmsuser CU account in the associated + // CloudHSM cluster. Before you can connect your custom key store to its + // CloudHSM cluster, you must create a kmsuser CU account in the cluster, + // and then update the key store password value for the custom key store. + // + // External key stores: + // + // * INVALID_CREDENTIALS — One or both of the XksProxyAuthenticationCredential + // values is not valid on the specified external key store proxy. + // + // * XKS_PROXY_ACCESS_DENIED — KMS requests are denied access to the external + // key store proxy. If the external key store proxy has authorization rules, + // verify that they permit KMS to communicate with the proxy on your behalf. + // + // * XKS_PROXY_INVALID_CONFIGURATION — A configuration error is preventing + // the external key store from connecting to its proxy. Verify the value + // of the XksProxyUriPath. + // + // * XKS_PROXY_INVALID_RESPONSE — KMS cannot interpret the response from + // the external key store proxy. If you see this connection error code repeatedly, + // notify your external key store proxy vendor. + // + // * XKS_PROXY_INVALID_TLS_CONFIGURATION — KMS cannot connect to the external + // key store proxy because the TLS configuration is invalid. Verify that + // the XKS proxy supports TLS 1.2 or 1.3. Also, verify that the TLS certificate + // is not expired, and that it matches the hostname in the XksProxyUriEndpoint + // value, and that it is signed by a certificate authority included in the + // Trusted Certificate Authorities (https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities) + // list. + // + // * XKS_PROXY_NOT_REACHABLE — KMS can't communicate with your external + // key store proxy. Verify that the XksProxyUriEndpoint and XksProxyUriPath + // are correct. Use the tools for your external key store proxy to verify + // that the proxy is active and available on its network. Also, verify that + // your external key manager instances are operating properly. Connection + // attempts fail with this connection error code if the proxy reports that + // all external key manager instances are unavailable. + // + // * XKS_PROXY_TIMED_OUT — KMS can connect to the external key store proxy, + // but the proxy does not respond to KMS in the time allotted. If you see + // this connection error code repeatedly, notify your external key store + // proxy vendor. + // + // * XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION — The Amazon VPC endpoint + // service configuration doesn't conform to the requirements for an KMS external + // key store. The VPC endpoint service must be an endpoint service for interface + // endpoints in the caller's Amazon Web Services account. It must have a + // network load balancer (NLB) connected to at least two subnets, each in + // a different Availability Zone. The Allow principals list must include + // the KMS service principal for the Region, cks.kms..amazonaws.com, + // such as cks.kms.us-east-1.amazonaws.com. It must not require acceptance + // (https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html) + // of connection requests. It must have a private DNS name. The private DNS + // name for an external key store with VPC_ENDPOINT_SERVICE connectivity + // must be unique in its Amazon Web Services Region. The domain of the private + // DNS name must have a verification status (https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html) + // of verified. The TLS certificate (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html) + // specifies the private DNS hostname at which the endpoint is reachable. + // + // * XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND — KMS can't find the VPC endpoint + // service that it uses to communicate with the external key store proxy. + // Verify that the XksProxyVpcEndpointServiceName is correct and the KMS + // service principal has service consumer permissions on the Amazon VPC endpoint + // service. ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` - // Indicates whether the custom key store is connected to its AWS CloudHSM cluster. + // Indicates whether the custom key store is connected to its backing key store. + // For an CloudHSM key store, the ConnectionState indicates whether it is connected + // to its CloudHSM cluster. For an external key store, the ConnectionState indicates + // whether it is connected to the external key store proxy that communicates + // with your external key manager. // - // You can create and use CMKs in your custom key stores only when its connection - // state is CONNECTED. + // You can create and use KMS keys in your custom key stores only when its ConnectionState + // is CONNECTED. // - // The value is DISCONNECTED if the key store has never been connected or you - // use the DisconnectCustomKeyStore operation to disconnect it. If the value - // is CONNECTED but you are having trouble using the custom key store, make - // sure that its associated AWS CloudHSM cluster is active and contains at least - // one active HSM. + // The ConnectionState value is DISCONNECTED only if the key store has never + // been connected or you use the DisconnectCustomKeyStore operation to disconnect + // it. If the value is CONNECTED but you are having trouble using the custom + // key store, make sure that the backing key store is reachable and active. + // For an CloudHSM key store, verify that its associated CloudHSM cluster is + // active and contains at least one active HSM. For an external key store, verify + // that the external key store proxy and external key manager are connected + // and enabled. // // A value of FAILED indicates that an attempt to connect was unsuccessful. // The ConnectionErrorCode field in the response indicates the cause of the - // failure. For help resolving a connection failure, see Troubleshooting a Custom - // Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) - // in the AWS Key Management Service Developer Guide. + // failure. For help resolving a connection failure, see Troubleshooting a custom + // key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) + // in the Key Management Service Developer Guide. ConnectionState *string `type:"string" enum:"ConnectionStateType"` // The date and time when the custom key store was created. @@ -8077,18 +12144,42 @@ type CustomKeyStoresListEntry struct { // The user-specified friendly name for the custom key store. CustomKeyStoreName *string `min:"1" type:"string"` - // The trust anchor certificate of the associated AWS CloudHSM cluster. When - // you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // Indicates the type of the custom key store. AWS_CLOUDHSM indicates a custom + // key store backed by an CloudHSM cluster. EXTERNAL_KEY_STORE indicates a custom + // key store backed by an external key store proxy and external key manager + // outside of Amazon Web Services. + CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"` + + // The trust anchor certificate of the CloudHSM cluster associated with an CloudHSM + // key store. When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create this certificate and save it in the customerCA.crt file. + // + // This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM. TrustAnchorCertificate *string `min:"1" type:"string"` + + // Configuration settings for the external key store proxy (XKS proxy). The + // external key store proxy translates KMS requests into a format that your + // external key manager can understand. The proxy configuration includes connection + // information that KMS requires. + // + // This field appears only when the CustomKeyStoreType is EXTERNAL_KEY_STORE. + XksProxyConfiguration *XksProxyConfigurationType `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoresListEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CustomKeyStoresListEntry) GoString() string { return s.String() } @@ -8129,66 +12220,90 @@ func (s *CustomKeyStoresListEntry) SetCustomKeyStoreName(v string) *CustomKeySto return s } +// SetCustomKeyStoreType sets the CustomKeyStoreType field's value. +func (s *CustomKeyStoresListEntry) SetCustomKeyStoreType(v string) *CustomKeyStoresListEntry { + s.CustomKeyStoreType = &v + return s +} + // SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value. func (s *CustomKeyStoresListEntry) SetTrustAnchorCertificate(v string) *CustomKeyStoresListEntry { s.TrustAnchorCertificate = &v return s } +// SetXksProxyConfiguration sets the XksProxyConfiguration field's value. +func (s *CustomKeyStoresListEntry) SetXksProxyConfiguration(v *XksProxyConfigurationType) *CustomKeyStoresListEntry { + s.XksProxyConfiguration = v + return s +} + type DecryptInput struct { _ struct{} `type:"structure"` // Ciphertext to be decrypted. The blob includes metadata. - // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. // // CiphertextBlob is a required field CiphertextBlob []byte `min:"1" type:"blob" required:"true"` + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + // Specifies the encryption algorithm that will be used to decrypt the ciphertext. // Specify the same algorithm that was used to encrypt the data. If you specify // a different algorithm, the Decrypt operation fails. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. The default value, SYMMETRIC_DEFAULT, represents the only - // supported algorithm that is valid for symmetric CMKs. + // asymmetric KMS key. The default value, SYMMETRIC_DEFAULT, represents the + // only supported algorithm that is valid for symmetric encryption KMS keys. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context to use when decrypting the data. An encryption // context is valid only for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // with a symmetric CMK. The standard asymmetric encryption algorithms that - // AWS KMS uses do not support an encryption context. + // with a symmetric encryption KMS key. The standard asymmetric encryption algorithms + // and HMAC algorithms that KMS uses do not support an encryption context. // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the customer master key (CMK) that AWS KMS will use to decrypt - // the ciphertext. Enter a key ID of the CMK that was used to encrypt the ciphertext. + // Specifies the KMS key that KMS uses to decrypt the ciphertext. // - // If you specify a KeyId value, the Decrypt operation succeeds only if the - // specified CMK was used to encrypt the ciphertext. + // Enter a key ID of the KMS key that was used to encrypt the ciphertext. If + // you identify a different KMS key, the Decrypt operation throws an IncorrectKeyException. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. Otherwise, AWS KMS uses the metadata that it adds to the - // ciphertext blob to determine which CMK was used to encrypt the ciphertext. - // However, you can use this parameter to ensure that a particular CMK (of any - // kind) is used to decrypt the ciphertext. + // asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get + // the KMS key from metadata that it adds to the symmetric ciphertext blob. + // However, it is always recommended as a best practice. This practice ensures + // that you use the KMS key that you intend. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -8200,17 +12315,46 @@ type DecryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. KeyId *string `min:"1" type:"string"` + + // A signed attestation document (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning the plaintext data, KMS + // encrypts the plaintext data with the public key in the attestation document, + // and returns the resulting ciphertext in the CiphertextForRecipient field + // in the response. This ciphertext can be decrypted only with the private key + // in the enclave. The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecryptInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecryptInput) GoString() string { return s.String() } @@ -8227,6 +12371,11 @@ func (s *DecryptInput) Validate() error { if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -8240,6 +12389,12 @@ func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput { return s } +// SetDryRun sets the DryRun field's value. +func (s *DecryptInput) SetDryRun(v bool) *DecryptInput { + s.DryRun = &v + return s +} + // SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. func (s *DecryptInput) SetEncryptionAlgorithm(v string) *DecryptInput { s.EncryptionAlgorithm = &v @@ -8264,33 +12419,71 @@ func (s *DecryptInput) SetKeyId(v string) *DecryptInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *DecryptInput) SetRecipient(v *RecipientInfo) *DecryptInput { + s.Recipient = v + return s +} + type DecryptOutput struct { _ struct{} `type:"structure"` + // The plaintext data encrypted with the public key in the attestation document. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The encryption algorithm that was used to decrypt the ciphertext. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that was used to decrypt the ciphertext. + // of the KMS key that was used to decrypt the ciphertext. KeyId *string `min:"1" type:"string"` - // Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. + // Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // + // Plaintext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DecryptOutput's + // String and GoString methods. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecryptOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecryptOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *DecryptOutput) SetCiphertextForRecipient(v []byte) *DecryptOutput { + s.CiphertextForRecipient = v + return s +} + // SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. func (s *DecryptOutput) SetEncryptionAlgorithm(v string) *DecryptOutput { s.EncryptionAlgorithm = &v @@ -8319,12 +12512,20 @@ type DeleteAliasInput struct { AliasName *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAliasInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAliasInput) GoString() string { return s.String() } @@ -8355,12 +12556,20 @@ type DeleteAliasOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAliasOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteAliasOutput) GoString() string { return s.String() } @@ -8375,12 +12584,20 @@ type DeleteCustomKeyStoreInput struct { CustomKeyStoreId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteCustomKeyStoreInput) GoString() string { return s.String() } @@ -8411,12 +12628,20 @@ type DeleteCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteCustomKeyStoreOutput) GoString() string { return s.String() } @@ -8424,10 +12649,10 @@ func (s DeleteCustomKeyStoreOutput) GoString() string { type DeleteImportedKeyMaterialInput struct { _ struct{} `type:"structure"` - // Identifies the CMK from which you are deleting imported key material. The - // Origin of the CMK must be EXTERNAL. + // Identifies the KMS key from which you are deleting imported key material. + // The Origin of the KMS key must be EXTERNAL. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -8435,18 +12660,26 @@ type DeleteImportedKeyMaterialInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteImportedKeyMaterialInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteImportedKeyMaterialInput) GoString() string { return s.String() } @@ -8477,18 +12710,26 @@ type DeleteImportedKeyMaterialOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteImportedKeyMaterialOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteImportedKeyMaterialOutput) GoString() string { return s.String() } -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. type DependencyTimeoutException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -8496,12 +12737,20 @@ type DependencyTimeoutException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DependencyTimeoutException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DependencyTimeoutException) GoString() string { return s.String() } @@ -8544,62 +12793,145 @@ func (s *DependencyTimeoutException) RequestID() string { return s.RespMetadata.RequestID } -type DescribeCustomKeyStoresInput struct { +type DeriveSharedSecretInput struct { _ struct{} `type:"structure"` - // Gets only information about the specified custom key store. Enter the key - // store ID. + // Checks if your request will succeed. DryRun is an optional parameter. // - // By default, this operation gets information about all custom key stores in - // the account and region. To limit the output to a particular custom key store, - // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, - // but not both. - CustomKeyStoreId *string `min:"1" type:"string"` + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` - // Gets only information about the specified custom key store. Enter the friendly - // name of the custom key store. + // A list of grant tokens. // - // By default, this operation gets information about all custom key stores in - // the account and region. To limit the output to a particular custom key store, - // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, - // but not both. - CustomKeyStoreName *string `min:"1" type:"string"` + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` - // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number - // of items, but it might return fewer. - Limit *int64 `min:"1" type:"integer"` + // Specifies the key agreement algorithm used to derive the shared secret. The + // only valid value is ECDH. + // + // KeyAgreementAlgorithm is a required field + KeyAgreementAlgorithm *string `type:"string" required:"true" enum:"KeyAgreementAlgorithmSpec"` - // Use this parameter in a subsequent request after you receive a response with - // truncated results. Set it to the value of NextMarker from the truncated response - // you just received. - Marker *string `min:"1" type:"string"` -} + // Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions only) + // KMS key. KMS uses the private key in the specified key pair to derive the + // shared secret. The key usage of the KMS key must be KEY_AGREEMENT. To find + // the KeyUsage of a KMS key, use the DescribeKey operation. + // + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` -// String returns the string representation -func (s DescribeCustomKeyStoresInput) String() string { + // Specifies the public key in your peer's NIST-recommended elliptic curve (ECC) + // or SM2 (China Regions only) key pair. + // + // The public key must be a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo + // (SPKI), as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). + // + // GetPublicKey returns the public key of an asymmetric KMS key pair in the + // required DER-encoded format. + // + // If you use Amazon Web Services CLI version 1 (https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-welcome.html), + // you must provide the DER-encoded X.509 public key in a file. Otherwise, the + // Amazon Web Services CLI Base64-encodes the public key a second time, resulting + // in a ValidationException. + // + // You can specify the public key as binary data in a file using fileb (fileb://) + // or in-line using a Base64 encoded string. + // PublicKey is automatically base64 encoded/decoded by the SDK. + // + // PublicKey is a required field + PublicKey []byte `min:"1" type:"blob" required:"true"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web Services Nitro + // Enclaves, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // to generate the attestation document and then use the Recipient parameter + // from any Amazon Web Services SDK to provide the attestation document for + // the enclave. + // + // When you use this parameter, instead of returning a plaintext copy of the + // shared secret, KMS encrypts the plaintext shared secret under the public + // key in the attestation document, and returns the resulting ciphertext in + // the CiphertextForRecipient field in the response. This ciphertext can be + // decrypted only with the private key in the enclave. The CiphertextBlob field + // in the response contains the encrypted shared secret derived from the KMS + // key specified by the KeyId parameter and public key specified by the PublicKey + // parameter. The SharedSecret field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeriveSharedSecretInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeCustomKeyStoresInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeriveSharedSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeCustomKeyStoresInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeCustomKeyStoresInput"} - if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) +func (s *DeriveSharedSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeriveSharedSecretInput"} + if s.KeyAgreementAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("KeyAgreementAlgorithm")) } - if s.CustomKeyStoreName != nil && len(*s.CustomKeyStoreName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreName", 1)) + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) } - if s.Limit != nil && *s.Limit < 1 { - invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } - if s.Marker != nil && len(*s.Marker) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + if s.PublicKey == nil { + invalidParams.Add(request.NewErrParamRequired("PublicKey")) + } + if s.PublicKey != nil && len(s.PublicKey) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublicKey", 1)) + } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } } if invalidParams.Len() > 0 { @@ -8608,53 +12940,262 @@ func (s *DescribeCustomKeyStoresInput) Validate() error { return nil } -// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. -func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreId(v string) *DescribeCustomKeyStoresInput { - s.CustomKeyStoreId = &v +// SetDryRun sets the DryRun field's value. +func (s *DeriveSharedSecretInput) SetDryRun(v bool) *DeriveSharedSecretInput { + s.DryRun = &v return s } -// SetCustomKeyStoreName sets the CustomKeyStoreName field's value. -func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreName(v string) *DescribeCustomKeyStoresInput { - s.CustomKeyStoreName = &v +// SetGrantTokens sets the GrantTokens field's value. +func (s *DeriveSharedSecretInput) SetGrantTokens(v []*string) *DeriveSharedSecretInput { + s.GrantTokens = v return s } -// SetLimit sets the Limit field's value. -func (s *DescribeCustomKeyStoresInput) SetLimit(v int64) *DescribeCustomKeyStoresInput { - s.Limit = &v +// SetKeyAgreementAlgorithm sets the KeyAgreementAlgorithm field's value. +func (s *DeriveSharedSecretInput) SetKeyAgreementAlgorithm(v string) *DeriveSharedSecretInput { + s.KeyAgreementAlgorithm = &v return s } -// SetMarker sets the Marker field's value. -func (s *DescribeCustomKeyStoresInput) SetMarker(v string) *DescribeCustomKeyStoresInput { - s.Marker = &v +// SetKeyId sets the KeyId field's value. +func (s *DeriveSharedSecretInput) SetKeyId(v string) *DeriveSharedSecretInput { + s.KeyId = &v return s } -type DescribeCustomKeyStoresOutput struct { +// SetPublicKey sets the PublicKey field's value. +func (s *DeriveSharedSecretInput) SetPublicKey(v []byte) *DeriveSharedSecretInput { + s.PublicKey = v + return s +} + +// SetRecipient sets the Recipient field's value. +func (s *DeriveSharedSecretInput) SetRecipient(v *RecipientInfo) *DeriveSharedSecretInput { + s.Recipient = v + return s +} + +type DeriveSharedSecretOutput struct { _ struct{} `type:"structure"` - // Contains metadata about each custom key store. - CustomKeyStores []*CustomKeyStoresListEntry `type:"list"` + // The plaintext shared secret encrypted with the public key in the attestation + // document. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` - // When Truncated is true, this element is present and contains the value to - // use for the Marker parameter in a subsequent request. - NextMarker *string `min:"1" type:"string"` + // Identifies the key agreement algorithm used to derive the shared secret. + KeyAgreementAlgorithm *string `type:"string" enum:"KeyAgreementAlgorithmSpec"` - // A flag that indicates whether there are more items in the list. When this - // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in thisresponse to the Marker parameter + // Identifies the KMS key used to derive the shared secret. + KeyId *string `min:"1" type:"string"` + + // The source of the key material for the specified KMS key. + // + // When this value is AWS_KMS, KMS created the key material. When this value + // is EXTERNAL, the key material was imported or the KMS key doesn't have any + // key material. + // + // The only valid values for DeriveSharedSecret are AWS_KMS and EXTERNAL. DeriveSharedSecret + // does not support KMS keys with a KeyOrigin value of AWS_CLOUDHSM or EXTERNAL_KEY_STORE. + KeyOrigin *string `type:"string" enum:"OriginType"` + + // The raw secret derived from the specified key agreement algorithm, private + // key in the asymmetric KMS key, and your peer's public key. + // + // If the response includes the CiphertextForRecipient field, the SharedSecret + // field is null or empty. + // + // SharedSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DeriveSharedSecretOutput's + // String and GoString methods. + // + // SharedSecret is automatically base64 encoded/decoded by the SDK. + SharedSecret []byte `min:"1" type:"blob" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeriveSharedSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeriveSharedSecretOutput) GoString() string { + return s.String() +} + +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *DeriveSharedSecretOutput) SetCiphertextForRecipient(v []byte) *DeriveSharedSecretOutput { + s.CiphertextForRecipient = v + return s +} + +// SetKeyAgreementAlgorithm sets the KeyAgreementAlgorithm field's value. +func (s *DeriveSharedSecretOutput) SetKeyAgreementAlgorithm(v string) *DeriveSharedSecretOutput { + s.KeyAgreementAlgorithm = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *DeriveSharedSecretOutput) SetKeyId(v string) *DeriveSharedSecretOutput { + s.KeyId = &v + return s +} + +// SetKeyOrigin sets the KeyOrigin field's value. +func (s *DeriveSharedSecretOutput) SetKeyOrigin(v string) *DeriveSharedSecretOutput { + s.KeyOrigin = &v + return s +} + +// SetSharedSecret sets the SharedSecret field's value. +func (s *DeriveSharedSecretOutput) SetSharedSecret(v []byte) *DeriveSharedSecretOutput { + s.SharedSecret = v + return s +} + +type DescribeCustomKeyStoresInput struct { + _ struct{} `type:"structure"` + + // Gets only information about the specified custom key store. Enter the key + // store ID. + // + // By default, this operation gets information about all custom key stores in + // the account and Region. To limit the output to a particular custom key store, + // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but + // not both. + CustomKeyStoreId *string `min:"1" type:"string"` + + // Gets only information about the specified custom key store. Enter the friendly + // name of the custom key store. + // + // By default, this operation gets information about all custom key stores in + // the account and Region. To limit the output to a particular custom key store, + // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but + // not both. + CustomKeyStoreName *string `min:"1" type:"string"` + + // Use this parameter to specify the maximum number of items to return. When + // this value is present, KMS does not return more than the specified number + // of items, but it might return fewer. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter in a subsequent request after you receive a response with + // truncated results. Set it to the value of NextMarker from the truncated response + // you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCustomKeyStoresInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeCustomKeyStoresInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeCustomKeyStoresInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeCustomKeyStoresInput"} + if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) + } + if s.CustomKeyStoreName != nil && len(*s.CustomKeyStoreName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreName", 1)) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. +func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreId(v string) *DescribeCustomKeyStoresInput { + s.CustomKeyStoreId = &v + return s +} + +// SetCustomKeyStoreName sets the CustomKeyStoreName field's value. +func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreName(v string) *DescribeCustomKeyStoresInput { + s.CustomKeyStoreName = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *DescribeCustomKeyStoresInput) SetLimit(v int64) *DescribeCustomKeyStoresInput { + s.Limit = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeCustomKeyStoresInput) SetMarker(v string) *DescribeCustomKeyStoresInput { + s.Marker = &v + return s +} + +type DescribeCustomKeyStoresOutput struct { + _ struct{} `type:"structure"` + + // Contains metadata about each custom key store. + CustomKeyStores []*CustomKeyStoresListEntry `type:"list"` + + // When Truncated is true, this element is present and contains the value to + // use for the Marker parameter in a subsequent request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. When this + // value is true, the list in this response is truncated. To get more items, + // pass the value of the NextMarker element in this response to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeCustomKeyStoresOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeCustomKeyStoresOutput) GoString() string { return s.String() } @@ -8682,19 +13223,24 @@ type DescribeKeyInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Describes the specified customer master key (CMK). + // Describes the specified KMS key. // - // If you specify a predefined AWS alias (an AWS alias with no key ID), KMS - // associates the alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) + // If you specify a predefined Amazon Web Services alias (an Amazon Web Services + // alias with no key ID), KMS associates the alias with an Amazon Web Services + // managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html##aws-managed-cmk) // and returns its KeyId and Arn in the response. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -8706,19 +13252,27 @@ type DescribeKeyInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeKeyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeKeyInput) GoString() string { return s.String() } @@ -8758,12 +13312,20 @@ type DescribeKeyOutput struct { KeyMetadata *KeyMetadata `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeKeyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeKeyOutput) GoString() string { return s.String() } @@ -8777,9 +13339,9 @@ func (s *DescribeKeyOutput) SetKeyMetadata(v *KeyMetadata) *DescribeKeyOutput { type DisableKeyInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Identifies the KMS key to disable. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -8787,18 +13349,26 @@ type DisableKeyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyInput) GoString() string { return s.String() } @@ -8829,12 +13399,20 @@ type DisableKeyOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyOutput) GoString() string { return s.String() } @@ -8842,12 +13420,13 @@ func (s DisableKeyOutput) GoString() string { type DisableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric customer master key (CMK). You cannot enable automatic - // rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks), - // CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), - // or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // Identifies a symmetric encryption KMS key. You cannot enable or disable automatic + // rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks), + // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), + // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), + // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -8855,18 +13434,26 @@ type DisableKeyRotationInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyRotationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyRotationInput) GoString() string { return s.String() } @@ -8897,17 +13484,25 @@ type DisableKeyRotationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyRotationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisableKeyRotationOutput) GoString() string { return s.String() } -// The request was rejected because the specified CMK is not enabled. +// The request was rejected because the specified KMS key is not enabled. type DisabledException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -8915,12 +13510,20 @@ type DisabledException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisabledException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisabledException) GoString() string { return s.String() } @@ -8973,12 +13576,20 @@ type DisconnectCustomKeyStoreInput struct { CustomKeyStoreId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisconnectCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisconnectCustomKeyStoreInput) GoString() string { return s.String() } @@ -9009,22 +13620,94 @@ type DisconnectCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisconnectCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DisconnectCustomKeyStoreOutput) GoString() string { return s.String() } +// The request was rejected because the DryRun parameter was specified. +type DryRunOperationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DryRunOperationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DryRunOperationException) GoString() string { + return s.String() +} + +func newErrorDryRunOperationException(v protocol.ResponseMetadata) error { + return &DryRunOperationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *DryRunOperationException) Code() string { + return "DryRunOperationException" +} + +// Message returns the exception's message. +func (s *DryRunOperationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *DryRunOperationException) OrigErr() error { + return nil +} + +func (s *DryRunOperationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *DryRunOperationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *DryRunOperationException) RequestID() string { + return s.RespMetadata.RequestID +} + type EnableKeyInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Identifies the KMS key to enable. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -9032,18 +13715,26 @@ type EnableKeyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyInput) GoString() string { return s.String() } @@ -9074,12 +13765,20 @@ type EnableKeyOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyOutput) GoString() string { return s.String() } @@ -9087,11 +13786,16 @@ func (s EnableKeyOutput) GoString() string { type EnableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric customer master key (CMK). You cannot enable automatic - // rotation of asymmetric CMKs, CMKs with imported key material, or CMKs in - // a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // Identifies a symmetric encryption KMS key. You cannot enable automatic rotation + // of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), + // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), + // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), + // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // To enable or disable automatic rotation of a set of related multi-Region + // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), + // set the property on the primary key. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -9099,18 +13803,38 @@ type EnableKeyRotationInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` + + // Use this parameter to specify a custom period of time between each rotation + // date. If no value is specified, the default value is 365 days. + // + // The rotation period defines the number of days after you enable automatic + // key rotation that KMS will rotate your key material, and the number of days + // between each automatic rotation thereafter. + // + // You can use the kms:RotationPeriodInDays (https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days) + // condition key to further constrain the values that principals can specify + // in the RotationPeriodInDays parameter. + RotationPeriodInDays *int64 `min:"90" type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyRotationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyRotationInput) GoString() string { return s.String() } @@ -9124,6 +13848,9 @@ func (s *EnableKeyRotationInput) Validate() error { if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } + if s.RotationPeriodInDays != nil && *s.RotationPeriodInDays < 90 { + invalidParams.Add(request.NewErrParamMinValue("RotationPeriodInDays", 90)) + } if invalidParams.Len() > 0 { return invalidParams @@ -9137,16 +13864,30 @@ func (s *EnableKeyRotationInput) SetKeyId(v string) *EnableKeyRotationInput { return s } +// SetRotationPeriodInDays sets the RotationPeriodInDays field's value. +func (s *EnableKeyRotationInput) SetRotationPeriodInDays(v int64) *EnableKeyRotationInput { + s.RotationPeriodInDays = &v + return s +} + type EnableKeyRotationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyRotationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EnableKeyRotationOutput) GoString() string { return s.String() } @@ -9154,40 +13895,60 @@ func (s EnableKeyRotationOutput) GoString() string { type EncryptInput struct { _ struct{} `type:"structure"` - // Specifies the encryption algorithm that AWS KMS will use to encrypt the plaintext - // message. The algorithm must be compatible with the CMK that you specify. + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + + // Specifies the encryption algorithm that KMS will use to encrypt the plaintext + // message. The algorithm must be compatible with the KMS key that you specify. // - // This parameter is required only for asymmetric CMKs. The default value, SYMMETRIC_DEFAULT, - // is the algorithm used for symmetric CMKs. If you are using an asymmetric - // CMK, we recommend RSAES_OAEP_SHA_256. + // This parameter is required only for asymmetric KMS keys. The default value, + // SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. + // If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256. + // + // The SM2PKE algorithm is only available in China Regions. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context that will be used to encrypt the data. An // encryption context is valid only for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // with a symmetric CMK. The standard asymmetric encryption algorithms that - // AWS KMS uses do not support an encryption context. + // with a symmetric encryption KMS key. The standard asymmetric encryption algorithms + // and HMAC algorithms that KMS uses do not support an encryption context. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // A unique identifier for the customer master key (CMK). + // Identifies the KMS key to use in the encryption operation. The KMS key must + // have a KeyUsage of ENCRYPT_DECRYPT. To find the KeyUsage of a KMS key, use + // the DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -9199,26 +13960,38 @@ type EncryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Data to be encrypted. // + // Plaintext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by EncryptInput's + // String and GoString methods. + // // Plaintext is automatically base64 encoded/decoded by the SDK. // // Plaintext is a required field Plaintext []byte `min:"1" type:"blob" required:"true" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EncryptInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EncryptInput) GoString() string { return s.String() } @@ -9245,6 +14018,12 @@ func (s *EncryptInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *EncryptInput) SetDryRun(v bool) *EncryptInput { + s.DryRun = &v + return s +} + // SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. func (s *EncryptInput) SetEncryptionAlgorithm(v string) *EncryptInput { s.EncryptionAlgorithm = &v @@ -9278,9 +14057,8 @@ func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput { type EncryptOutput struct { _ struct{} `type:"structure"` - // The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. - // + // The encrypted plaintext. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -9288,16 +14066,24 @@ type EncryptOutput struct { EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that was used to encrypt the plaintext. + // of the KMS key that was used to encrypt the plaintext. KeyId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EncryptOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EncryptOutput) GoString() string { return s.String() } @@ -9330,12 +14116,20 @@ type ExpiredImportTokenException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ExpiredImportTokenException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ExpiredImportTokenException) GoString() string { return s.String() } @@ -9381,30 +14175,48 @@ func (s *ExpiredImportTokenException) RequestID() string { type GenerateDataKeyInput struct { _ struct{} `type:"structure"` + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + // Specifies the encryption context that will be used when encrypting the data // key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Identifies the symmetric CMK that encrypts the data key. + // Specifies the symmetric encryption KMS key that encrypts the data key. You + // cannot specify an asymmetric KMS key or a KMS key in a custom key store. + // To get the type and origin of your KMS key, use the DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -9416,8 +14228,8 @@ type GenerateDataKeyInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -9436,14 +14248,45 @@ type GenerateDataKeyInput struct { // You must specify either the KeySpec or the NumberOfBytes parameter (but not // both) in every GenerateDataKey request. NumberOfBytes *int64 `min:"1" type:"integer"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning the plaintext data key, + // KMS encrypts the plaintext data key under the public key in the attestation + // document, and returns the resulting ciphertext in the CiphertextForRecipient + // field in the response. This ciphertext can be decrypted only with the private + // key in the enclave. The CiphertextBlob field in the response contains a copy + // of the data key encrypted under the KMS key specified by the KeyId parameter. + // The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyInput) GoString() string { return s.String() } @@ -9460,6 +14303,11 @@ func (s *GenerateDataKeyInput) Validate() error { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -9467,6 +14315,12 @@ func (s *GenerateDataKeyInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *GenerateDataKeyInput) SetDryRun(v bool) *GenerateDataKeyInput { + s.DryRun = &v + return s +} + // SetEncryptionContext sets the EncryptionContext field's value. func (s *GenerateDataKeyInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyInput { s.EncryptionContext = v @@ -9497,34 +14351,67 @@ func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateDataKeyInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyInput { + s.Recipient = v + return s +} + type GenerateDataKeyOutput struct { _ struct{} `type:"structure"` - // The encrypted copy of the data key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. - // + // The encrypted copy of the data key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` + // The plaintext data key encrypted with the public key from the Nitro enclave. + // This ciphertext can be decrypted only by using a private key in the Nitro + // enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the data key. + // of the KMS key that encrypted the data key. KeyId *string `min:"1" type:"string"` - // The plaintext data key. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. Use this data key - // to encrypt your data outside of KMS. Then, remove it from memory as soon - // as possible. + // The plaintext data key. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. Use + // this data key to encrypt your data outside of KMS. Then, remove it from memory + // as soon as possible. + // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // + // Plaintext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GenerateDataKeyOutput's + // String and GoString methods. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyOutput) GoString() string { return s.String() } @@ -9535,6 +14422,12 @@ func (s *GenerateDataKeyOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyOutp return s } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateDataKeyOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyOutput { + s.CiphertextForRecipient = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput { s.KeyId = &v @@ -9550,32 +14443,49 @@ func (s *GenerateDataKeyOutput) SetPlaintext(v []byte) *GenerateDataKeyOutput { type GenerateDataKeyPairInput struct { _ struct{} `type:"structure"` + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + // Specifies the encryption context that will be used when encrypting the private // key in the data key pair. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the symmetric CMK that encrypts the private key in the data key - // pair. You cannot specify an asymmetric CMK or a CMK in a custom key store. - // To get the type and origin of your CMK, use the DescribeKey operation. + // Specifies the symmetric encryption KMS key that encrypts the private key + // in the data key pair. You cannot specify an asymmetric KMS key or a KMS key + // in a custom key store. To get the type and origin of your KMS key, use the + // DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -9587,29 +14497,64 @@ type GenerateDataKeyPairInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Determines the type of data key pair that is generated. // - // The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt - // and decrypt or to sign and verify (but not both), and the rule that permits - // you to use ECC CMKs only to sign and verify, are not effective outside of - // AWS KMS. + // The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to + // encrypt and decrypt or to sign and verify (but not both), and the rule that + // permits you to use ECC KMS keys only to sign and verify, are not effective + // on data key pairs, which are used outside of KMS. The SM2 key spec is only + // available in China Regions. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` -} -// String returns the string representation + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web Services Nitro + // Enclaves, use the Amazon Web Services Nitro Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // to generate the attestation document and then use the Recipient parameter + // from any Amazon Web Services SDK to provide the attestation document for + // the enclave. + // + // When you use this parameter, instead of returning a plaintext copy of the + // private data key, KMS encrypts the plaintext private data key under the public + // key in the attestation document, and returns the resulting ciphertext in + // the CiphertextForRecipient field in the response. This ciphertext can be + // decrypted only with the private key in the enclave. The CiphertextBlob field + // in the response contains a copy of the private data key encrypted under the + // KMS key specified by the KeyId parameter. The PrivateKeyPlaintext field in + // the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairInput) GoString() string { return s.String() } @@ -9626,13 +14571,24 @@ func (s *GenerateDataKeyPairInput) Validate() error { if s.KeyPairSpec == nil { invalidParams.Add(request.NewErrParamRequired("KeyPairSpec")) } - + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } + if invalidParams.Len() > 0 { return invalidParams } return nil } +// SetDryRun sets the DryRun field's value. +func (s *GenerateDataKeyPairInput) SetDryRun(v bool) *GenerateDataKeyPairInput { + s.DryRun = &v + return s +} + // SetEncryptionContext sets the EncryptionContext field's value. func (s *GenerateDataKeyPairInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairInput { s.EncryptionContext = v @@ -9657,44 +14613,83 @@ func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPair return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateDataKeyPairInput) SetRecipient(v *RecipientInfo) *GenerateDataKeyPairInput { + s.Recipient = v + return s +} + type GenerateDataKeyPairOutput struct { _ struct{} `type:"structure"` + // The plaintext private data key encrypted with the public key from the Nitro + // enclave. This ciphertext can be decrypted only by using a private key in + // the Nitro enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the private key. + // of the KMS key that encrypted the private key. KeyId *string `min:"1" type:"string"` // The type of data key pair that was generated. KeyPairSpec *string `type:"string" enum:"DataKeyPairSpec"` - // The encrypted copy of the private key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. - // + // The encrypted copy of the private key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // PrivateKeyCiphertextBlob is automatically base64 encoded/decoded by the SDK. PrivateKeyCiphertextBlob []byte `min:"1" type:"blob"` - // The plaintext copy of the private key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // The plaintext copy of the private key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // + // If the response includes the CiphertextForRecipient field, the PrivateKeyPlaintext + // field is null or empty. + // + // PrivateKeyPlaintext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GenerateDataKeyPairOutput's + // String and GoString methods. // // PrivateKeyPlaintext is automatically base64 encoded/decoded by the SDK. PrivateKeyPlaintext []byte `min:"1" type:"blob" sensitive:"true"` - // The public key (in plaintext). - // + // The public key (in plaintext). When you use the HTTP API or the Amazon Web + // Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // PublicKey is automatically base64 encoded/decoded by the SDK. PublicKey []byte `min:"1" type:"blob"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateDataKeyPairOutput) SetCiphertextForRecipient(v []byte) *GenerateDataKeyPairOutput { + s.CiphertextForRecipient = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyPairOutput) SetKeyId(v string) *GenerateDataKeyPairOutput { s.KeyId = &v @@ -9728,32 +14723,49 @@ func (s *GenerateDataKeyPairOutput) SetPublicKey(v []byte) *GenerateDataKeyPairO type GenerateDataKeyPairWithoutPlaintextInput struct { _ struct{} `type:"structure"` + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + // Specifies the encryption context that will be used when encrypting the private // key in the data key pair. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the CMK that encrypts the private key in the data key pair. You - // must specify a symmetric CMK. You cannot use an asymmetric CMK or a CMK in - // a custom key store. To get the type and origin of your CMK, use the DescribeKey - // operation. + // Specifies the symmetric encryption KMS key that encrypts the private key + // in the data key pair. You cannot specify an asymmetric KMS key or a KMS key + // in a custom key store. To get the type and origin of your KMS key, use the + // DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -9765,29 +14777,38 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Determines the type of data key pair that is generated. // - // The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt - // and decrypt or to sign and verify (but not both), and the rule that permits - // you to use ECC CMKs only to sign and verify, are not effective outside of - // AWS KMS. + // The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to + // encrypt and decrypt or to sign and verify (but not both), and the rule that + // permits you to use ECC KMS keys only to sign and verify, are not effective + // on data key pairs, which are used outside of KMS. The SM2 key spec is only + // available in China Regions. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairWithoutPlaintextInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairWithoutPlaintextInput) GoString() string { return s.String() } @@ -9811,6 +14832,12 @@ func (s *GenerateDataKeyPairWithoutPlaintextInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *GenerateDataKeyPairWithoutPlaintextInput) SetDryRun(v bool) *GenerateDataKeyPairWithoutPlaintextInput { + s.DryRun = &v + return s +} + // SetEncryptionContext sets the EncryptionContext field's value. func (s *GenerateDataKeyPairWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairWithoutPlaintextInput { s.EncryptionContext = v @@ -9839,30 +14866,37 @@ type GenerateDataKeyPairWithoutPlaintextOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the private key. + // of the KMS key that encrypted the private key. KeyId *string `min:"1" type:"string"` // The type of data key pair that was generated. KeyPairSpec *string `type:"string" enum:"DataKeyPairSpec"` - // The encrypted copy of the private key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. - // + // The encrypted copy of the private key. When you use the HTTP API or the Amazon + // Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // PrivateKeyCiphertextBlob is automatically base64 encoded/decoded by the SDK. PrivateKeyCiphertextBlob []byte `min:"1" type:"blob"` - // The public key (in plaintext). - // + // The public key (in plaintext). When you use the HTTP API or the Amazon Web + // Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // PublicKey is automatically base64 encoded/decoded by the SDK. PublicKey []byte `min:"1" type:"blob"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairWithoutPlaintextOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyPairWithoutPlaintextOutput) GoString() string { return s.String() } @@ -9894,31 +14928,48 @@ func (s *GenerateDataKeyPairWithoutPlaintextOutput) SetPublicKey(v []byte) *Gene type GenerateDataKeyWithoutPlaintextInput struct { _ struct{} `type:"structure"` + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + // Specifies the encryption context that will be used when encrypting the data // key. // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // The identifier of the symmetric customer master key (CMK) that encrypts the - // data key. + // Specifies the symmetric encryption KMS key that encrypts the data key. You + // cannot specify an asymmetric KMS key or a KMS key in a custom key store. + // To get the type and origin of your KMS key, use the DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -9930,8 +14981,8 @@ type GenerateDataKeyWithoutPlaintextInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` @@ -9947,12 +14998,20 @@ type GenerateDataKeyWithoutPlaintextInput struct { NumberOfBytes *int64 `min:"1" type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyWithoutPlaintextInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyWithoutPlaintextInput) GoString() string { return s.String() } @@ -9976,6 +15035,12 @@ func (s *GenerateDataKeyWithoutPlaintextInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *GenerateDataKeyWithoutPlaintextInput) SetDryRun(v bool) *GenerateDataKeyWithoutPlaintextInput { + s.DryRun = &v + return s +} + // SetEncryptionContext sets the EncryptionContext field's value. func (s *GenerateDataKeyWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyWithoutPlaintextInput { s.EncryptionContext = v @@ -10009,23 +15074,30 @@ func (s *GenerateDataKeyWithoutPlaintextInput) SetNumberOfBytes(v int64) *Genera type GenerateDataKeyWithoutPlaintextOutput struct { _ struct{} `type:"structure"` - // The encrypted data key. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. - // + // The encrypted data key. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that encrypted the data key. + // of the KMS key that encrypted the data key. KeyId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyWithoutPlaintextOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateDataKeyWithoutPlaintextOutput) GoString() string { return s.String() } @@ -10042,24 +15114,235 @@ func (s *GenerateDataKeyWithoutPlaintextOutput) SetKeyId(v string) *GenerateData return s } +type GenerateMacInput struct { + _ struct{} `type:"structure"` + + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + + // A list of grant tokens. + // + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // The HMAC KMS key to use in the operation. The MAC algorithm computes the + // HMAC for the message and the key as described in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). + // + // To identify an HMAC KMS key, use the DescribeKey operation and see the KeySpec + // field in the response. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The MAC algorithm used in the operation. + // + // The algorithm must be compatible with the HMAC KMS key that you specify. + // To find the MAC algorithms that your HMAC KMS key supports, use the DescribeKey + // operation and see the MacAlgorithms field in the DescribeKey response. + // + // MacAlgorithm is a required field + MacAlgorithm *string `type:"string" required:"true" enum:"MacAlgorithmSpec"` + + // The message to be hashed. Specify a message of up to 4,096 bytes. + // + // GenerateMac and VerifyMac do not provide special handling for message digests. + // If you generate an HMAC for a hash digest of a message, you must verify the + // HMAC of the same hash digest. + // + // Message is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GenerateMacInput's + // String and GoString methods. + // + // Message is automatically base64 encoded/decoded by the SDK. + // + // Message is a required field + Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateMacInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateMacInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.MacAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("MacAlgorithm")) + } + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Message != nil && len(s.Message) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Message", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GenerateMacInput) SetDryRun(v bool) *GenerateMacInput { + s.DryRun = &v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *GenerateMacInput) SetGrantTokens(v []*string) *GenerateMacInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateMacInput) SetKeyId(v string) *GenerateMacInput { + s.KeyId = &v + return s +} + +// SetMacAlgorithm sets the MacAlgorithm field's value. +func (s *GenerateMacInput) SetMacAlgorithm(v string) *GenerateMacInput { + s.MacAlgorithm = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *GenerateMacInput) SetMessage(v []byte) *GenerateMacInput { + s.Message = v + return s +} + +type GenerateMacOutput struct { + _ struct{} `type:"structure"` + + // The HMAC KMS key used in the operation. + KeyId *string `min:"1" type:"string"` + + // The hash-based message authentication code (HMAC) that was generated for + // the specified message, HMAC KMS key, and MAC algorithm. + // + // This is the standard, raw HMAC defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). + // Mac is automatically base64 encoded/decoded by the SDK. + Mac []byte `min:"1" type:"blob"` + + // The MAC algorithm that was used to generate the HMAC. + MacAlgorithm *string `type:"string" enum:"MacAlgorithmSpec"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateMacOutput) SetKeyId(v string) *GenerateMacOutput { + s.KeyId = &v + return s +} + +// SetMac sets the Mac field's value. +func (s *GenerateMacOutput) SetMac(v []byte) *GenerateMacOutput { + s.Mac = v + return s +} + +// SetMacAlgorithm sets the MacAlgorithm field's value. +func (s *GenerateMacOutput) SetMacAlgorithm(v string) *GenerateMacOutput { + s.MacAlgorithm = &v + return s +} + type GenerateRandomInput struct { _ struct{} `type:"structure"` - // Generates the random byte string in the AWS CloudHSM cluster that is associated - // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). - // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. + // Generates the random byte string in the CloudHSM cluster that is associated + // with the specified CloudHSM key store. To find the ID of a custom key store, + // use the DescribeCustomKeyStores operation. + // + // External key store IDs are not valid for this parameter. If you specify the + // ID of an external key store, GenerateRandom throws an UnsupportedOperationException. CustomKeyStoreId *string `min:"1" type:"string"` - // The length of the byte string. + // The length of the random byte string. This parameter is required. NumberOfBytes *int64 `min:"1" type:"integer"` + + // A signed attestation document (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc) + // from an Amazon Web Services Nitro enclave and the encryption algorithm to + // use with the enclave's public key. The only valid encryption algorithm is + // RSAES_OAEP_SHA_256. + // + // This parameter only supports attestation documents for Amazon Web Services + // Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro + // Enclaves SDK (https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk) + // or any Amazon Web Services SDK. + // + // When you use this parameter, instead of returning plaintext bytes, KMS encrypts + // the plaintext bytes under the public key in the attestation document, and + // returns the resulting ciphertext in the CiphertextForRecipient field in the + // response. This ciphertext can be decrypted only with the private key in the + // enclave. The Plaintext field in the response is null or empty. + // + // For information about the interaction between KMS and Amazon Web Services + // Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + Recipient *RecipientInfo `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateRandomInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateRandomInput) GoString() string { return s.String() } @@ -10073,6 +15356,11 @@ func (s *GenerateRandomInput) Validate() error { if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } + if s.Recipient != nil { + if err := s.Recipient.Validate(); err != nil { + invalidParams.AddNested("Recipient", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -10092,26 +15380,66 @@ func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput { return s } +// SetRecipient sets the Recipient field's value. +func (s *GenerateRandomInput) SetRecipient(v *RecipientInfo) *GenerateRandomInput { + s.Recipient = v + return s +} + type GenerateRandomOutput struct { _ struct{} `type:"structure"` - // The random byte string. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. + // The plaintext random bytes encrypted with the public key from the Nitro enclave. + // This ciphertext can be decrypted only by using a private key in the Nitro + // enclave. + // + // This field is included in the response only when the Recipient parameter + // in the request includes a valid attestation document from an Amazon Web Services + // Nitro enclave. For information about the interaction between KMS and Amazon + // Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses + // KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) + // in the Key Management Service Developer Guide. + // CiphertextForRecipient is automatically base64 encoded/decoded by the SDK. + CiphertextForRecipient []byte `min:"1" type:"blob"` + + // The random byte string. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // + // If the response includes the CiphertextForRecipient field, the Plaintext + // field is null or empty. + // + // Plaintext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GenerateRandomOutput's + // String and GoString methods. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateRandomOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GenerateRandomOutput) GoString() string { return s.String() } +// SetCiphertextForRecipient sets the CiphertextForRecipient field's value. +func (s *GenerateRandomOutput) SetCiphertextForRecipient(v []byte) *GenerateRandomOutput { + s.CiphertextForRecipient = v + return s +} + // SetPlaintext sets the Plaintext field's value. func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { s.Plaintext = v @@ -10121,9 +15449,9 @@ func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { type GetKeyPolicyInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Gets the key policy for the specified KMS key. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -10131,24 +15459,31 @@ type GetKeyPolicyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // Specifies the name of the key policy. The only valid name is default. To - // get the names of key policies, use ListKeyPolicies. - // - // PolicyName is a required field - PolicyName *string `min:"1" type:"string" required:"true"` + // Specifies the name of the key policy. If no policy name is specified, the + // default value is default. The only valid name is default. To get the names + // of key policies, use ListKeyPolicies. + PolicyName *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyPolicyInput) GoString() string { return s.String() } @@ -10162,9 +15497,6 @@ func (s *GetKeyPolicyInput) Validate() error { if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } - if s.PolicyName == nil { - invalidParams.Add(request.NewErrParamRequired("PolicyName")) - } if s.PolicyName != nil && len(*s.PolicyName) < 1 { invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) } @@ -10192,14 +15524,25 @@ type GetKeyPolicyOutput struct { // A key policy document in JSON format. Policy *string `min:"1" type:"string"` + + // The name of the key policy. The only valid value is default. + PolicyName *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyPolicyOutput) GoString() string { return s.String() } @@ -10210,13 +15553,19 @@ func (s *GetKeyPolicyOutput) SetPolicy(v string) *GetKeyPolicyOutput { return s } +// SetPolicyName sets the PolicyName field's value. +func (s *GetKeyPolicyOutput) SetPolicyName(v string) *GetKeyPolicyOutput { + s.PolicyName = &v + return s +} + type GetKeyRotationStatusInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Gets the rotation status for the specified KMS key. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -10224,18 +15573,26 @@ type GetKeyRotationStatusInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyRotationStatusInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyRotationStatusInput) GoString() string { return s.String() } @@ -10265,33 +15622,87 @@ func (s *GetKeyRotationStatusInput) SetKeyId(v string) *GetKeyRotationStatusInpu type GetKeyRotationStatusOutput struct { _ struct{} `type:"structure"` + // Identifies the specified symmetric encryption KMS key. + KeyId *string `min:"1" type:"string"` + // A Boolean value that specifies whether key rotation is enabled. KeyRotationEnabled *bool `type:"boolean"` + + // The next date that KMS will automatically rotate the key material. + NextRotationDate *time.Time `type:"timestamp"` + + // Identifies the date and time that an in progress on-demand rotation was initiated. + // + // The KMS API follows an eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html) + // model due to the distributed nature of the system. As a result, there might + // be a slight delay between initiating on-demand key rotation and the rotation's + // completion. Once the on-demand rotation is complete, use ListKeyRotations + // to view the details of the on-demand rotation. + OnDemandRotationStartDate *time.Time `type:"timestamp"` + + // The number of days between each automatic rotation. The default value is + // 365 days. + RotationPeriodInDays *int64 `min:"90" type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyRotationStatusOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetKeyRotationStatusOutput) GoString() string { return s.String() } +// SetKeyId sets the KeyId field's value. +func (s *GetKeyRotationStatusOutput) SetKeyId(v string) *GetKeyRotationStatusOutput { + s.KeyId = &v + return s +} + // SetKeyRotationEnabled sets the KeyRotationEnabled field's value. func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotationStatusOutput { s.KeyRotationEnabled = &v return s } +// SetNextRotationDate sets the NextRotationDate field's value. +func (s *GetKeyRotationStatusOutput) SetNextRotationDate(v time.Time) *GetKeyRotationStatusOutput { + s.NextRotationDate = &v + return s +} + +// SetOnDemandRotationStartDate sets the OnDemandRotationStartDate field's value. +func (s *GetKeyRotationStatusOutput) SetOnDemandRotationStartDate(v time.Time) *GetKeyRotationStatusOutput { + s.OnDemandRotationStartDate = &v + return s +} + +// SetRotationPeriodInDays sets the RotationPeriodInDays field's value. +func (s *GetKeyRotationStatusOutput) SetRotationPeriodInDays(v int64) *GetKeyRotationStatusOutput { + s.RotationPeriodInDays = &v + return s +} + type GetParametersForImportInput struct { _ struct{} `type:"structure"` - // The identifier of the symmetric CMK into which you will import key material. - // The Origin of the CMK must be EXTERNAL. + // The identifier of the KMS key that will be associated with the imported key + // material. The Origin of the KMS key must be EXTERNAL. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // All KMS key types are supported, including multi-Region keys. However, you + // cannot import key material into a KMS key in a custom key store. + // + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -10299,32 +15710,74 @@ type GetParametersForImportInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The algorithm you will use to encrypt the key material before importing it - // with ImportKeyMaterial. For more information, see Encrypt the Key Material - // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) - // in the AWS Key Management Service Developer Guide. + // The algorithm you will use with the RSA public key (PublicKey) in the response + // to protect your key material during import. For more information, see Select + // a wrapping algorithm (kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm) + // in the Key Management Service Developer Guide. + // + // For RSA_AES wrapping algorithms, you encrypt your key material with an AES + // key that you generate, then encrypt your AES key with the RSA public key + // from KMS. For RSAES wrapping algorithms, you encrypt your key material directly + // with the RSA public key from KMS. + // + // The wrapping algorithms that you can use depend on the type of key material + // that you are importing. To import an RSA private key, you must use an RSA_AES + // wrapping algorithm. + // + // * RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key + // material. + // + // * RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material. + // + // * RSAES_OAEP_SHA_256 — Supported for all types of key material, except + // RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256 + // wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 + // key material. + // + // * RSAES_OAEP_SHA_1 — Supported for all types of key material, except + // RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping + // algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key + // material. + // + // * RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not + // support the RSAES_PKCS1_V1_5 wrapping algorithm. // // WrappingAlgorithm is a required field WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` - // The type of wrapping key (public key) to return in the response. Only 2048-bit - // RSA public keys are supported. + // The type of RSA public key to return in the response. You will use this wrapping + // key with the specified wrapping algorithm to protect your key material during + // import. + // + // Use the longest RSA wrapping key that is practical. + // + // You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private + // key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public + // key. // // WrappingKeySpec is a required field WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetParametersForImportInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetParametersForImportInput) GoString() string { return s.String() } @@ -10373,13 +15826,12 @@ type GetParametersForImportOutput struct { _ struct{} `type:"structure"` // The import token to send in a subsequent ImportKeyMaterial request. - // // ImportToken is automatically base64 encoded/decoded by the SDK. ImportToken []byte `min:"1" type:"blob"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK to use in a subsequent ImportKeyMaterial request. This is the - // same CMK specified in the GetParametersForImport request. + // of the KMS key to use in a subsequent ImportKeyMaterial request. This is + // the same KMS key specified in the GetParametersForImport request. KeyId *string `min:"1" type:"string"` // The time at which the import token and public key are no longer valid. After @@ -10390,16 +15842,28 @@ type GetParametersForImportOutput struct { // The public key to use to encrypt the key material before importing it with // ImportKeyMaterial. // + // PublicKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetParametersForImportOutput's + // String and GoString methods. + // // PublicKey is automatically base64 encoded/decoded by the SDK. PublicKey []byte `min:"1" type:"blob" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetParametersForImportOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetParametersForImportOutput) GoString() string { return s.String() } @@ -10433,15 +15897,19 @@ type GetPublicKeyInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Identifies the asymmetric CMK that includes the public key. + // Identifies the asymmetric KMS key that includes the public key. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -10453,19 +15921,27 @@ type GetPublicKeyInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicKeyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicKeyInput) GoString() string { return s.String() } @@ -10501,53 +15977,72 @@ func (s *GetPublicKeyInput) SetKeyId(v string) *GetPublicKeyInput { type GetPublicKeyOutput struct { _ struct{} `type:"structure"` - // The type of the of the public key that was downloaded. - CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` + // Instead, use the KeySpec field in the GetPublicKey response. + // + // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend + // that you use the KeySpec field in your code. However, to avoid breaking changes, + // KMS supports both fields. + // + // Deprecated: This field has been deprecated. Instead, use the KeySpec field. + CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` - // The encryption algorithms that AWS KMS supports for this key. + // The encryption algorithms that KMS supports for this key. // - // This information is critical. If a public key encrypts data outside of AWS - // KMS by using an unsupported encryption algorithm, the ciphertext cannot be - // decrypted. + // This information is critical. If a public key encrypts data outside of KMS + // by using an unsupported encryption algorithm, the ciphertext cannot be decrypted. // // This field appears in the response only when the KeyUsage of the public key // is ENCRYPT_DECRYPT. - EncryptionAlgorithms []*string `type:"list"` + EncryptionAlgorithms []*string `type:"list" enum:"EncryptionAlgorithmSpec"` + + // The key agreement algorithm used to derive a shared secret. This field is + // present only when the KMS key has a KeyUsage value of KEY_AGREEMENT. + KeyAgreementAlgorithms []*string `type:"list" enum:"KeyAgreementAlgorithmSpec"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the asymmetric CMK from which the public key was downloaded. + // of the asymmetric KMS key from which the public key was downloaded. KeyId *string `min:"1" type:"string"` - // The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or - // SIGN_VERIFY. + // The type of the of the public key that was downloaded. + KeySpec *string `type:"string" enum:"KeySpec"` + + // The permitted use of the public key. Valid values for asymmetric key pairs + // are ENCRYPT_DECRYPT, SIGN_VERIFY, and KEY_AGREEMENT. // - // This information is critical. If a public key with SIGN_VERIFY key usage - // encrypts data outside of AWS KMS, the ciphertext cannot be decrypted. + // This information is critical. For example, if a public key with SIGN_VERIFY + // key usage encrypts data outside of KMS, the ciphertext cannot be decrypted. KeyUsage *string `type:"string" enum:"KeyUsageType"` // The exported public key. // // The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo // (SPKI), as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). When - // you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, - // it is not Base64-encoded. - // + // you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. + // Otherwise, it is not Base64-encoded. // PublicKey is automatically base64 encoded/decoded by the SDK. PublicKey []byte `min:"1" type:"blob"` - // The signing algorithms that AWS KMS supports for this key. + // The signing algorithms that KMS supports for this key. // // This field appears in the response only when the KeyUsage of the public key // is SIGN_VERIFY. - SigningAlgorithms []*string `type:"list"` + SigningAlgorithms []*string `type:"list" enum:"SigningAlgorithmSpec"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicKeyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicKeyOutput) GoString() string { return s.String() } @@ -10564,12 +16059,24 @@ func (s *GetPublicKeyOutput) SetEncryptionAlgorithms(v []*string) *GetPublicKeyO return s } +// SetKeyAgreementAlgorithms sets the KeyAgreementAlgorithms field's value. +func (s *GetPublicKeyOutput) SetKeyAgreementAlgorithms(v []*string) *GetPublicKeyOutput { + s.KeyAgreementAlgorithms = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *GetPublicKeyOutput) SetKeyId(v string) *GetPublicKeyOutput { s.KeyId = &v return s } +// SetKeySpec sets the KeySpec field's value. +func (s *GetPublicKeyOutput) SetKeySpec(v string) *GetPublicKeyOutput { + s.KeySpec = &v + return s +} + // SetKeyUsage sets the KeyUsage field's value. func (s *GetPublicKeyOutput) SetKeyUsage(v string) *GetPublicKeyOutput { s.KeyUsage = &v @@ -10592,12 +16099,12 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp // in the grant only when the operation request includes the specified encryption // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). // -// AWS KMS applies the grant constraints only to cryptographic operations that -// support an encryption context, that is, all cryptographic operations with -// a symmetric CMK (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). +// KMS applies the grant constraints only to cryptographic operations that support +// an encryption context, that is, all cryptographic operations with a symmetric +// KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). // Grant constraints are not applied to operations that do not support an encryption -// context, such as cryptographic operations with asymmetric CMKs and management -// operations, such as DescribeKey or ScheduleKeyDeletion. +// context, such as cryptographic operations with asymmetric KMS keys and management +// operations, such as DescribeKey or RetireGrant. // // In a cryptographic operation, the encryption context in the decryption operation // must be an exact, case-sensitive match for the keys and values in the encryption @@ -10610,7 +16117,7 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp // only by case. To require a fully case-sensitive encryption context, use the // kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM // or key policy. For details, see kms:EncryptionContext: (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context) -// in the AWS Key Management Service Developer Guide . +// in the Key Management Service Developer Guide . type GrantConstraints struct { _ struct{} `type:"structure"` @@ -10628,12 +16135,20 @@ type GrantConstraints struct { EncryptionContextSubset map[string]*string `type:"map"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GrantConstraints) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GrantConstraints) GoString() string { return s.String() } @@ -10668,16 +16183,15 @@ type GrantListEntry struct { // // The GranteePrincipal field in the ListGrants response usually contains the // user or role designated as the grantee principal in the grant. However, when - // the grantee principal in the grant is an AWS service, the GranteePrincipal - // field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), + // the grantee principal in the grant is an Amazon Web Services service, the + // GranteePrincipal field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), // which might represent several different grantee principals. GranteePrincipal *string `min:"1" type:"string"` - // The AWS account under which the grant was issued. + // The Amazon Web Services account under which the grant was issued. IssuingAccount *string `min:"1" type:"string"` - // The unique identifier for the customer master key (CMK) to which the grant - // applies. + // The unique identifier for the KMS key to which the grant applies. KeyId *string `min:"1" type:"string"` // The friendly name that identifies the grant. If a name was provided in the @@ -10685,18 +16199,26 @@ type GrantListEntry struct { Name *string `min:"1" type:"string"` // The list of operations permitted by the grant. - Operations []*string `type:"list"` + Operations []*string `type:"list" enum:"GrantOperation"` // The principal that can retire the grant. RetiringPrincipal *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GrantListEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GrantListEntry) GoString() string { return s.String() } @@ -10759,34 +16281,47 @@ type ImportKeyMaterialInput struct { _ struct{} `type:"structure"` // The encrypted key material to import. The key material must be encrypted - // with the public wrapping key that GetParametersForImport returned, using + // under the public wrapping key that GetParametersForImport returned, using // the wrapping algorithm that you specified in the same GetParametersForImport // request. - // // EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK. // // EncryptedKeyMaterial is a required field EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` - // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES, - // in which case you must include the ValidTo parameter. When this parameter - // is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. + // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. + // For help with this choice, see Setting an expiration time (https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration) + // in the Key Management Service Developer Guide. + // + // When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify + // a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, + // you must omit the ValidTo parameter. + // + // You cannot change the ExpirationModel or ValidTo values for the current import + // after the request completes. To change either value, you must reimport the + // key material. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` // The import token that you received in the response to a previous GetParametersForImport // request. It must be from the same response that contained the public key // that you used to encrypt the key material. - // // ImportToken is automatically base64 encoded/decoded by the SDK. // // ImportToken is a required field ImportToken []byte `min:"1" type:"blob" required:"true"` - // The identifier of the symmetric CMK that receives the imported key material. - // The CMK's Origin must be EXTERNAL. This must be the same CMK specified in - // the KeyID parameter of the corresponding GetParametersForImport request. + // The identifier of the KMS key that will be associated with the imported key + // material. This must be the same KMS key specified in the KeyID parameter + // of the corresponding GetParametersForImport request. The Origin of the KMS + // key must be EXTERNAL and its KeyState must be PendingImport. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // The KMS key can be a symmetric encryption KMS key, HMAC KMS key, asymmetric + // encryption KMS key, or asymmetric signing KMS key, including a multi-Region + // key (kms/latest/developerguide/multi-region-keys-overview.html) of any supported + // type. You cannot perform this operation on a KMS key in a custom key store, + // or on a KMS key in a different Amazon Web Services account. + // + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -10794,24 +16329,42 @@ type ImportKeyMaterialInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The time at which the imported key material expires. When the key material - // expires, AWS KMS deletes the key material and the CMK becomes unusable. You - // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. - // Otherwise it is required. + // The date and time when the imported key material expires. This parameter + // is required when the value of the ExpirationModel parameter is KEY_MATERIAL_EXPIRES. + // Otherwise it is not valid. + // + // The value of this parameter must be a future date and time. The maximum value + // is 365 days from the request date. + // + // When the key material expires, KMS deletes the key material from the KMS + // key. Without its key material, the KMS key is unusable. To use the KMS key + // in cryptographic operations, you must reimport the same key material. + // + // You cannot change the ExpirationModel or ValidTo values for the current import + // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) + // and reimport the key material. ValidTo *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ImportKeyMaterialInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ImportKeyMaterialInput) GoString() string { return s.String() } @@ -10878,19 +16431,27 @@ type ImportKeyMaterialOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ImportKeyMaterialOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ImportKeyMaterialOutput) GoString() string { return s.String() } -// The request was rejected because the specified CMK cannot decrypt the data. -// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request -// must identify the same CMK that was used to encrypt the ciphertext. +// The request was rejected because the specified KMS key cannot decrypt the +// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same KMS key that was used to encrypt the ciphertext. type IncorrectKeyException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -10898,12 +16459,20 @@ type IncorrectKeyException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IncorrectKeyException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IncorrectKeyException) GoString() string { return s.String() } @@ -10948,7 +16517,7 @@ func (s *IncorrectKeyException) RequestID() string { // The request was rejected because the key material in the request is, expired, // invalid, or is not the same key material that was previously imported into -// this customer master key (CMK). +// this KMS key. type IncorrectKeyMaterialException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -10956,12 +16525,20 @@ type IncorrectKeyMaterialException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IncorrectKeyMaterialException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IncorrectKeyMaterialException) GoString() string { return s.String() } @@ -11005,9 +16582,10 @@ func (s *IncorrectKeyMaterialException) RequestID() string { } // The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified AWS CloudHSM cluster. +// to create an CloudHSM key store is not the trust anchor certificate for the +// specified CloudHSM cluster. // -// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. type IncorrectTrustAnchorException struct { @@ -11017,12 +16595,20 @@ type IncorrectTrustAnchorException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IncorrectTrustAnchorException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IncorrectTrustAnchorException) GoString() string { return s.String() } @@ -11074,12 +16660,20 @@ type InternalException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InternalException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InternalException) GoString() string { return s.String() } @@ -11130,12 +16724,20 @@ type InvalidAliasNameException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidAliasNameException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidAliasNameException) GoString() string { return s.String() } @@ -11187,12 +16789,20 @@ type InvalidArnException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidArnException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidArnException) GoString() string { return s.String() } @@ -11240,8 +16850,8 @@ func (s *InvalidArnException) RequestID() string { // the ciphertext, such as the encryption context, is corrupted, missing, or // otherwise invalid. // -// From the ImportKeyMaterial operation, the request was rejected because AWS -// KMS could not decrypt the encrypted (wrapped) key material. +// From the ImportKeyMaterial operation, the request was rejected because KMS +// could not decrypt the encrypted (wrapped) key material. type InvalidCiphertextException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -11249,12 +16859,20 @@ type InvalidCiphertextException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidCiphertextException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidCiphertextException) GoString() string { return s.String() } @@ -11305,12 +16923,20 @@ type InvalidGrantIdException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidGrantIdException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidGrantIdException) GoString() string { return s.String() } @@ -11361,12 +16987,20 @@ type InvalidGrantTokenException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidGrantTokenException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidGrantTokenException) GoString() string { return s.String() } @@ -11410,7 +17044,7 @@ func (s *InvalidGrantTokenException) RequestID() string { } // The request was rejected because the provided import token is invalid or -// is associated with a different customer master key (CMK). +// is associated with a different KMS key. type InvalidImportTokenException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -11418,12 +17052,20 @@ type InvalidImportTokenException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidImportTokenException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidImportTokenException) GoString() string { return s.String() } @@ -11468,17 +17110,20 @@ func (s *InvalidImportTokenException) RequestID() string { // The request was rejected for one of the following reasons: // -// * The KeyUsage value of the CMK is incompatible with the API operation. +// - The KeyUsage value of the KMS key is incompatible with the API operation. // -// * The encryption algorithm or signing algorithm specified for the operation -// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// - The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the -// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage -// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. -// -// To find the encryption or signing algorithms supported for a particular CMK, -// use the DescribeKey operation. +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the +// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication +// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key +// agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage +// of a KMS key, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular KMS +// key, use the DescribeKey operation. type InvalidKeyUsageException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -11486,12 +17131,20 @@ type InvalidKeyUsageException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidKeyUsageException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidKeyUsageException) GoString() string { return s.String() } @@ -11543,12 +17196,20 @@ type InvalidMarkerException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidMarkerException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidMarkerException) GoString() string { return s.String() } @@ -11594,9 +17255,17 @@ func (s *InvalidMarkerException) RequestID() string { // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. type InvalidStateException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -11604,12 +17273,20 @@ type InvalidStateException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidStateException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InvalidStateException) GoString() string { return s.String() } @@ -11652,9 +17329,75 @@ func (s *InvalidStateException) RequestID() string { return s.RespMetadata.RequestID } +// The request was rejected because the HMAC verification failed. HMAC verification +// fails when the HMAC computed by using the specified message, HMAC KMS key, +// and MAC algorithm does not match the HMAC specified in the request. +type KMSInvalidMacException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KMSInvalidMacException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KMSInvalidMacException) GoString() string { + return s.String() +} + +func newErrorKMSInvalidMacException(v protocol.ResponseMetadata) error { + return &KMSInvalidMacException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *KMSInvalidMacException) Code() string { + return "KMSInvalidMacException" +} + +// Message returns the exception's message. +func (s *KMSInvalidMacException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *KMSInvalidMacException) OrigErr() error { + return nil +} + +func (s *KMSInvalidMacException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *KMSInvalidMacException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *KMSInvalidMacException) RequestID() string { + return s.RespMetadata.RequestID +} + // The request was rejected because the signature verification failed. Signature // verification fails when it cannot confirm that signature was produced by -// signing the specified message with the specified CMK and signing algorithm. +// signing the specified message with the specified KMS key and signing algorithm. type KMSInvalidSignatureException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -11662,12 +17405,20 @@ type KMSInvalidSignatureException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KMSInvalidSignatureException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KMSInvalidSignatureException) GoString() string { return s.String() } @@ -11721,12 +17472,20 @@ type KeyListEntry struct { KeyId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyListEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyListEntry) GoString() string { return s.String() } @@ -11743,108 +17502,185 @@ func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry { return s } -// Contains metadata about a customer master key (CMK). +// Contains metadata about a KMS key. // -// This data type is used as a response element for the CreateKey and DescribeKey -// operations. +// This data type is used as a response element for the CreateKey, DescribeKey, +// and ReplicateKey operations. type KeyMetadata struct { _ struct{} `type:"structure"` - // The twelve-digit account ID of the AWS account that owns the CMK. + // The twelve-digit account ID of the Amazon Web Services account that owns + // the KMS key. AWSAccountId *string `type:"string"` - // The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management - // Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) - // in the Example ARNs section of the AWS General Reference. + // The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management + // Service (KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) + // in the Example ARNs section of the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` - // The cluster ID of the AWS CloudHSM cluster that contains the key material - // for the CMK. When you create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), - // AWS KMS creates the key material for the CMK in the associated AWS CloudHSM - // cluster. This value is present only when the CMK is created in a custom key + // The cluster ID of the CloudHSM cluster that contains the key material for + // the KMS key. When you create a KMS key in an CloudHSM custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), + // KMS creates the key material for the KMS key in the associated CloudHSM cluster. + // This field is present only when the KMS key is created in an CloudHSM key // store. CloudHsmClusterId *string `min:"19" type:"string"` - // The date and time when the CMK was created. + // The date and time when the KMS key was created. CreationDate *time.Time `type:"timestamp"` // A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // that contains the CMK. This value is present only when the CMK is created - // in a custom key store. + // that contains the KMS key. This field is present only when the KMS key is + // created in a custom key store. CustomKeyStoreId *string `min:"1" type:"string"` - // Describes the type of key material in the CMK. - CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` + // Instead, use the KeySpec field. + // + // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend + // that you use the KeySpec field in your code. However, to avoid breaking changes, + // KMS supports both fields. + // + // Deprecated: This field has been deprecated. Instead, use the KeySpec field. + CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` - // The date and time after which AWS KMS deletes the CMK. This value is present - // only when KeyState is PendingDeletion. + // The date and time after which KMS deletes this KMS key. This value is present + // only when the KMS key is scheduled for deletion, that is, when its KeyState + // is PendingDeletion. + // + // When the primary key in a multi-Region key is scheduled for deletion but + // still has replica keys, its key state is PendingReplicaDeletion and the length + // of its waiting period is displayed in the PendingDeletionWindowInDays field. DeletionDate *time.Time `type:"timestamp"` - // The description of the CMK. + // The description of the KMS key. Description *string `type:"string"` - // Specifies whether the CMK is enabled. When KeyState is Enabled this value + // Specifies whether the KMS key is enabled. When KeyState is Enabled this value // is true, otherwise it is false. Enabled *bool `type:"boolean"` - // The encryption algorithms that the CMK supports. You cannot use the CMK with - // other encryption algorithms within AWS KMS. + // The encryption algorithms that the KMS key supports. You cannot use the KMS + // key with other encryption algorithms within KMS. // - // This field appears only when the KeyUsage of the CMK is ENCRYPT_DECRYPT. - EncryptionAlgorithms []*string `type:"list"` + // This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT. + EncryptionAlgorithms []*string `type:"list" enum:"EncryptionAlgorithmSpec"` - // Specifies whether the CMK's key material expires. This value is present only - // when Origin is EXTERNAL, otherwise this value is omitted. + // Specifies whether the KMS key's key material expires. This value is present + // only when Origin is EXTERNAL, otherwise this value is omitted. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` - // The globally unique identifier for the CMK. + // The key agreement algorithm used to derive a shared secret. + KeyAgreementAlgorithms []*string `type:"list" enum:"KeyAgreementAlgorithmSpec"` + + // The globally unique identifier for the KMS key. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The manager of the CMK. CMKs in your AWS account are either customer managed - // or AWS managed. For more information about the difference, see Customer Master - // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) - // in the AWS Key Management Service Developer Guide. + // The manager of the KMS key. KMS keys in your Amazon Web Services account + // are either customer managed or Amazon Web Services managed. For more information + // about the difference, see KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) + // in the Key Management Service Developer Guide. KeyManager *string `type:"string" enum:"KeyManagerType"` - // The current status of the CMK. + // Describes the type of key material in the KMS key. + KeySpec *string `type:"string" enum:"KeySpec"` + + // The current status of the KMS key. // - // For more information about how key state affects the use of a CMK, see Key - // state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the AWS Key Management Service Developer Guide. + // For more information about how key state affects the use of a KMS key, see + // Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide. KeyState *string `type:"string" enum:"KeyState"` // The cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // for which you can use the CMK. + // for which you can use the KMS key. KeyUsage *string `type:"string" enum:"KeyUsageType"` - // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS - // created the key material. When this value is EXTERNAL, the key material was - // imported from your existing key management infrastructure or the CMK lacks - // key material. When this value is AWS_CLOUDHSM, the key material was created - // in the AWS CloudHSM cluster associated with a custom key store. + // The message authentication code (MAC) algorithm that the HMAC KMS key supports. + // + // This value is present only when the KeyUsage of the KMS key is GENERATE_VERIFY_MAC. + MacAlgorithms []*string `type:"list" enum:"MacAlgorithmSpec"` + + // Indicates whether the KMS key is a multi-Region (True) or regional (False) + // key. This value is True for multi-Region primary and replica keys and False + // for regional KMS keys. + // + // For more information about multi-Region keys, see Multi-Region keys in KMS + // (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) + // in the Key Management Service Developer Guide. + MultiRegion *bool `type:"boolean"` + + // Lists the primary and replica keys in same multi-Region key. This field is + // present only when the value of the MultiRegion field is True. + // + // For more information about any listed KMS key, use the DescribeKey operation. + // + // * MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA + // key. + // + // * PrimaryKey displays the key ARN and Region of the primary key. This + // field displays the current KMS key if it is the primary key. + // + // * ReplicaKeys displays the key ARNs and Regions of all replica keys. This + // field includes the current KMS key if it is a replica key. + MultiRegionConfiguration *MultiRegionConfiguration `type:"structure"` + + // The source of the key material for the KMS key. When this value is AWS_KMS, + // KMS created the key material. When this value is EXTERNAL, the key material + // was imported or the KMS key doesn't have any key material. When this value + // is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated + // with a custom key store. Origin *string `type:"string" enum:"OriginType"` - // The signing algorithms that the CMK supports. You cannot use the CMK with - // other signing algorithms within AWS KMS. + // The waiting period before the primary key in a multi-Region key is deleted. + // This waiting period begins when the last of its replica keys is deleted. + // This value is present only when the KeyState of the KMS key is PendingReplicaDeletion. + // That indicates that the KMS key is the primary key in a multi-Region key, + // it is scheduled for deletion, and it still has existing replica keys. + // + // When a single-Region KMS key or a multi-Region replica key is scheduled for + // deletion, its deletion date is displayed in the DeletionDate field. However, + // when the primary key in a multi-Region key is scheduled for deletion, its + // waiting period doesn't begin until all of its replica keys are deleted. This + // value displays that waiting period. When the last replica key in the multi-Region + // key is deleted, the KeyState of the scheduled primary key changes from PendingReplicaDeletion + // to PendingDeletion and the deletion date appears in the DeletionDate field. + PendingDeletionWindowInDays *int64 `min:"1" type:"integer"` + + // The signing algorithms that the KMS key supports. You cannot use the KMS + // key with other signing algorithms within KMS. // - // This field appears only when the KeyUsage of the CMK is SIGN_VERIFY. - SigningAlgorithms []*string `type:"list"` + // This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY. + SigningAlgorithms []*string `type:"list" enum:"SigningAlgorithmSpec"` // The time at which the imported key material expires. When the key material - // expires, AWS KMS deletes the key material and the CMK becomes unusable. This - // value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel + // expires, KMS deletes the key material and the KMS key becomes unusable. This + // value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. ValidTo *time.Time `type:"timestamp"` + + // Information about the external key that is associated with a KMS key in an + // external key store. + // + // For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) + // in the Key Management Service Developer Guide. + XksKeyConfiguration *XksKeyConfigurationType `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyMetadata) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyMetadata) GoString() string { return s.String() } @@ -11915,6 +17751,12 @@ func (s *KeyMetadata) SetExpirationModel(v string) *KeyMetadata { return s } +// SetKeyAgreementAlgorithms sets the KeyAgreementAlgorithms field's value. +func (s *KeyMetadata) SetKeyAgreementAlgorithms(v []*string) *KeyMetadata { + s.KeyAgreementAlgorithms = v + return s +} + // SetKeyId sets the KeyId field's value. func (s *KeyMetadata) SetKeyId(v string) *KeyMetadata { s.KeyId = &v @@ -11927,6 +17769,12 @@ func (s *KeyMetadata) SetKeyManager(v string) *KeyMetadata { return s } +// SetKeySpec sets the KeySpec field's value. +func (s *KeyMetadata) SetKeySpec(v string) *KeyMetadata { + s.KeySpec = &v + return s +} + // SetKeyState sets the KeyState field's value. func (s *KeyMetadata) SetKeyState(v string) *KeyMetadata { s.KeyState = &v @@ -11939,12 +17787,36 @@ func (s *KeyMetadata) SetKeyUsage(v string) *KeyMetadata { return s } +// SetMacAlgorithms sets the MacAlgorithms field's value. +func (s *KeyMetadata) SetMacAlgorithms(v []*string) *KeyMetadata { + s.MacAlgorithms = v + return s +} + +// SetMultiRegion sets the MultiRegion field's value. +func (s *KeyMetadata) SetMultiRegion(v bool) *KeyMetadata { + s.MultiRegion = &v + return s +} + +// SetMultiRegionConfiguration sets the MultiRegionConfiguration field's value. +func (s *KeyMetadata) SetMultiRegionConfiguration(v *MultiRegionConfiguration) *KeyMetadata { + s.MultiRegionConfiguration = v + return s +} + // SetOrigin sets the Origin field's value. func (s *KeyMetadata) SetOrigin(v string) *KeyMetadata { s.Origin = &v return s } +// SetPendingDeletionWindowInDays sets the PendingDeletionWindowInDays field's value. +func (s *KeyMetadata) SetPendingDeletionWindowInDays(v int64) *KeyMetadata { + s.PendingDeletionWindowInDays = &v + return s +} + // SetSigningAlgorithms sets the SigningAlgorithms field's value. func (s *KeyMetadata) SetSigningAlgorithms(v []*string) *KeyMetadata { s.SigningAlgorithms = v @@ -11957,8 +17829,14 @@ func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { return s } -// The request was rejected because the specified CMK was not available. You -// can retry the request. +// SetXksKeyConfiguration sets the XksKeyConfiguration field's value. +func (s *KeyMetadata) SetXksKeyConfiguration(v *XksKeyConfigurationType) *KeyMetadata { + s.XksKeyConfiguration = v + return s +} + +// The request was rejected because the specified KMS key was not available. +// You can retry the request. type KeyUnavailableException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -11966,12 +17844,20 @@ type KeyUnavailableException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyUnavailableException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyUnavailableException) GoString() string { return s.String() } @@ -12016,7 +17902,7 @@ func (s *KeyUnavailableException) RequestID() string { // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. +// in the Key Management Service Developer Guide. type LimitExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -12024,12 +17910,20 @@ type LimitExceededException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LimitExceededException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LimitExceededException) GoString() string { return s.String() } @@ -12075,16 +17969,25 @@ func (s *LimitExceededException) RequestID() string { type ListAliasesInput struct { _ struct{} `type:"structure"` - // Lists only aliases that refer to the specified CMK. The value of this parameter - // can be the ID or Amazon Resource Name (ARN) of a CMK in the caller's account - // and region. You cannot use an alias name or alias ARN in this value. + // Lists only aliases that are associated with the specified KMS key. Enter + // a KMS key in your Amazon Web Services account. // // This parameter is optional. If you omit it, ListAliases returns all aliases - // in the account and region. + // in the account and Region. + // + // Specify the key ID or key ARN of the KMS key. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. KeyId *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -12097,12 +18000,20 @@ type ListAliasesInput struct { Marker *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListAliasesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListAliasesInput) GoString() string { return s.String() } @@ -12156,17 +18067,25 @@ type ListAliasesOutput struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in thisresponse to the Marker parameter + // pass the value of the NextMarker element in this response to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListAliasesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListAliasesOutput) GoString() string { return s.String() } @@ -12192,10 +18111,18 @@ func (s *ListAliasesOutput) SetTruncated(v bool) *ListAliasesOutput { type ListGrantsInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Returns only the grant with the specified grant ID. The grant ID uniquely + // identifies the grant. + GrantId *string `min:"1" type:"string"` + + // Returns only grants where the specified principal is the grantee principal + // for the grant. + GranteePrincipal *string `min:"1" type:"string"` + + // Returns only grants for the specified KMS key. This parameter is required. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -12203,13 +18130,13 @@ type ListGrantsInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -12222,12 +18149,20 @@ type ListGrantsInput struct { Marker *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListGrantsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListGrantsInput) GoString() string { return s.String() } @@ -12235,6 +18170,12 @@ func (s ListGrantsInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ListGrantsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListGrantsInput"} + if s.GrantId != nil && len(*s.GrantId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) + } + if s.GranteePrincipal != nil && len(*s.GranteePrincipal) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GranteePrincipal", 1)) + } if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } @@ -12254,6 +18195,18 @@ func (s *ListGrantsInput) Validate() error { return nil } +// SetGrantId sets the GrantId field's value. +func (s *ListGrantsInput) SetGrantId(v string) *ListGrantsInput { + s.GrantId = &v + return s +} + +// SetGranteePrincipal sets the GranteePrincipal field's value. +func (s *ListGrantsInput) SetGranteePrincipal(v string) *ListGrantsInput { + s.GranteePrincipal = &v + return s +} + // SetKeyId sets the KeyId field's value. func (s *ListGrantsInput) SetKeyId(v string) *ListGrantsInput { s.KeyId = &v @@ -12284,17 +18237,25 @@ type ListGrantsResponse struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in thisresponse to the Marker parameter + // pass the value of the NextMarker element in this response to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListGrantsResponse) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListGrantsResponse) GoString() string { return s.String() } @@ -12320,9 +18281,9 @@ func (s *ListGrantsResponse) SetTruncated(v bool) *ListGrantsResponse { type ListKeyPoliciesInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Gets the names of key policies for the specified KMS key. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -12330,13 +18291,13 @@ type ListKeyPoliciesInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -12351,12 +18312,20 @@ type ListKeyPoliciesInput struct { Marker *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListKeyPoliciesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListKeyPoliciesInput) GoString() string { return s.String() } @@ -12413,17 +18382,25 @@ type ListKeyPoliciesOutput struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in thisresponse to the Marker parameter + // pass the value of the NextMarker element in this response to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListKeyPoliciesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListKeyPoliciesOutput) GoString() string { return s.String() } @@ -12446,11 +18423,26 @@ func (s *ListKeyPoliciesOutput) SetTruncated(v bool) *ListKeyPoliciesOutput { return s } -type ListKeysInput struct { +type ListKeyRotationsInput struct { _ struct{} `type:"structure"` + // Gets the key rotations for the specified KMS key. + // + // Specify the key ID or key ARN of the KMS key. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -12463,19 +18455,33 @@ type ListKeysInput struct { Marker *string `min:"1" type:"string"` } -// String returns the string representation -func (s ListKeysInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeyRotationsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListKeysInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeyRotationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ListKeysInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"} +func (s *ListKeyRotationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListKeyRotationsInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } @@ -12489,117 +18495,255 @@ func (s *ListKeysInput) Validate() error { return nil } +// SetKeyId sets the KeyId field's value. +func (s *ListKeyRotationsInput) SetKeyId(v string) *ListKeyRotationsInput { + s.KeyId = &v + return s +} + // SetLimit sets the Limit field's value. -func (s *ListKeysInput) SetLimit(v int64) *ListKeysInput { +func (s *ListKeyRotationsInput) SetLimit(v int64) *ListKeyRotationsInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. -func (s *ListKeysInput) SetMarker(v string) *ListKeysInput { +func (s *ListKeyRotationsInput) SetMarker(v string) *ListKeyRotationsInput { s.Marker = &v return s } -type ListKeysOutput struct { +type ListKeyRotationsOutput struct { _ struct{} `type:"structure"` - // A list of customer master keys (CMKs). - Keys []*KeyListEntry `type:"list"` - // When Truncated is true, this element is present and contains the value to // use for the Marker parameter in a subsequent request. NextMarker *string `min:"1" type:"string"` + // A list of completed key material rotations. + Rotations []*RotationsListEntry `type:"list"` + // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in thisresponse to the Marker parameter + // pass the value of the NextMarker element in this response to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } -// String returns the string representation -func (s ListKeysOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeyRotationsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListKeysOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeyRotationsOutput) GoString() string { return s.String() } -// SetKeys sets the Keys field's value. -func (s *ListKeysOutput) SetKeys(v []*KeyListEntry) *ListKeysOutput { - s.Keys = v +// SetNextMarker sets the NextMarker field's value. +func (s *ListKeyRotationsOutput) SetNextMarker(v string) *ListKeyRotationsOutput { + s.NextMarker = &v return s } -// SetNextMarker sets the NextMarker field's value. -func (s *ListKeysOutput) SetNextMarker(v string) *ListKeysOutput { - s.NextMarker = &v +// SetRotations sets the Rotations field's value. +func (s *ListKeyRotationsOutput) SetRotations(v []*RotationsListEntry) *ListKeyRotationsOutput { + s.Rotations = v return s } // SetTruncated sets the Truncated field's value. -func (s *ListKeysOutput) SetTruncated(v bool) *ListKeysOutput { +func (s *ListKeyRotationsOutput) SetTruncated(v bool) *ListKeyRotationsOutput { s.Truncated = &v return s } -type ListResourceTagsInput struct { +type ListKeysInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). - // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. - // - // For example: - // - // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab - // - // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab - // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. - // - // KeyId is a required field - KeyId *string `min:"1" type:"string" required:"true"` - // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and - // 50, inclusive. If you do not include a value, it defaults to 50. + // 1000, inclusive. If you do not include a value, it defaults to 100. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. - // - // Do not attempt to construct this value. Use only the value of NextMarker - // from the truncated response you just received. Marker *string `min:"1" type:"string"` } -// String returns the string representation -func (s ListResourceTagsInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ListResourceTagsInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ListResourceTagsInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListResourceTagsInput"} - if s.KeyId == nil { - invalidParams.Add(request.NewErrParamRequired("KeyId")) - } - if s.KeyId != nil && len(*s.KeyId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) - } +func (s *ListKeysInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *ListKeysInput) SetLimit(v int64) *ListKeysInput { + s.Limit = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *ListKeysInput) SetMarker(v string) *ListKeysInput { + s.Marker = &v + return s +} + +type ListKeysOutput struct { + _ struct{} `type:"structure"` + + // A list of KMS keys. + Keys []*KeyListEntry `type:"list"` + + // When Truncated is true, this element is present and contains the value to + // use for the Marker parameter in a subsequent request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. When this + // value is true, the list in this response is truncated. To get more items, + // pass the value of the NextMarker element in this response to the Marker parameter + // in a subsequent request. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysOutput) GoString() string { + return s.String() +} + +// SetKeys sets the Keys field's value. +func (s *ListKeysOutput) SetKeys(v []*KeyListEntry) *ListKeysOutput { + s.Keys = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *ListKeysOutput) SetNextMarker(v string) *ListKeysOutput { + s.NextMarker = &v + return s +} + +// SetTruncated sets the Truncated field's value. +func (s *ListKeysOutput) SetTruncated(v bool) *ListKeysOutput { + s.Truncated = &v + return s +} + +type ListResourceTagsInput struct { + _ struct{} `type:"structure"` + + // Gets tags on the specified KMS key. + // + // Specify the key ID or key ARN of the KMS key. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // Use this parameter to specify the maximum number of items to return. When + // this value is present, KMS does not return more than the specified number + // of items, but it might return fewer. + // + // This value is optional. If you include a value, it must be between 1 and + // 50, inclusive. If you do not include a value, it defaults to 50. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter in a subsequent request after you receive a response with + // truncated results. Set it to the value of NextMarker from the truncated response + // you just received. + // + // Do not attempt to construct this value. Use only the value of NextMarker + // from the truncated response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListResourceTagsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListResourceTagsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListResourceTagsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListResourceTagsInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } @@ -12641,21 +18785,33 @@ type ListResourceTagsOutput struct { NextMarker *string `min:"1" type:"string"` // A list of tags. Each tag consists of a tag key and a tag value. + // + // Tagging or untagging a KMS key can allow or deny permission to the KMS key. + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the Key Management Service Developer Guide. Tags []*Tag `type:"list"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in thisresponse to the Marker parameter + // pass the value of the NextMarker element in this response to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListResourceTagsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListResourceTagsOutput) GoString() string { return s.String() } @@ -12682,7 +18838,7 @@ type ListRetirableGrantsInput struct { _ struct{} `type:"structure"` // Use this parameter to specify the maximum number of items to return. When - // this value is present, AWS KMS does not return more than the specified number + // this value is present, KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and @@ -12694,25 +18850,33 @@ type ListRetirableGrantsInput struct { // you just received. Marker *string `min:"1" type:"string"` - // The retiring principal for which to list grants. + // The retiring principal for which to list grants. Enter a principal in your + // Amazon Web Services account. // // To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM - // users, federated users, and assumed role users. For examples of the ARN syntax - // for specifying a principal, see AWS Identity and Access Management (IAM) - // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) - // in the Example ARNs section of the Amazon Web Services General Reference. + // of an Amazon Web Services principal. Valid principals include Amazon Web + // Services accounts, IAM users, IAM roles, federated users, and assumed role + // users. For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) + // in the Identity and Access Management User Guide . // // RetiringPrincipal is a required field RetiringPrincipal *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListRetirableGrantsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListRetirableGrantsInput) GoString() string { return s.String() } @@ -12766,12 +18930,20 @@ type MalformedPolicyDocumentException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MalformedPolicyDocumentException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MalformedPolicyDocumentException) GoString() string { return s.String() } @@ -12814,6 +18986,103 @@ func (s *MalformedPolicyDocumentException) RequestID() string { return s.RespMetadata.RequestID } +// Describes the configuration of this multi-Region key. This field appears +// only when the KMS key is a primary or replica of a multi-Region key. +// +// For more information about any listed KMS key, use the DescribeKey operation. +type MultiRegionConfiguration struct { + _ struct{} `type:"structure"` + + // Indicates whether the KMS key is a PRIMARY or REPLICA key. + MultiRegionKeyType *string `type:"string" enum:"MultiRegionKeyType"` + + // Displays the key ARN and Region of the primary key. This field includes the + // current KMS key if it is the primary key. + PrimaryKey *MultiRegionKey `type:"structure"` + + // displays the key ARNs and Regions of all replica keys. This field includes + // the current KMS key if it is a replica key. + ReplicaKeys []*MultiRegionKey `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MultiRegionConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MultiRegionConfiguration) GoString() string { + return s.String() +} + +// SetMultiRegionKeyType sets the MultiRegionKeyType field's value. +func (s *MultiRegionConfiguration) SetMultiRegionKeyType(v string) *MultiRegionConfiguration { + s.MultiRegionKeyType = &v + return s +} + +// SetPrimaryKey sets the PrimaryKey field's value. +func (s *MultiRegionConfiguration) SetPrimaryKey(v *MultiRegionKey) *MultiRegionConfiguration { + s.PrimaryKey = v + return s +} + +// SetReplicaKeys sets the ReplicaKeys field's value. +func (s *MultiRegionConfiguration) SetReplicaKeys(v []*MultiRegionKey) *MultiRegionConfiguration { + s.ReplicaKeys = v + return s +} + +// Describes the primary or replica key in a multi-Region key. +type MultiRegionKey struct { + _ struct{} `type:"structure"` + + // Displays the key ARN of a primary or replica key of a multi-Region key. + Arn *string `min:"20" type:"string"` + + // Displays the Amazon Web Services Region of a primary or replica key in a + // multi-Region key. + Region *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MultiRegionKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MultiRegionKey) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *MultiRegionKey) SetArn(v string) *MultiRegionKey { + s.Arn = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *MultiRegionKey) SetRegion(v string) *MultiRegionKey { + s.Region = &v + return s +} + // The request was rejected because the specified entity or resource could not // be found. type NotFoundException struct { @@ -12823,12 +19092,20 @@ type NotFoundException struct { Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotFoundException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotFoundException) GoString() string { return s.String() } @@ -12874,23 +19151,23 @@ func (s *NotFoundException) RequestID() string { type PutKeyPolicyInput struct { _ struct{} `type:"structure"` - // A flag to indicate whether to bypass the key policy lockout safety check. + // Skips ("bypasses") the key policy lockout safety check. The default value + // is false. // - // Setting this value to true increases the risk that the CMK becomes unmanageable. + // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // - // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the AWS Key Management Service Developer Guide. + // For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is - // making the request from making a subsequent PutKeyPolicy request on the CMK. - // - // The default value is false. + // making the request from making a subsequent PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) + // request on the KMS key. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // A unique identifier for the customer master key (CMK). + // Sets the key policy on the specified KMS key. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -12898,50 +19175,68 @@ type PutKeyPolicyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The key policy to attach to the CMK. + // The key policy to attach to the KMS key. // // The key policy must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy - // must allow the principal that is making the PutKeyPolicy request to make - // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that - // the CMK becomes unmanageable. For more information, refer to the scenario - // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the AWS Key Management Service Developer Guide. + // * The key policy must allow the calling principal to make a subsequent + // PutKeyPolicy request on the KMS key. This reduces the risk that the KMS + // key becomes unmanageable. For more information, see Default key policy + // (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. (To omit this condition, + // set BypassPolicyLockoutSafetyCheck to true.) // // * Each statement in the key policy must contain one or more principals. - // The principals in the key policy must exist and be visible to AWS KMS. - // When you create a new AWS principal (for example, an IAM user or role), - // you might need to enforce a delay before including the new principal in - // a key policy because the new principal might not be immediately visible - // to AWS KMS. For more information, see Changes that I make are not always - // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) - // in the AWS Identity and Access Management User Guide. - // - // The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, - // see Resource Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html) - // in the AWS Key Management Service Developer Guide. + // The principals in the key policy must exist and be visible to KMS. When + // you create a new Amazon Web Services principal, you might need to enforce + // a delay before including the new principal in a key policy because the + // new principal might not be immediately visible to KMS. For more information, + // see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the Amazon Web Services Identity and Access Management User Guide. + // + // A key policy document can include only the following characters: + // + // * Printable ASCII characters from the space character (\u0020) through + // the end of the ASCII character range. + // + // * Printable characters in the Basic Latin and Latin-1 Supplement character + // set (through \u00FF). + // + // * The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special + // characters + // + // For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) + // in the Key Management Service Developer Guide.For help writing and formatting + // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) + // in the Identity and Access Management User Guide . // // Policy is a required field Policy *string `min:"1" type:"string" required:"true"` - // The name of the key policy. The only valid value is default. - // - // PolicyName is a required field - PolicyName *string `min:"1" type:"string" required:"true"` + // The name of the key policy. If no policy name is specified, the default value + // is default. The only valid value is default. + PolicyName *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutKeyPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutKeyPolicyInput) GoString() string { return s.String() } @@ -12961,9 +19256,6 @@ func (s *PutKeyPolicyInput) Validate() error { if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } - if s.PolicyName == nil { - invalidParams.Add(request.NewErrParamRequired("PolicyName")) - } if s.PolicyName != nil && len(*s.PolicyName) < 1 { invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) } @@ -13002,12 +19294,20 @@ type PutKeyPolicyOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutKeyPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutKeyPolicyOutput) GoString() string { return s.String() } @@ -13016,43 +19316,49 @@ type ReEncryptInput struct { _ struct{} `type:"structure"` // Ciphertext of the data to reencrypt. - // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. // // CiphertextBlob is a required field CiphertextBlob []byte `min:"1" type:"blob" required:"true"` - // Specifies the encryption algorithm that AWS KMS will use to reecrypt the - // data after it has decrypted it. The default value, SYMMETRIC_DEFAULT, represents - // the encryption algorithm used for symmetric CMKs. + // Specifies the encryption algorithm that KMS will use to reecrypt the data + // after it has decrypted it. The default value, SYMMETRIC_DEFAULT, represents + // the encryption algorithm used for symmetric encryption KMS keys. // - // This parameter is required only when the destination CMK is an asymmetric - // CMK. + // This parameter is required only when the destination KMS key is an asymmetric + // KMS key. DestinationEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies that encryption context to use when the reencrypting the data. // - // A destination encryption context is valid only when the destination CMK is - // a symmetric CMK. The standard ciphertext format for asymmetric CMKs does - // not include fields for metadata. + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // A destination encryption context is valid only when the destination KMS key + // is a symmetric encryption KMS key. The standard ciphertext format for asymmetric + // KMS keys does not include fields for metadata. // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. DestinationEncryptionContext map[string]*string `type:"map"` - // A unique identifier for the CMK that is used to reencrypt the data. Specify - // a symmetric or asymmetric CMK with a KeyUsage value of ENCRYPT_DECRYPT. To - // find the KeyUsage value of a CMK, use the DescribeKey operation. + // A unique identifier for the KMS key that is used to reencrypt the data. Specify + // a symmetric encryption KMS key or an asymmetric KMS key with a KeyUsage value + // of ENCRYPT_DECRYPT. To find the KeyUsage value of a KMS key, use the DescribeKey + // operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -13064,56 +19370,70 @@ type ReEncryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // DestinationKeyId is a required field DestinationKeyId *string `min:"1" type:"string" required:"true"` + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext + // Specifies the encryption algorithm that KMS will use to decrypt the ciphertext // before it is reencrypted. The default value, SYMMETRIC_DEFAULT, represents - // the algorithm used for symmetric CMKs. + // the algorithm used for symmetric encryption KMS keys. // // Specify the same algorithm that was used to encrypt the ciphertext. If you // specify a different algorithm, the decrypt attempt fails. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. + // asymmetric KMS key. SourceEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context to use to decrypt the ciphertext. Enter // the same encryption context that was used to encrypt the ciphertext. // // An encryption context is a collection of non-secret key-value pairs that - // represents additional authenticated data. When you use an encryption context + // represent additional authenticated data. When you use an encryption context // to encrypt data, you must specify the same (an exact case-sensitive match) - // encryption context to decrypt the data. An encryption context is optional - // when encrypting with a symmetric CMK, but it is highly recommended. + // encryption context to decrypt the data. An encryption context is supported + // only on operations with symmetric encryption KMS keys. On operations with + // symmetric encryption KMS keys, an encryption context is optional, but it + // is strongly recommended. // - // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide. + // For more information, see Encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Key Management Service Developer Guide. SourceEncryptionContext map[string]*string `type:"map"` - // A unique identifier for the CMK that is used to decrypt the ciphertext before - // it reencrypts it using the destination CMK. + // Specifies the KMS key that KMS will use to decrypt the ciphertext before + // it is re-encrypted. // - // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. Otherwise, AWS KMS uses the metadata that it adds to the - // ciphertext blob to determine which CMK was used to encrypt the ciphertext. - // However, you can use this parameter to ensure that a particular CMK (of any - // kind) is used to decrypt the ciphertext before it is reencrypted. + // Enter a key ID of the KMS key that was used to encrypt the ciphertext. If + // you identify a different KMS key, the ReEncrypt operation throws an IncorrectKeyException. // - // If you specify a KeyId value, the decrypt part of the ReEncrypt operation - // succeeds only if the specified CMK was used to encrypt the ciphertext. + // This parameter is required only when the ciphertext was encrypted under an + // asymmetric KMS key. If you used a symmetric encryption KMS key, KMS can get + // the KMS key from metadata that it adds to the symmetric ciphertext blob. + // However, it is always recommended as a best practice. This practice ensures + // that you use the KMS key that you intend. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -13125,17 +19445,25 @@ type ReEncryptInput struct { // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. SourceKeyId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReEncryptInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReEncryptInput) GoString() string { return s.String() } @@ -13189,6 +19517,12 @@ func (s *ReEncryptInput) SetDestinationKeyId(v string) *ReEncryptInput { return s } +// SetDryRun sets the DryRun field's value. +func (s *ReEncryptInput) SetDryRun(v bool) *ReEncryptInput { + s.DryRun = &v + return s +} + // SetGrantTokens sets the GrantTokens field's value. func (s *ReEncryptInput) SetGrantTokens(v []*string) *ReEncryptInput { s.GrantTokens = v @@ -13216,9 +19550,8 @@ func (s *ReEncryptInput) SetSourceKeyId(v string) *ReEncryptInput { type ReEncryptOutput struct { _ struct{} `type:"structure"` - // The reencrypted data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not Base64-encoded. - // + // The reencrypted data. When you use the HTTP API or the Amazon Web Services + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -13226,23 +19559,31 @@ type ReEncryptOutput struct { DestinationEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK that was used to reencrypt the data. + // of the KMS key that was used to reencrypt the data. KeyId *string `min:"1" type:"string"` // The encryption algorithm that was used to decrypt the ciphertext before it // was reencrypted. SourceEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` - // Unique identifier of the CMK used to originally encrypt the data. + // Unique identifier of the KMS key used to originally encrypt the data. SourceKeyId *string `min:"1" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReEncryptOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReEncryptOutput) GoString() string { return s.String() } @@ -13277,45 +19618,51 @@ func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { return s } -type RetireGrantInput struct { +// Contains information about the party that receives the response from the +// API operation. +// +// This data type is designed to support Amazon Web Services Nitro Enclaves, +// which lets you create an isolated compute environment in Amazon EC2. For +// information about the interaction between KMS and Amazon Web Services Nitro +// Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS (https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html) +// in the Key Management Service Developer Guide. +type RecipientInfo struct { _ struct{} `type:"structure"` - // Unique identifier of the grant to retire. The grant ID is returned in the - // response to a CreateGrant operation. - // - // * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 - GrantId *string `min:"1" type:"string"` - - // Token that identifies the grant to be retired. - GrantToken *string `min:"1" type:"string"` + // The attestation document for an Amazon Web Services Nitro Enclave. This document + // includes the enclave's public key. + // AttestationDocument is automatically base64 encoded/decoded by the SDK. + AttestationDocument []byte `min:"1" type:"blob"` - // The Amazon Resource Name (ARN) of the CMK associated with the grant. - // - // For example: arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab - KeyId *string `min:"1" type:"string"` + // The encryption algorithm that KMS should use with the public key for an Amazon + // Web Services Nitro Enclave to encrypt plaintext values for the response. + // The only valid value is RSAES_OAEP_SHA_256. + KeyEncryptionAlgorithm *string `type:"string" enum:"KeyEncryptionMechanism"` } -// String returns the string representation -func (s RetireGrantInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecipientInfo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s RetireGrantInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecipientInfo) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *RetireGrantInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "RetireGrantInput"} - if s.GrantId != nil && len(*s.GrantId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) - } - if s.GrantToken != nil && len(*s.GrantToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("GrantToken", 1)) - } - if s.KeyId != nil && len(*s.KeyId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) +func (s *RecipientInfo) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RecipientInfo"} + if s.AttestationDocument != nil && len(s.AttestationDocument) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AttestationDocument", 1)) } if invalidParams.Len() > 0 { @@ -13324,88 +19671,209 @@ func (s *RetireGrantInput) Validate() error { return nil } -// SetGrantId sets the GrantId field's value. -func (s *RetireGrantInput) SetGrantId(v string) *RetireGrantInput { - s.GrantId = &v - return s -} - -// SetGrantToken sets the GrantToken field's value. -func (s *RetireGrantInput) SetGrantToken(v string) *RetireGrantInput { - s.GrantToken = &v +// SetAttestationDocument sets the AttestationDocument field's value. +func (s *RecipientInfo) SetAttestationDocument(v []byte) *RecipientInfo { + s.AttestationDocument = v return s } -// SetKeyId sets the KeyId field's value. -func (s *RetireGrantInput) SetKeyId(v string) *RetireGrantInput { - s.KeyId = &v +// SetKeyEncryptionAlgorithm sets the KeyEncryptionAlgorithm field's value. +func (s *RecipientInfo) SetKeyEncryptionAlgorithm(v string) *RecipientInfo { + s.KeyEncryptionAlgorithm = &v return s } -type RetireGrantOutput struct { - _ struct{} `type:"structure"` -} - -// String returns the string representation -func (s RetireGrantOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s RetireGrantOutput) GoString() string { - return s.String() -} - -type RevokeGrantInput struct { +type ReplicateKeyInput struct { _ struct{} `type:"structure"` - // Identifier of the grant to be revoked. + // Skips ("bypasses") the key policy lockout safety check. The default value + // is false. // - // GrantId is a required field - GrantId *string `min:"1" type:"string" required:"true"` - - // A unique identifier for the customer master key associated with the grant. + // Setting this value to true increases the risk that the KMS key becomes unmanageable. + // Do not set this value to true indiscriminately. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. + // + // Use this parameter only when you intend to prevent the principal that is + // making the request from making a subsequent PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) + // request on the KMS key. + BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` + + // A description of the KMS key. The default value is an empty string (no description). + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // The description is not a shared property of multi-Region keys. You can specify + // the same description or a different description for each key in a set of + // related multi-Region keys. KMS does not synchronize this property. + Description *string `type:"string"` + + // Identifies the multi-Region primary key that is being replicated. To determine + // whether a KMS key is a multi-Region primary key, use the DescribeKey operation + // to check the value of the MultiRegionKeyType property. + // + // Specify the key ID or key ARN of a multi-Region primary key. // // For example: // - // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // * Key ID: mrk-1234abcd12ab34cd56ef1234567890ab // - // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` + + // The key policy to attach to the KMS key. This parameter is optional. If you + // do not provide a key policy, KMS attaches the default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // to the KMS key. + // + // The key policy is not a shared property of multi-Region keys. You can specify + // the same key policy or a different key policy for each key in a set of related + // multi-Region keys. KMS does not synchronize this property. + // + // If you provide a key policy, it must meet the following criteria: + // + // * The key policy must allow the calling principal to make a subsequent + // PutKeyPolicy request on the KMS key. This reduces the risk that the KMS + // key becomes unmanageable. For more information, see Default key policy + // (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) + // in the Key Management Service Developer Guide. (To omit this condition, + // set BypassPolicyLockoutSafetyCheck to true.) + // + // * Each statement in the key policy must contain one or more principals. + // The principals in the key policy must exist and be visible to KMS. When + // you create a new Amazon Web Services principal, you might need to enforce + // a delay before including the new principal in a key policy because the + // new principal might not be immediately visible to KMS. For more information, + // see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the Amazon Web Services Identity and Access Management User Guide. + // + // A key policy document can include only the following characters: + // + // * Printable ASCII characters from the space character (\u0020) through + // the end of the ASCII character range. + // + // * Printable characters in the Basic Latin and Latin-1 Supplement character + // set (through \u00FF). + // + // * The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special + // characters + // + // For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) + // in the Key Management Service Developer Guide. For help writing and formatting + // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) + // in the Identity and Access Management User Guide . + Policy *string `min:"1" type:"string"` + + // The Region ID of the Amazon Web Services Region for this replica key. + // + // Enter the Region ID, such as us-east-1 or ap-southeast-2. For a list of Amazon + // Web Services Regions in which KMS is supported, see KMS service endpoints + // (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) in the + // Amazon Web Services General Reference. + // + // HMAC KMS keys are not supported in all Amazon Web Services Regions. If you + // try to replicate an HMAC KMS key in an Amazon Web Services Region in which + // HMAC keys are not supported, the ReplicateKey operation returns an UnsupportedOperationException. + // For a list of Regions in which HMAC KMS keys are supported, see HMAC keys + // in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) + // in the Key Management Service Developer Guide. + // + // The replica must be in a different Amazon Web Services Region than its primary + // key and other replicas of that primary key, but in the same Amazon Web Services + // partition. KMS must be available in the replica Region. If the Region is + // not enabled by default, the Amazon Web Services account must be enabled in + // the Region. For information about Amazon Web Services partitions, see Amazon + // Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. For information about enabling + // and disabling Regions, see Enabling a Region (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable) + // and Disabling a Region (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable) + // in the Amazon Web Services General Reference. + // + // ReplicaRegion is a required field + ReplicaRegion *string `min:"1" type:"string" required:"true"` + + // Assigns one or more tags to the replica key. Use this parameter to tag the + // KMS key when it is created. To tag an existing KMS key, use the TagResource + // operation. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // Tagging or untagging a KMS key can allow or deny permission to the KMS key. + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the Key Management Service Developer Guide. + // + // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) + // permission in an IAM policy. + // + // Tags are not a shared property of multi-Region keys. You can specify the + // same tags or different tags for each key in a set of related multi-Region + // keys. KMS does not synchronize this property. + // + // Each tag consists of a tag key and a tag value. Both the tag key and the + // tag value are required, but the tag value can be an empty (null) string. + // You cannot have more than one tag on a KMS key with the same tag key. If + // you specify an existing tag key with a different tag value, KMS replaces + // the current tag value with the specified one. + // + // When you add tags to an Amazon Web Services resource, Amazon Web Services + // generates a cost allocation report with usage and costs aggregated by tags. + // Tags can also be used to control access to a KMS key. For details, see Tagging + // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). + Tags []*Tag `type:"list"` } -// String returns the string representation -func (s RevokeGrantInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateKeyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s RevokeGrantInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateKeyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *RevokeGrantInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "RevokeGrantInput"} - if s.GrantId == nil { - invalidParams.Add(request.NewErrParamRequired("GrantId")) - } - if s.GrantId != nil && len(*s.GrantId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) - } +func (s *ReplicateKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReplicateKeyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } + if s.Policy != nil && len(*s.Policy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) + } + if s.ReplicaRegion == nil { + invalidParams.Add(request.NewErrParamRequired("ReplicaRegion")) + } + if s.ReplicaRegion != nil && len(*s.ReplicaRegion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ReplicaRegion", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -13413,80 +19881,159 @@ func (s *RevokeGrantInput) Validate() error { return nil } -// SetGrantId sets the GrantId field's value. -func (s *RevokeGrantInput) SetGrantId(v string) *RevokeGrantInput { - s.GrantId = &v +// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. +func (s *ReplicateKeyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *ReplicateKeyInput { + s.BypassPolicyLockoutSafetyCheck = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ReplicateKeyInput) SetDescription(v string) *ReplicateKeyInput { + s.Description = &v return s } // SetKeyId sets the KeyId field's value. -func (s *RevokeGrantInput) SetKeyId(v string) *RevokeGrantInput { +func (s *ReplicateKeyInput) SetKeyId(v string) *ReplicateKeyInput { s.KeyId = &v return s } -type RevokeGrantOutput struct { +// SetPolicy sets the Policy field's value. +func (s *ReplicateKeyInput) SetPolicy(v string) *ReplicateKeyInput { + s.Policy = &v + return s +} + +// SetReplicaRegion sets the ReplicaRegion field's value. +func (s *ReplicateKeyInput) SetReplicaRegion(v string) *ReplicateKeyInput { + s.ReplicaRegion = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *ReplicateKeyInput) SetTags(v []*Tag) *ReplicateKeyInput { + s.Tags = v + return s +} + +type ReplicateKeyOutput struct { _ struct{} `type:"structure"` + + // Displays details about the new replica key, including its Amazon Resource + // Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) + // and Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). + // It also includes the ARN and Amazon Web Services Region of its primary key + // and other replica keys. + ReplicaKeyMetadata *KeyMetadata `type:"structure"` + + // The key policy of the new replica key. The value is a key policy document + // in JSON format. + ReplicaPolicy *string `min:"1" type:"string"` + + // The tags on the new replica key. The value is a list of tag key and tag value + // pairs. + ReplicaTags []*Tag `type:"list"` } -// String returns the string representation -func (s RevokeGrantOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateKeyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s RevokeGrantOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateKeyOutput) GoString() string { return s.String() } -type ScheduleKeyDeletionInput struct { +// SetReplicaKeyMetadata sets the ReplicaKeyMetadata field's value. +func (s *ReplicateKeyOutput) SetReplicaKeyMetadata(v *KeyMetadata) *ReplicateKeyOutput { + s.ReplicaKeyMetadata = v + return s +} + +// SetReplicaPolicy sets the ReplicaPolicy field's value. +func (s *ReplicateKeyOutput) SetReplicaPolicy(v string) *ReplicateKeyOutput { + s.ReplicaPolicy = &v + return s +} + +// SetReplicaTags sets the ReplicaTags field's value. +func (s *ReplicateKeyOutput) SetReplicaTags(v []*Tag) *ReplicateKeyOutput { + s.ReplicaTags = v + return s +} + +type RetireGrantInput struct { _ struct{} `type:"structure"` - // The unique identifier of the customer master key (CMK) to delete. - // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Checks if your request will succeed. DryRun is an optional parameter. // - // For example: - // - // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab - // - // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + + // Identifies the grant to retire. To get the grant ID, use CreateGrant, ListGrants, + // or ListRetirableGrants. // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 + GrantId *string `min:"1" type:"string"` + + // Identifies the grant to be retired. You can use a grant token to identify + // a new grant even before it has achieved eventual consistency. // - // KeyId is a required field - KeyId *string `min:"1" type:"string" required:"true"` + // Only the CreateGrant operation returns a grant token. For details, see Grant + // token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency) + // in the Key Management Service Developer Guide. + GrantToken *string `min:"1" type:"string"` - // The waiting period, specified in number of days. After the waiting period - // ends, AWS KMS deletes the customer master key (CMK). + // The key ARN KMS key associated with the grant. To find the key ARN, use the + // ListKeys operation. // - // This value is optional. If you include a value, it must be between 7 and - // 30, inclusive. If you do not include a value, it defaults to 30. - PendingWindowInDays *int64 `min:"1" type:"integer"` + // For example: arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab + KeyId *string `min:"1" type:"string"` } -// String returns the string representation -func (s ScheduleKeyDeletionInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RetireGrantInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s ScheduleKeyDeletionInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RetireGrantInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ScheduleKeyDeletionInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ScheduleKeyDeletionInput"} - if s.KeyId == nil { - invalidParams.Add(request.NewErrParamRequired("KeyId")) +func (s *RetireGrantInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RetireGrantInput"} + if s.GrantId != nil && len(*s.GrantId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) + } + if s.GrantToken != nil && len(*s.GrantToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantToken", 1)) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } - if s.PendingWindowInDays != nil && *s.PendingWindowInDays < 1 { - invalidParams.Add(request.NewErrParamMinValue("PendingWindowInDays", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -13494,67 +20041,73 @@ func (s *ScheduleKeyDeletionInput) Validate() error { return nil } -// SetKeyId sets the KeyId field's value. -func (s *ScheduleKeyDeletionInput) SetKeyId(v string) *ScheduleKeyDeletionInput { - s.KeyId = &v +// SetDryRun sets the DryRun field's value. +func (s *RetireGrantInput) SetDryRun(v bool) *RetireGrantInput { + s.DryRun = &v return s } -// SetPendingWindowInDays sets the PendingWindowInDays field's value. -func (s *ScheduleKeyDeletionInput) SetPendingWindowInDays(v int64) *ScheduleKeyDeletionInput { - s.PendingWindowInDays = &v +// SetGrantId sets the GrantId field's value. +func (s *RetireGrantInput) SetGrantId(v string) *RetireGrantInput { + s.GrantId = &v return s } -type ScheduleKeyDeletionOutput struct { - _ struct{} `type:"structure"` - - // The date and time after which AWS KMS deletes the customer master key (CMK). - DeletionDate *time.Time `type:"timestamp"` - - // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the CMK whose deletion is scheduled. - KeyId *string `min:"1" type:"string"` +// SetGrantToken sets the GrantToken field's value. +func (s *RetireGrantInput) SetGrantToken(v string) *RetireGrantInput { + s.GrantToken = &v + return s } -// String returns the string representation -func (s ScheduleKeyDeletionOutput) String() string { - return awsutil.Prettify(s) +// SetKeyId sets the KeyId field's value. +func (s *RetireGrantInput) SetKeyId(v string) *RetireGrantInput { + s.KeyId = &v + return s } -// GoString returns the string representation -func (s ScheduleKeyDeletionOutput) GoString() string { - return s.String() +type RetireGrantOutput struct { + _ struct{} `type:"structure"` } -// SetDeletionDate sets the DeletionDate field's value. -func (s *ScheduleKeyDeletionOutput) SetDeletionDate(v time.Time) *ScheduleKeyDeletionOutput { - s.DeletionDate = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RetireGrantOutput) String() string { + return awsutil.Prettify(s) } -// SetKeyId sets the KeyId field's value. -func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutput { - s.KeyId = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RetireGrantOutput) GoString() string { + return s.String() } -type SignInput struct { +type RevokeGrantInput struct { _ struct{} `type:"structure"` - // A list of grant tokens. + // Checks if your request will succeed. DryRun is an optional parameter. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. - GrantTokens []*string `type:"list"` + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + + // Identifies the grant to revoke. To get the grant ID, use CreateGrant, ListGrants, + // or ListRetirableGrants. + // + // GrantId is a required field + GrantId *string `min:"1" type:"string" required:"true"` - // Identifies an asymmetric CMK. AWS KMS uses the private key in the asymmetric - // CMK to sign the message. The KeyUsage type of the CMK must be SIGN_VERIFY. - // To find the KeyUsage of a CMK, use the DescribeKey operation. + // A unique identifier for the KMS key associated with the grant. To get the + // key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different + // Amazon Web Services account, you must use the key ARN. // // For example: // @@ -13562,69 +20115,45 @@ type SignInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // * Alias name: alias/ExampleAlias - // - // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias - // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - - // Specifies the message or message digest to sign. Messages can be 0-4096 bytes. - // To sign a larger message, provide the message digest. - // - // If you provide a message, AWS KMS generates a hash digest of the message - // and then signs it. - // - // Message is automatically base64 encoded/decoded by the SDK. - // - // Message is a required field - Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` - - // Tells AWS KMS whether the value of the Message parameter is a message or - // message digest. The default value, RAW, indicates a message. To indicate - // a message digest, enter DIGEST. - MessageType *string `type:"string" enum:"MessageType"` - - // Specifies the signing algorithm to use when signing the message. - // - // Choose an algorithm that is compatible with the type and size of the specified - // asymmetric CMK. - // - // SigningAlgorithm is a required field - SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` } -// String returns the string representation -func (s SignInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevokeGrantInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s SignInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevokeGrantInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *SignInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "SignInput"} +func (s *RevokeGrantInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RevokeGrantInput"} + if s.GrantId == nil { + invalidParams.Add(request.NewErrParamRequired("GrantId")) + } + if s.GrantId != nil && len(*s.GrantId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) + } if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } - if s.Message == nil { - invalidParams.Add(request.NewErrParamRequired("Message")) - } - if s.Message != nil && len(s.Message) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Message", 1)) - } - if s.SigningAlgorithm == nil { - invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) - } if invalidParams.Len() > 0 { return invalidParams @@ -13632,133 +20161,97 @@ func (s *SignInput) Validate() error { return nil } -// SetGrantTokens sets the GrantTokens field's value. -func (s *SignInput) SetGrantTokens(v []*string) *SignInput { - s.GrantTokens = v +// SetDryRun sets the DryRun field's value. +func (s *RevokeGrantInput) SetDryRun(v bool) *RevokeGrantInput { + s.DryRun = &v + return s +} + +// SetGrantId sets the GrantId field's value. +func (s *RevokeGrantInput) SetGrantId(v string) *RevokeGrantInput { + s.GrantId = &v return s } // SetKeyId sets the KeyId field's value. -func (s *SignInput) SetKeyId(v string) *SignInput { +func (s *RevokeGrantInput) SetKeyId(v string) *RevokeGrantInput { s.KeyId = &v return s } -// SetMessage sets the Message field's value. -func (s *SignInput) SetMessage(v []byte) *SignInput { - s.Message = v - return s +type RevokeGrantOutput struct { + _ struct{} `type:"structure"` } -// SetMessageType sets the MessageType field's value. -func (s *SignInput) SetMessageType(v string) *SignInput { - s.MessageType = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevokeGrantOutput) String() string { + return awsutil.Prettify(s) } -// SetSigningAlgorithm sets the SigningAlgorithm field's value. -func (s *SignInput) SetSigningAlgorithm(v string) *SignInput { - s.SigningAlgorithm = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RevokeGrantOutput) GoString() string { + return s.String() } -type SignOutput struct { +type RotateKeyOnDemandInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the asymmetric CMK that was used to sign the message. - KeyId *string `min:"1" type:"string"` - - // The cryptographic signature that was generated for the message. + // Identifies a symmetric encryption KMS key. You cannot perform on-demand rotation + // of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), + // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), + // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), + // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // To perform on-demand rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), + // invoke the on-demand rotation on the primary key. // - // * When used with the supported RSA signing algorithms, the encoding of - // this value is defined by PKCS #1 in RFC 8017 (https://tools.ietf.org/html/rfc8017). + // Specify the key ID or key ARN of the KMS key. // - // * When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing - // algorithms, this value is a DER-encoded object as defined by ANS X9.62–2005 - // and RFC 3279 Section 2.2.3 (https://tools.ietf.org/html/rfc3279#section-2.2.3). - // This is the most commonly used signature format and is appropriate for - // most uses. + // For example: // - // When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, - // it is not Base64-encoded. + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // - // Signature is automatically base64 encoded/decoded by the SDK. - Signature []byte `min:"1" type:"blob"` - - // The signing algorithm that was used to sign the message. - SigningAlgorithm *string `type:"string" enum:"SigningAlgorithmSpec"` -} - -// String returns the string representation -func (s SignOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s SignOutput) GoString() string { - return s.String() -} - -// SetKeyId sets the KeyId field's value. -func (s *SignOutput) SetKeyId(v string) *SignOutput { - s.KeyId = &v - return s -} - -// SetSignature sets the Signature field's value. -func (s *SignOutput) SetSignature(v []byte) *SignOutput { - s.Signature = v - return s -} - -// SetSigningAlgorithm sets the SigningAlgorithm field's value. -func (s *SignOutput) SetSigningAlgorithm(v string) *SignOutput { - s.SigningAlgorithm = &v - return s -} - -// A key-value pair. A tag consists of a tag key and a tag value. Tag keys and -// tag values are both required, but tag values can be empty (null) strings. -// -// For information about the rules that apply to tag keys and tag values, see -// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// in the AWS Billing and Cost Management User Guide. -type Tag struct { - _ struct{} `type:"structure"` - - // The key of the tag. + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // TagKey is a required field - TagKey *string `min:"1" type:"string" required:"true"` - - // The value of the tag. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // - // TagValue is a required field - TagValue *string `type:"string" required:"true"` + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s Tag) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateKeyOnDemandInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s Tag) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateKeyOnDemandInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *Tag) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "Tag"} - if s.TagKey == nil { - invalidParams.Add(request.NewErrParamRequired("TagKey")) - } - if s.TagKey != nil && len(*s.TagKey) < 1 { - invalidParams.Add(request.NewErrParamMinLen("TagKey", 1)) +func (s *RotateKeyOnDemandInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RotateKeyOnDemandInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) } - if s.TagValue == nil { - invalidParams.Add(request.NewErrParamRequired("TagValue")) + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { @@ -13767,80 +20260,103 @@ func (s *Tag) Validate() error { return nil } -// SetTagKey sets the TagKey field's value. -func (s *Tag) SetTagKey(v string) *Tag { - s.TagKey = &v - return s -} - -// SetTagValue sets the TagValue field's value. -func (s *Tag) SetTagValue(v string) *Tag { - s.TagValue = &v +// SetKeyId sets the KeyId field's value. +func (s *RotateKeyOnDemandInput) SetKeyId(v string) *RotateKeyOnDemandInput { + s.KeyId = &v return s } -// The request was rejected because one or more tags are not valid. -type TagException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` +type RotateKeyOnDemandOutput struct { + _ struct{} `type:"structure"` - Message_ *string `locationName:"message" type:"string"` + // Identifies the symmetric encryption KMS key that you initiated on-demand + // rotation on. + KeyId *string `min:"1" type:"string"` } -// String returns the string representation -func (s TagException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateKeyOnDemandOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s TagException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateKeyOnDemandOutput) GoString() string { return s.String() } -func newErrorTagException(v protocol.ResponseMetadata) error { - return &TagException{ - RespMetadata: v, - } +// SetKeyId sets the KeyId field's value. +func (s *RotateKeyOnDemandOutput) SetKeyId(v string) *RotateKeyOnDemandOutput { + s.KeyId = &v + return s } -// Code returns the exception type name. -func (s *TagException) Code() string { - return "TagException" +// Contains information about completed key material rotations. +type RotationsListEntry struct { + _ struct{} `type:"structure"` + + // Unique identifier of the key. + KeyId *string `min:"1" type:"string"` + + // Date and time that the key material rotation completed. Formatted as Unix + // time. + RotationDate *time.Time `type:"timestamp"` + + // Identifies whether the key material rotation was a scheduled automatic rotation + // (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable) + // or an on-demand rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand). + RotationType *string `type:"string" enum:"RotationType"` } -// Message returns the exception's message. -func (s *TagException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotationsListEntry) String() string { + return awsutil.Prettify(s) } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *TagException) OrigErr() error { - return nil +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotationsListEntry) GoString() string { + return s.String() } -func (s *TagException) Error() string { - return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +// SetKeyId sets the KeyId field's value. +func (s *RotationsListEntry) SetKeyId(v string) *RotationsListEntry { + s.KeyId = &v + return s } -// Status code returns the HTTP status code for the request's response error. -func (s *TagException) StatusCode() int { - return s.RespMetadata.StatusCode +// SetRotationDate sets the RotationDate field's value. +func (s *RotationsListEntry) SetRotationDate(v time.Time) *RotationsListEntry { + s.RotationDate = &v + return s } -// RequestID returns the service's response RequestID for request. -func (s *TagException) RequestID() string { - return s.RespMetadata.RequestID +// SetRotationType sets the RotationType field's value. +func (s *RotationsListEntry) SetRotationType(v string) *RotationsListEntry { + s.RotationType = &v + return s } -type TagResourceInput struct { +type ScheduleKeyDeletionInput struct { _ struct{} `type:"structure"` - // A unique identifier for the CMK you are tagging. + // The unique identifier of the KMS key to delete. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -13848,48 +20364,55 @@ type TagResourceInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // One or more tags. Each tag consists of a tag key and a tag value. + // The waiting period, specified in number of days. After the waiting period + // ends, KMS deletes the KMS key. // - // Tags is a required field - Tags []*Tag `type:"list" required:"true"` + // If the KMS key is a multi-Region primary key with replica keys, the waiting + // period begins when the last of its replica keys is deleted. Otherwise, the + // waiting period begins immediately. + // + // This value is optional. If you include a value, it must be between 7 and + // 30, inclusive. If you do not include a value, it defaults to 30. You can + // use the kms:ScheduleKeyDeletionPendingWindowInDays (https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-schedule-key-deletion-pending-window-in-days) + // condition key to further constrain the values that principals can specify + // in the PendingWindowInDays parameter. + PendingWindowInDays *int64 `min:"1" type:"integer"` } -// String returns the string representation -func (s TagResourceInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ScheduleKeyDeletionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s TagResourceInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ScheduleKeyDeletionInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *TagResourceInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} +func (s *ScheduleKeyDeletionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ScheduleKeyDeletionInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } - if s.Tags == nil { - invalidParams.Add(request.NewErrParamRequired("Tags")) - } - if s.Tags != nil { - for i, v := range s.Tags { - if v == nil { - continue - } - if err := v.Validate(); err != nil { - invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) - } - } + if s.PendingWindowInDays != nil && *s.PendingWindowInDays < 1 { + invalidParams.Add(request.NewErrParamMinValue("PendingWindowInDays", 1)) } if invalidParams.Len() > 0 { @@ -13899,94 +20422,115 @@ func (s *TagResourceInput) Validate() error { } // SetKeyId sets the KeyId field's value. -func (s *TagResourceInput) SetKeyId(v string) *TagResourceInput { +func (s *ScheduleKeyDeletionInput) SetKeyId(v string) *ScheduleKeyDeletionInput { s.KeyId = &v return s } -// SetTags sets the Tags field's value. -func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { - s.Tags = v +// SetPendingWindowInDays sets the PendingWindowInDays field's value. +func (s *ScheduleKeyDeletionInput) SetPendingWindowInDays(v int64) *ScheduleKeyDeletionInput { + s.PendingWindowInDays = &v return s } -type TagResourceOutput struct { +type ScheduleKeyDeletionOutput struct { _ struct{} `type:"structure"` -} -// String returns the string representation -func (s TagResourceOutput) String() string { - return awsutil.Prettify(s) -} + // The date and time after which KMS deletes the KMS key. + // + // If the KMS key is a multi-Region primary key with replica keys, this field + // does not appear. The deletion date for the primary key isn't known until + // its last replica key is deleted. + DeletionDate *time.Time `type:"timestamp"` -// GoString returns the string representation -func (s TagResourceOutput) GoString() string { - return s.String() -} + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) + // of the KMS key whose deletion is scheduled. + KeyId *string `min:"1" type:"string"` -// The request was rejected because a specified parameter is not supported or -// a specified resource is not valid for this operation. -type UnsupportedOperationException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // The current status of the KMS key. + // + // For more information about how key state affects the use of a KMS key, see + // Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide. + KeyState *string `type:"string" enum:"KeyState"` - Message_ *string `locationName:"message" type:"string"` + // The waiting period before the KMS key is deleted. + // + // If the KMS key is a multi-Region primary key with replicas, the waiting period + // begins when the last of its replica keys is deleted. Otherwise, the waiting + // period begins immediately. + PendingWindowInDays *int64 `min:"1" type:"integer"` } -// String returns the string representation -func (s UnsupportedOperationException) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ScheduleKeyDeletionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s UnsupportedOperationException) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ScheduleKeyDeletionOutput) GoString() string { return s.String() } -func newErrorUnsupportedOperationException(v protocol.ResponseMetadata) error { - return &UnsupportedOperationException{ - RespMetadata: v, - } +// SetDeletionDate sets the DeletionDate field's value. +func (s *ScheduleKeyDeletionOutput) SetDeletionDate(v time.Time) *ScheduleKeyDeletionOutput { + s.DeletionDate = &v + return s } -// Code returns the exception type name. -func (s *UnsupportedOperationException) Code() string { - return "UnsupportedOperationException" +// SetKeyId sets the KeyId field's value. +func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutput { + s.KeyId = &v + return s } -// Message returns the exception's message. -func (s *UnsupportedOperationException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +// SetKeyState sets the KeyState field's value. +func (s *ScheduleKeyDeletionOutput) SetKeyState(v string) *ScheduleKeyDeletionOutput { + s.KeyState = &v + return s } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *UnsupportedOperationException) OrigErr() error { - return nil -} - -func (s *UnsupportedOperationException) Error() string { - return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +// SetPendingWindowInDays sets the PendingWindowInDays field's value. +func (s *ScheduleKeyDeletionOutput) SetPendingWindowInDays(v int64) *ScheduleKeyDeletionOutput { + s.PendingWindowInDays = &v + return s } -// Status code returns the HTTP status code for the request's response error. -func (s *UnsupportedOperationException) StatusCode() int { - return s.RespMetadata.StatusCode -} +type SignInput struct { + _ struct{} `type:"structure"` -// RequestID returns the service's response RequestID for request. -func (s *UnsupportedOperationException) RequestID() string { - return s.RespMetadata.RequestID -} + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` -type UntagResourceInput struct { - _ struct{} `type:"structure"` + // A list of grant tokens. + // + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` - // A unique identifier for the CMK from which you are removing tags. + // Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric + // KMS key to sign the message. The KeyUsage type of the KMS key must be SIGN_VERIFY. + // To find the KeyUsage of a KMS key, use the DescribeKey operation. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. // // For example: // @@ -13994,38 +20538,109 @@ type UntagResourceInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // One or more tag keys. Specify only the tag keys, not the tag values. + // Specifies the message or message digest to sign. Messages can be 0-4096 bytes. + // To sign a larger message, provide a message digest. // - // TagKeys is a required field - TagKeys []*string `type:"list" required:"true"` + // If you provide a message digest, use the DIGEST value of MessageType to prevent + // the digest from being hashed again while signing. + // + // Message is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SignInput's + // String and GoString methods. + // + // Message is automatically base64 encoded/decoded by the SDK. + // + // Message is a required field + Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` + + // Tells KMS whether the value of the Message parameter should be hashed as + // part of the signing algorithm. Use RAW for unhashed messages; use DIGEST + // for message digests, which are already hashed. + // + // When the value of MessageType is RAW, KMS uses the standard signing algorithm, + // which begins with a hash function. When the value is DIGEST, KMS skips the + // hashing step in the signing algorithm. + // + // Use the DIGEST value only when the value of the Message parameter is a message + // digest. If you use the DIGEST value with an unhashed message, the security + // of the signing operation can be compromised. + // + // When the value of MessageTypeis DIGEST, the length of the Message value must + // match the length of hashed messages for the specified signing algorithm. + // + // You can submit a message digest and omit the MessageType or specify RAW so + // the digest is hashed again while signing. However, this can cause verification + // failures when verifying with a system that assumes a single hash. + // + // The hashing algorithm in that Sign uses is based on the SigningAlgorithm + // value. + // + // * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. + // + // * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. + // + // * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. + // + // * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification + // with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). + MessageType *string `type:"string" enum:"MessageType"` + + // Specifies the signing algorithm to use when signing the message. + // + // Choose an algorithm that is compatible with the type and size of the specified + // asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS algorithms + // are preferred. We include RSASSA-PKCS1-v1_5 algorithms for compatibility + // with existing applications. + // + // SigningAlgorithm is a required field + SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` } -// String returns the string representation -func (s UntagResourceInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SignInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s UntagResourceInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SignInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *UntagResourceInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} +func (s *SignInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SignInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } - if s.TagKeys == nil { - invalidParams.Add(request.NewErrParamRequired("TagKeys")) + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Message != nil && len(s.Message) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Message", 1)) + } + if s.SigningAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) } if invalidParams.Len() > 0 { @@ -14034,185 +20649,157 @@ func (s *UntagResourceInput) Validate() error { return nil } -// SetKeyId sets the KeyId field's value. -func (s *UntagResourceInput) SetKeyId(v string) *UntagResourceInput { - s.KeyId = &v +// SetDryRun sets the DryRun field's value. +func (s *SignInput) SetDryRun(v bool) *SignInput { + s.DryRun = &v return s } -// SetTagKeys sets the TagKeys field's value. -func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { - s.TagKeys = v +// SetGrantTokens sets the GrantTokens field's value. +func (s *SignInput) SetGrantTokens(v []*string) *SignInput { + s.GrantTokens = v return s } -type UntagResourceOutput struct { - _ struct{} `type:"structure"` +// SetKeyId sets the KeyId field's value. +func (s *SignInput) SetKeyId(v string) *SignInput { + s.KeyId = &v + return s } -// String returns the string representation -func (s UntagResourceOutput) String() string { - return awsutil.Prettify(s) +// SetMessage sets the Message field's value. +func (s *SignInput) SetMessage(v []byte) *SignInput { + s.Message = v + return s } -// GoString returns the string representation -func (s UntagResourceOutput) GoString() string { - return s.String() +// SetMessageType sets the MessageType field's value. +func (s *SignInput) SetMessageType(v string) *SignInput { + s.MessageType = &v + return s } -type UpdateAliasInput struct { +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *SignInput) SetSigningAlgorithm(v string) *SignInput { + s.SigningAlgorithm = &v + return s +} + +type SignOutput struct { _ struct{} `type:"structure"` - // Identifies the alias that is changing its CMK. This value must begin with - // alias/ followed by the alias name, such as alias/ExampleAlias. You cannot - // use UpdateAlias to change the alias name. - // - // AliasName is a required field - AliasName *string `min:"1" type:"string" required:"true"` + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) + // of the asymmetric KMS key that was used to sign the message. + KeyId *string `min:"1" type:"string"` - // Identifies the CMK to associate with the alias. When the update operation - // completes, the alias will point to this CMK. - // - // The CMK must be in the same AWS account and Region as the alias. Also, the - // new target CMK must be the same type as the current target CMK (both symmetric - // or both asymmetric) and they must have the same key usage. - // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. - // - // For example: - // - // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab - // - // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // The cryptographic signature that was generated for the message. // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // * When used with the supported RSA signing algorithms, the encoding of + // this value is defined by PKCS #1 in RFC 8017 (https://tools.ietf.org/html/rfc8017). // - // To verify that the alias is mapped to the correct CMK, use ListAliases. + // * When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing + // algorithms, this value is a DER-encoded object as defined by ANSI X9.62–2005 + // and RFC 3279 Section 2.2.3 (https://tools.ietf.org/html/rfc3279#section-2.2.3). + // This is the most commonly used signature format and is appropriate for + // most uses. // - // TargetKeyId is a required field - TargetKeyId *string `min:"1" type:"string" required:"true"` + // When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. + // Otherwise, it is not Base64-encoded. + // Signature is automatically base64 encoded/decoded by the SDK. + Signature []byte `min:"1" type:"blob"` + + // The signing algorithm that was used to sign the message. + SigningAlgorithm *string `type:"string" enum:"SigningAlgorithmSpec"` } -// String returns the string representation -func (s UpdateAliasInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SignOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s UpdateAliasInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SignOutput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateAliasInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"} - if s.AliasName == nil { - invalidParams.Add(request.NewErrParamRequired("AliasName")) - } - if s.AliasName != nil && len(*s.AliasName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) - } - if s.TargetKeyId == nil { - invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) - } - if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetAliasName sets the AliasName field's value. -func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput { - s.AliasName = &v +// SetKeyId sets the KeyId field's value. +func (s *SignOutput) SetKeyId(v string) *SignOutput { + s.KeyId = &v return s } -// SetTargetKeyId sets the TargetKeyId field's value. -func (s *UpdateAliasInput) SetTargetKeyId(v string) *UpdateAliasInput { - s.TargetKeyId = &v +// SetSignature sets the Signature field's value. +func (s *SignOutput) SetSignature(v []byte) *SignOutput { + s.Signature = v return s } -type UpdateAliasOutput struct { - _ struct{} `type:"structure"` -} - -// String returns the string representation -func (s UpdateAliasOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s UpdateAliasOutput) GoString() string { - return s.String() +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *SignOutput) SetSigningAlgorithm(v string) *SignOutput { + s.SigningAlgorithm = &v + return s } -type UpdateCustomKeyStoreInput struct { +// A key-value pair. A tag consists of a tag key and a tag value. Tag keys and +// tag values are both required, but tag values can be empty (null) strings. +// +// Do not include confidential or sensitive information in this field. This +// field may be displayed in plaintext in CloudTrail logs and other output. +// +// For information about the rules that apply to tag keys and tag values, see +// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) +// in the Amazon Web Services Billing and Cost Management User Guide. +type Tag struct { _ struct{} `type:"structure"` - // Associates the custom key store with a related AWS CloudHSM cluster. - // - // Enter the cluster ID of the cluster that you used to create the custom key - // store or a cluster that shares a backup history and has the same cluster - // certificate as the original cluster. You cannot use this parameter to associate - // a custom key store with an unrelated cluster. In addition, the replacement - // cluster must fulfill the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) - // for a cluster associated with a custom key store. To view the cluster certificate - // of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) - // operation. - CloudHsmClusterId *string `min:"19" type:"string"` - - // Identifies the custom key store that you want to update. Enter the ID of - // the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores - // operation. + // The key of the tag. // - // CustomKeyStoreId is a required field - CustomKeyStoreId *string `min:"1" type:"string" required:"true"` + // TagKey is a required field + TagKey *string `min:"1" type:"string" required:"true"` - // Enter the current password of the kmsuser crypto user (CU) in the AWS CloudHSM - // cluster that is associated with the custom key store. + // The value of the tag. // - // This parameter tells AWS KMS the current password of the kmsuser crypto user - // (CU). It does not set or change the password of any users in the AWS CloudHSM - // cluster. - KeyStorePassword *string `min:"7" type:"string" sensitive:"true"` - - // Changes the friendly name of the custom key store to the value that you specify. - // The custom key store name must be unique in the AWS account. - NewCustomKeyStoreName *string `min:"1" type:"string"` + // TagValue is a required field + TagValue *string `type:"string" required:"true"` } -// String returns the string representation -func (s UpdateCustomKeyStoreInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s UpdateCustomKeyStoreInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateCustomKeyStoreInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateCustomKeyStoreInput"} - if s.CloudHsmClusterId != nil && len(*s.CloudHsmClusterId) < 19 { - invalidParams.Add(request.NewErrParamMinLen("CloudHsmClusterId", 19)) - } - if s.CustomKeyStoreId == nil { - invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) - } - if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.TagKey == nil { + invalidParams.Add(request.NewErrParamRequired("TagKey")) } - if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 7 { - invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 7)) + if s.TagKey != nil && len(*s.TagKey) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TagKey", 1)) } - if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1)) + if s.TagValue == nil { + invalidParams.Add(request.NewErrParamRequired("TagValue")) } if invalidParams.Len() > 0 { @@ -14221,55 +20808,88 @@ func (s *UpdateCustomKeyStoreInput) Validate() error { return nil } -// SetCloudHsmClusterId sets the CloudHsmClusterId field's value. -func (s *UpdateCustomKeyStoreInput) SetCloudHsmClusterId(v string) *UpdateCustomKeyStoreInput { - s.CloudHsmClusterId = &v +// SetTagKey sets the TagKey field's value. +func (s *Tag) SetTagKey(v string) *Tag { + s.TagKey = &v return s } -// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. -func (s *UpdateCustomKeyStoreInput) SetCustomKeyStoreId(v string) *UpdateCustomKeyStoreInput { - s.CustomKeyStoreId = &v +// SetTagValue sets the TagValue field's value. +func (s *Tag) SetTagValue(v string) *Tag { + s.TagValue = &v return s } -// SetKeyStorePassword sets the KeyStorePassword field's value. -func (s *UpdateCustomKeyStoreInput) SetKeyStorePassword(v string) *UpdateCustomKeyStoreInput { - s.KeyStorePassword = &v - return s +// The request was rejected because one or more tags are not valid. +type TagException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` } -// SetNewCustomKeyStoreName sets the NewCustomKeyStoreName field's value. -func (s *UpdateCustomKeyStoreInput) SetNewCustomKeyStoreName(v string) *UpdateCustomKeyStoreInput { - s.NewCustomKeyStoreName = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagException) String() string { + return awsutil.Prettify(s) } -type UpdateCustomKeyStoreOutput struct { - _ struct{} `type:"structure"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagException) GoString() string { + return s.String() } -// String returns the string representation -func (s UpdateCustomKeyStoreOutput) String() string { - return awsutil.Prettify(s) +func newErrorTagException(v protocol.ResponseMetadata) error { + return &TagException{ + RespMetadata: v, + } } -// GoString returns the string representation -func (s UpdateCustomKeyStoreOutput) GoString() string { - return s.String() +// Code returns the exception type name. +func (s *TagException) Code() string { + return "TagException" } -type UpdateKeyDescriptionInput struct { - _ struct{} `type:"structure"` +// Message returns the exception's message. +func (s *TagException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // New description for the CMK. - // - // Description is a required field - Description *string `type:"string" required:"true"` +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *TagException) OrigErr() error { + return nil +} + +func (s *TagException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} - // A unique identifier for the customer master key (CMK). +// Status code returns the HTTP status code for the request's response error. +func (s *TagException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *TagException) RequestID() string { + return s.RespMetadata.RequestID +} + +type TagResourceInput struct { + _ struct{} `type:"structure"` + + // Identifies a customer managed key in the account and Region. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -14277,34 +20897,65 @@ type UpdateKeyDescriptionInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` + + // One or more tags. Each tag consists of a tag key and a tag value. The tag + // value can be an empty (null) string. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // You cannot have more than one tag on a KMS key with the same tag key. If + // you specify an existing tag key with a different tag value, KMS replaces + // the current tag value with the specified one. + // + // Tags is a required field + Tags []*Tag `type:"list" required:"true"` } -// String returns the string representation -func (s UpdateKeyDescriptionInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s UpdateKeyDescriptionInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateKeyDescriptionInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateKeyDescriptionInput"} - if s.Description == nil { - invalidParams.Add(request.NewErrParamRequired("Description")) - } +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -14312,48 +20963,111 @@ func (s *UpdateKeyDescriptionInput) Validate() error { return nil } -// SetDescription sets the Description field's value. -func (s *UpdateKeyDescriptionInput) SetDescription(v string) *UpdateKeyDescriptionInput { - s.Description = &v +// SetKeyId sets the KeyId field's value. +func (s *TagResourceInput) SetKeyId(v string) *TagResourceInput { + s.KeyId = &v return s } -// SetKeyId sets the KeyId field's value. -func (s *UpdateKeyDescriptionInput) SetKeyId(v string) *UpdateKeyDescriptionInput { - s.KeyId = &v +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { + s.Tags = v return s } -type UpdateKeyDescriptionOutput struct { +type TagResourceOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation -func (s UpdateKeyDescriptionOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s UpdateKeyDescriptionOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) GoString() string { return s.String() } -type VerifyInput struct { - _ struct{} `type:"structure"` +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +type UnsupportedOperationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // A list of grant tokens. - // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) - // in the AWS Key Management Service Developer Guide. - GrantTokens []*string `type:"list"` + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedOperationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedOperationException) GoString() string { + return s.String() +} + +func newErrorUnsupportedOperationException(v protocol.ResponseMetadata) error { + return &UnsupportedOperationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *UnsupportedOperationException) Code() string { + return "UnsupportedOperationException" +} + +// Message returns the exception's message. +func (s *UnsupportedOperationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnsupportedOperationException) OrigErr() error { + return nil +} + +func (s *UnsupportedOperationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnsupportedOperationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnsupportedOperationException) RequestID() string { + return s.RespMetadata.RequestID +} + +type UntagResourceInput struct { + _ struct{} `type:"structure"` - // Identifies the asymmetric CMK that will be used to verify the signature. - // This must be the same CMK that was used to generate the signature. If you - // specify a different CMK, the signature verification fails. + // Identifies the KMS key from which you are removing tags. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // Specify the key ID or key ARN of the KMS key. // // For example: // @@ -14361,172 +21075,2128 @@ type VerifyInput struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // * Alias name: alias/ExampleAlias - // - // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias - // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To - // get the alias name and alias ARN, use ListAliases. + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // Specifies the message that was signed. You can submit a raw message of up - // to 4096 bytes, or a hash digest of the message. If you submit a digest, use - // the MessageType parameter with a value of DIGEST. - // - // If the message specified here is different from the message that was signed, - // the signature verification fails. A message and its hash digest are considered - // to be the same message. - // - // Message is automatically base64 encoded/decoded by the SDK. + // One or more tag keys. Specify only the tag keys, not the tag values. // - // Message is a required field - Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` + // TagKeys is a required field + TagKeys []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *UntagResourceInput) SetKeyId(v string) *UntagResourceInput { + s.KeyId = &v + return s +} + +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} + +type UntagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) GoString() string { + return s.String() +} + +type UpdateAliasInput struct { + _ struct{} `type:"structure"` + + // Identifies the alias that is changing its KMS key. This value must begin + // with alias/ followed by the alias name, such as alias/ExampleAlias. You cannot + // use UpdateAlias to change the alias name. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // AliasName is a required field + AliasName *string `min:"1" type:"string" required:"true"` + + // Identifies the customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) + // to associate with the alias. You don't have permission to associate an alias + // with an Amazon Web Services managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). + // + // The KMS key must be in the same Amazon Web Services account and Region as + // the alias. Also, the new target KMS key must be the same type as the current + // target KMS key (both symmetric or both asymmetric or both HMAC) and they + // must have the same key usage. + // + // Specify the key ID or key ARN of the KMS key. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // + // To verify that the alias is mapped to the correct KMS key, use ListAliases. + // + // TargetKeyId is a required field + TargetKeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) + } + if s.TargetKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) + } + if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput { + s.AliasName = &v + return s +} + +// SetTargetKeyId sets the TargetKeyId field's value. +func (s *UpdateAliasInput) SetTargetKeyId(v string) *UpdateAliasInput { + s.TargetKeyId = &v + return s +} + +type UpdateAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasOutput) GoString() string { + return s.String() +} + +type UpdateCustomKeyStoreInput struct { + _ struct{} `type:"structure"` + + // Associates the custom key store with a related CloudHSM cluster. This parameter + // is valid only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. + // + // Enter the cluster ID of the cluster that you used to create the custom key + // store or a cluster that shares a backup history and has the same cluster + // certificate as the original cluster. You cannot use this parameter to associate + // a custom key store with an unrelated cluster. In addition, the replacement + // cluster must fulfill the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) + // for a cluster associated with a custom key store. To view the cluster certificate + // of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // operation. + // + // To change this value, the CloudHSM key store must be disconnected. + CloudHsmClusterId *string `min:"19" type:"string"` + + // Identifies the custom key store that you want to update. Enter the ID of + // the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores + // operation. + // + // CustomKeyStoreId is a required field + CustomKeyStoreId *string `min:"1" type:"string" required:"true"` + + // Enter the current password of the kmsuser crypto user (CU) in the CloudHSM + // cluster that is associated with the custom key store. This parameter is valid + // only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. + // + // This parameter tells KMS the current password of the kmsuser crypto user + // (CU). It does not set or change the password of any users in the CloudHSM + // cluster. + // + // To change this value, the CloudHSM key store must be disconnected. + // + // KeyStorePassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateCustomKeyStoreInput's + // String and GoString methods. + KeyStorePassword *string `min:"7" type:"string" sensitive:"true"` + + // Changes the friendly name of the custom key store to the value that you specify. + // The custom key store name must be unique in the Amazon Web Services account. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // To change this value, an CloudHSM key store must be disconnected. An external + // key store can be connected or disconnected. + NewCustomKeyStoreName *string `min:"1" type:"string"` + + // Changes the credentials that KMS uses to sign requests to the external key + // store proxy (XKS proxy). This parameter is valid only for custom key stores + // with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // You must specify both the AccessKeyId and SecretAccessKey value in the authentication + // credential, even if you are only updating one value. + // + // This parameter doesn't establish or change your authentication credentials + // on the proxy. It just tells KMS the credential that you established with + // your external key store proxy. For example, if you rotate the credential + // on your external key store proxy, you can use this parameter to update the + // credential in KMS. + // + // You can change this value when the external key store is connected or disconnected. + XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"` + + // Changes the connectivity setting for the external key store. To indicate + // that the external key store proxy uses a Amazon VPC endpoint service to communicate + // with KMS, specify VPC_ENDPOINT_SERVICE. Otherwise, specify PUBLIC_ENDPOINT. + // + // If you change the XksProxyConnectivity to VPC_ENDPOINT_SERVICE, you must + // also change the XksProxyUriEndpoint and add an XksProxyVpcEndpointServiceName + // value. + // + // If you change the XksProxyConnectivity to PUBLIC_ENDPOINT, you must also + // change the XksProxyUriEndpoint and specify a null or empty string for the + // XksProxyVpcEndpointServiceName value. + // + // To change this value, the external key store must be disconnected. + XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // Changes the URI endpoint that KMS uses to connect to your external key store + // proxy (XKS proxy). This parameter is valid only for custom key stores with + // a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // For external key stores with an XksProxyConnectivity value of PUBLIC_ENDPOINT, + // the protocol must be HTTPS. + // + // For external key stores with an XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, + // specify https:// followed by the private DNS name associated with the VPC + // endpoint service. Each external key store must use a different private DNS + // name. + // + // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique + // in the Amazon Web Services account and Region. + // + // To change this value, the external key store must be disconnected. + XksProxyUriEndpoint *string `min:"10" type:"string"` + + // Changes the base path to the proxy APIs for this external key store. To find + // this value, see the documentation for your external key manager and external + // key store proxy (XKS proxy). This parameter is valid only for custom key + // stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // The value must start with / and must end with /kms/xks/v1, where v1 represents + // the version of the KMS external key store proxy API. You can include an optional + // prefix between the required elements such as /example/kms/xks/v1. + // + // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique + // in the Amazon Web Services account and Region. + // + // You can change this value when the external key store is connected or disconnected. + XksProxyUriPath *string `min:"10" type:"string"` + + // Changes the name that KMS uses to identify the Amazon VPC endpoint service + // for your external key store proxy (XKS proxy). This parameter is valid when + // the CustomKeyStoreType is EXTERNAL_KEY_STORE and the XksProxyConnectivity + // is VPC_ENDPOINT_SERVICE. + // + // To change this value, the external key store must be disconnected. + XksProxyVpcEndpointServiceName *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCustomKeyStoreInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCustomKeyStoreInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateCustomKeyStoreInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateCustomKeyStoreInput"} + if s.CloudHsmClusterId != nil && len(*s.CloudHsmClusterId) < 19 { + invalidParams.Add(request.NewErrParamMinLen("CloudHsmClusterId", 19)) + } + if s.CustomKeyStoreId == nil { + invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) + } + if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) + } + if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 7)) + } + if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1)) + } + if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10)) + } + if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10)) + } + if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20)) + } + if s.XksProxyAuthenticationCredential != nil { + if err := s.XksProxyAuthenticationCredential.Validate(); err != nil { + invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCloudHsmClusterId sets the CloudHsmClusterId field's value. +func (s *UpdateCustomKeyStoreInput) SetCloudHsmClusterId(v string) *UpdateCustomKeyStoreInput { + s.CloudHsmClusterId = &v + return s +} + +// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. +func (s *UpdateCustomKeyStoreInput) SetCustomKeyStoreId(v string) *UpdateCustomKeyStoreInput { + s.CustomKeyStoreId = &v + return s +} + +// SetKeyStorePassword sets the KeyStorePassword field's value. +func (s *UpdateCustomKeyStoreInput) SetKeyStorePassword(v string) *UpdateCustomKeyStoreInput { + s.KeyStorePassword = &v + return s +} + +// SetNewCustomKeyStoreName sets the NewCustomKeyStoreName field's value. +func (s *UpdateCustomKeyStoreInput) SetNewCustomKeyStoreName(v string) *UpdateCustomKeyStoreInput { + s.NewCustomKeyStoreName = &v + return s +} + +// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *UpdateCustomKeyStoreInput { + s.XksProxyAuthenticationCredential = v + return s +} + +// SetXksProxyConnectivity sets the XksProxyConnectivity field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *UpdateCustomKeyStoreInput { + s.XksProxyConnectivity = &v + return s +} + +// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *UpdateCustomKeyStoreInput { + s.XksProxyUriEndpoint = &v + return s +} + +// SetXksProxyUriPath sets the XksProxyUriPath field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyUriPath(v string) *UpdateCustomKeyStoreInput { + s.XksProxyUriPath = &v + return s +} + +// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *UpdateCustomKeyStoreInput { + s.XksProxyVpcEndpointServiceName = &v + return s +} + +type UpdateCustomKeyStoreOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCustomKeyStoreOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCustomKeyStoreOutput) GoString() string { + return s.String() +} + +type UpdateKeyDescriptionInput struct { + _ struct{} `type:"structure"` + + // New description for the KMS key. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // Updates the description of the specified KMS key. + // + // Specify the key ID or key ARN of the KMS key. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyDescriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyDescriptionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateKeyDescriptionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateKeyDescriptionInput"} + if s.Description == nil { + invalidParams.Add(request.NewErrParamRequired("Description")) + } + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *UpdateKeyDescriptionInput) SetDescription(v string) *UpdateKeyDescriptionInput { + s.Description = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *UpdateKeyDescriptionInput) SetKeyId(v string) *UpdateKeyDescriptionInput { + s.KeyId = &v + return s +} + +type UpdateKeyDescriptionOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyDescriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyDescriptionOutput) GoString() string { + return s.String() +} + +type UpdatePrimaryRegionInput struct { + _ struct{} `type:"structure"` + + // Identifies the current primary key. When the operation completes, this KMS + // key will be a replica key. + // + // Specify the key ID or key ARN of a multi-Region primary key. + // + // For example: + // + // * Key ID: mrk-1234abcd12ab34cd56ef1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The Amazon Web Services Region of the new primary key. Enter the Region ID, + // such as us-east-1 or ap-southeast-2. There must be an existing replica key + // in this Region. + // + // When the operation completes, the multi-Region key in this Region will be + // the primary key. + // + // PrimaryRegion is a required field + PrimaryRegion *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdatePrimaryRegionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdatePrimaryRegionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdatePrimaryRegionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdatePrimaryRegionInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.PrimaryRegion == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryRegion")) + } + if s.PrimaryRegion != nil && len(*s.PrimaryRegion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryRegion", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *UpdatePrimaryRegionInput) SetKeyId(v string) *UpdatePrimaryRegionInput { + s.KeyId = &v + return s +} + +// SetPrimaryRegion sets the PrimaryRegion field's value. +func (s *UpdatePrimaryRegionInput) SetPrimaryRegion(v string) *UpdatePrimaryRegionInput { + s.PrimaryRegion = &v + return s +} + +type UpdatePrimaryRegionOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdatePrimaryRegionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdatePrimaryRegionOutput) GoString() string { + return s.String() +} + +type VerifyInput struct { + _ struct{} `type:"structure"` + + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + + // A list of grant tokens. + // + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // Identifies the asymmetric KMS key that will be used to verify the signature. + // This must be the same KMS key that was used to generate the signature. If + // you specify a different KMS key, the signature verification fails. + // + // To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. + // When using an alias name, prefix it with "alias/". To specify a KMS key in + // a different Amazon Web Services account, you must use the key ARN or alias + // ARN. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. + // To get the alias name and alias ARN, use ListAliases. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // Specifies the message that was signed. You can submit a raw message of up + // to 4096 bytes, or a hash digest of the message. If you submit a digest, use + // the MessageType parameter with a value of DIGEST. + // + // If the message specified here is different from the message that was signed, + // the signature verification fails. A message and its hash digest are considered + // to be the same message. + // + // Message is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VerifyInput's + // String and GoString methods. + // + // Message is automatically base64 encoded/decoded by the SDK. + // + // Message is a required field + Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` + + // Tells KMS whether the value of the Message parameter should be hashed as + // part of the signing algorithm. Use RAW for unhashed messages; use DIGEST + // for message digests, which are already hashed. + // + // When the value of MessageType is RAW, KMS uses the standard signing algorithm, + // which begins with a hash function. When the value is DIGEST, KMS skips the + // hashing step in the signing algorithm. + // + // Use the DIGEST value only when the value of the Message parameter is a message + // digest. If you use the DIGEST value with an unhashed message, the security + // of the verification operation can be compromised. + // + // When the value of MessageTypeis DIGEST, the length of the Message value must + // match the length of hashed messages for the specified signing algorithm. + // + // You can submit a message digest and omit the MessageType or specify RAW so + // the digest is hashed again while signing. However, if the signed message + // is hashed once while signing, but twice while verifying, verification fails, + // even when the message hasn't changed. + // + // The hashing algorithm in that Verify uses is based on the SigningAlgorithm + // value. + // + // * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. + // + // * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. + // + // * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. + // + // * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification + // with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). + MessageType *string `type:"string" enum:"MessageType"` + + // The signature that the Sign operation generated. + // Signature is automatically base64 encoded/decoded by the SDK. + // + // Signature is a required field + Signature []byte `min:"1" type:"blob" required:"true"` + + // The signing algorithm that was used to sign the message. If you submit a + // different algorithm, the signature verification fails. + // + // SigningAlgorithm is a required field + SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Message != nil && len(s.Message) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Message", 1)) + } + if s.Signature == nil { + invalidParams.Add(request.NewErrParamRequired("Signature")) + } + if s.Signature != nil && len(s.Signature) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Signature", 1)) + } + if s.SigningAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *VerifyInput) SetDryRun(v bool) *VerifyInput { + s.DryRun = &v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *VerifyInput) SetGrantTokens(v []*string) *VerifyInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *VerifyInput) SetKeyId(v string) *VerifyInput { + s.KeyId = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *VerifyInput) SetMessage(v []byte) *VerifyInput { + s.Message = v + return s +} + +// SetMessageType sets the MessageType field's value. +func (s *VerifyInput) SetMessageType(v string) *VerifyInput { + s.MessageType = &v + return s +} + +// SetSignature sets the Signature field's value. +func (s *VerifyInput) SetSignature(v []byte) *VerifyInput { + s.Signature = v + return s +} + +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *VerifyInput) SetSigningAlgorithm(v string) *VerifyInput { + s.SigningAlgorithm = &v + return s +} + +type VerifyMacInput struct { + _ struct{} `type:"structure"` + + // Checks if your request will succeed. DryRun is an optional parameter. + // + // To learn more about how to use this parameter, see Testing your KMS API calls + // (https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html) + // in the Key Management Service Developer Guide. + DryRun *bool `type:"boolean"` + + // A list of grant tokens. + // + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token) + // in the Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // The KMS key that will be used in the verification. + // + // Enter a key ID of the KMS key that was used to generate the HMAC. If you + // identify a different KMS key, the VerifyMac operation fails. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The HMAC to verify. Enter the HMAC that was generated by the GenerateMac + // operation when you specified the same message, HMAC KMS key, and MAC algorithm + // as the values specified in this request. + // Mac is automatically base64 encoded/decoded by the SDK. + // + // Mac is a required field + Mac []byte `min:"1" type:"blob" required:"true"` + + // The MAC algorithm that will be used in the verification. Enter the same MAC + // algorithm that was used to compute the HMAC. This algorithm must be supported + // by the HMAC KMS key identified by the KeyId parameter. + // + // MacAlgorithm is a required field + MacAlgorithm *string `type:"string" required:"true" enum:"MacAlgorithmSpec"` + + // The message that will be used in the verification. Enter the same message + // that was used to generate the HMAC. + // + // GenerateMac and VerifyMac do not provide special handling for message digests. + // If you generated an HMAC for a hash digest of a message, you must verify + // the HMAC for the same hash digest. + // + // Message is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VerifyMacInput's + // String and GoString methods. + // + // Message is automatically base64 encoded/decoded by the SDK. + // + // Message is a required field + Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifyMacInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifyMacInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Mac == nil { + invalidParams.Add(request.NewErrParamRequired("Mac")) + } + if s.Mac != nil && len(s.Mac) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Mac", 1)) + } + if s.MacAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("MacAlgorithm")) + } + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Message != nil && len(s.Message) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Message", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *VerifyMacInput) SetDryRun(v bool) *VerifyMacInput { + s.DryRun = &v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *VerifyMacInput) SetGrantTokens(v []*string) *VerifyMacInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *VerifyMacInput) SetKeyId(v string) *VerifyMacInput { + s.KeyId = &v + return s +} + +// SetMac sets the Mac field's value. +func (s *VerifyMacInput) SetMac(v []byte) *VerifyMacInput { + s.Mac = v + return s +} + +// SetMacAlgorithm sets the MacAlgorithm field's value. +func (s *VerifyMacInput) SetMacAlgorithm(v string) *VerifyMacInput { + s.MacAlgorithm = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *VerifyMacInput) SetMessage(v []byte) *VerifyMacInput { + s.Message = v + return s +} + +type VerifyMacOutput struct { + _ struct{} `type:"structure"` + + // The HMAC KMS key used in the verification. + KeyId *string `min:"1" type:"string"` + + // The MAC algorithm used in the verification. + MacAlgorithm *string `type:"string" enum:"MacAlgorithmSpec"` + + // A Boolean value that indicates whether the HMAC was verified. A value of + // True indicates that the HMAC (Mac) was generated with the specified Message, + // HMAC KMS key (KeyID) and MacAlgorithm.. + // + // If the HMAC is not verified, the VerifyMac operation fails with a KMSInvalidMacException + // exception. This exception indicates that one or more of the inputs changed + // since the HMAC was computed. + MacValid *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *VerifyMacOutput) SetKeyId(v string) *VerifyMacOutput { + s.KeyId = &v + return s +} + +// SetMacAlgorithm sets the MacAlgorithm field's value. +func (s *VerifyMacOutput) SetMacAlgorithm(v string) *VerifyMacOutput { + s.MacAlgorithm = &v + return s +} + +// SetMacValid sets the MacValid field's value. +func (s *VerifyMacOutput) SetMacValid(v bool) *VerifyMacOutput { + s.MacValid = &v + return s +} + +type VerifyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) + // of the asymmetric KMS key that was used to verify the signature. + KeyId *string `min:"1" type:"string"` + + // A Boolean value that indicates whether the signature was verified. A value + // of True indicates that the Signature was produced by signing the Message + // with the specified KeyID and SigningAlgorithm. If the signature is not verified, + // the Verify operation fails with a KMSInvalidSignatureException exception. + SignatureValid *bool `type:"boolean"` + + // The signing algorithm that was used to verify the signature. + SigningAlgorithm *string `type:"string" enum:"SigningAlgorithmSpec"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *VerifyOutput) SetKeyId(v string) *VerifyOutput { + s.KeyId = &v + return s +} + +// SetSignatureValid sets the SignatureValid field's value. +func (s *VerifyOutput) SetSignatureValid(v bool) *VerifyOutput { + s.SignatureValid = &v + return s +} + +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput { + s.SigningAlgorithm = &v + return s +} + +// The request was rejected because the (XksKeyId) is already associated with +// another KMS key in this external key store. Each KMS key in an external key +// store must be associated with a different external key. +type XksKeyAlreadyInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyAlreadyInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyAlreadyInUseException) GoString() string { + return s.String() +} + +func newErrorXksKeyAlreadyInUseException(v protocol.ResponseMetadata) error { + return &XksKeyAlreadyInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksKeyAlreadyInUseException) Code() string { + return "XksKeyAlreadyInUseException" +} + +// Message returns the exception's message. +func (s *XksKeyAlreadyInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyAlreadyInUseException) OrigErr() error { + return nil +} + +func (s *XksKeyAlreadyInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyAlreadyInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksKeyAlreadyInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Information about the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)that +// is associated with a KMS key in an external key store. +// +// This element appears in a CreateKey or DescribeKey response only for a KMS +// key in an external key store. +// +// The external key is a symmetric encryption key that is hosted by an external +// key manager outside of Amazon Web Services. When you use the KMS key in an +// external key store in a cryptographic operation, the cryptographic operation +// is performed in the external key manager using the specified external key. +// For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) +// in the Key Management Service Developer Guide. +type XksKeyConfigurationType struct { + _ struct{} `type:"structure"` + + // The ID of the external key in its external key manager. This is the ID that + // the external key store proxy uses to identify the external key. + Id *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyConfigurationType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyConfigurationType) GoString() string { + return s.String() +} + +// SetId sets the Id field's value. +func (s *XksKeyConfigurationType) SetId(v string) *XksKeyConfigurationType { + s.Id = &v + return s +} + +// The request was rejected because the external key specified by the XksKeyId +// parameter did not meet the configuration requirements for an external key +// store. +// +// The external key must be an AES-256 symmetric key that is enabled and performs +// encryption and decryption. +type XksKeyInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksKeyInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksKeyInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksKeyInvalidConfigurationException) Code() string { + return "XksKeyInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksKeyInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksKeyInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksKeyInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the external key store proxy could not find +// the external key. This exception is thrown when the value of the XksKeyId +// parameter doesn't identify a key in the external key manager associated with +// the external key proxy. +// +// Verify that the XksKeyId represents an existing key in the external key manager. +// Use the key identifier that the external key store proxy uses to identify +// the key. For details, see the documentation provided with your external key +// store proxy or key manager. +type XksKeyNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyNotFoundException) GoString() string { + return s.String() +} + +func newErrorXksKeyNotFoundException(v protocol.ResponseMetadata) error { + return &XksKeyNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksKeyNotFoundException) Code() string { + return "XksKeyNotFoundException" +} + +// Message returns the exception's message. +func (s *XksKeyNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyNotFoundException) OrigErr() error { + return nil +} + +func (s *XksKeyNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksKeyNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS uses the authentication credential to sign requests that it sends to +// the external key store proxy (XKS proxy) on your behalf. You establish these +// credentials on your external key store proxy and report them to KMS. +// +// The XksProxyAuthenticationCredential includes two required elements. +type XksProxyAuthenticationCredentialType struct { + _ struct{} `type:"structure"` + + // A unique identifier for the raw secret access key. + // + // AccessKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's + // String and GoString methods. + // + // AccessKeyId is a required field + AccessKeyId *string `min:"20" type:"string" required:"true" sensitive:"true"` + + // A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9, + // /, +, and =. + // + // RawSecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's + // String and GoString methods. + // + // RawSecretAccessKey is a required field + RawSecretAccessKey *string `min:"43" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyAuthenticationCredentialType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyAuthenticationCredentialType) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *XksProxyAuthenticationCredentialType) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "XksProxyAuthenticationCredentialType"} + if s.AccessKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("AccessKeyId")) + } + if s.AccessKeyId != nil && len(*s.AccessKeyId) < 20 { + invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 20)) + } + if s.RawSecretAccessKey == nil { + invalidParams.Add(request.NewErrParamRequired("RawSecretAccessKey")) + } + if s.RawSecretAccessKey != nil && len(*s.RawSecretAccessKey) < 43 { + invalidParams.Add(request.NewErrParamMinLen("RawSecretAccessKey", 43)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *XksProxyAuthenticationCredentialType) SetAccessKeyId(v string) *XksProxyAuthenticationCredentialType { + s.AccessKeyId = &v + return s +} + +// SetRawSecretAccessKey sets the RawSecretAccessKey field's value. +func (s *XksProxyAuthenticationCredentialType) SetRawSecretAccessKey(v string) *XksProxyAuthenticationCredentialType { + s.RawSecretAccessKey = &v + return s +} + +// Detailed information about the external key store proxy (XKS proxy). Your +// external key store proxy translates KMS requests into a format that your +// external key manager can understand. These fields appear in a DescribeCustomKeyStores +// response only when the CustomKeyStoreType is EXTERNAL_KEY_STORE. +type XksProxyConfigurationType struct { + _ struct{} `type:"structure"` + + // The part of the external key store proxy authentication credential (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential) + // that uniquely identifies the secret access key. + // + // AccessKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyConfigurationType's + // String and GoString methods. + AccessKeyId *string `min:"20" type:"string" sensitive:"true"` + + // Indicates whether the external key store proxy uses a public endpoint or + // an Amazon VPC endpoint service to communicate with KMS. + Connectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // The URI endpoint for the external key store proxy. + // + // If the external key store proxy has a public endpoint, it is displayed here. + // + // If the external key store proxy uses an Amazon VPC endpoint service name, + // this field displays the private DNS name associated with the VPC endpoint + // service. + UriEndpoint *string `min:"10" type:"string"` + + // The path to the external key store proxy APIs. + UriPath *string `min:"10" type:"string"` + + // The Amazon VPC endpoint service used to communicate with the external key + // store proxy. This field appears only when the external key store proxy uses + // an Amazon VPC endpoint service to communicate with KMS. + VpcEndpointServiceName *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyConfigurationType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyConfigurationType) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *XksProxyConfigurationType) SetAccessKeyId(v string) *XksProxyConfigurationType { + s.AccessKeyId = &v + return s +} + +// SetConnectivity sets the Connectivity field's value. +func (s *XksProxyConfigurationType) SetConnectivity(v string) *XksProxyConfigurationType { + s.Connectivity = &v + return s +} + +// SetUriEndpoint sets the UriEndpoint field's value. +func (s *XksProxyConfigurationType) SetUriEndpoint(v string) *XksProxyConfigurationType { + s.UriEndpoint = &v + return s +} + +// SetUriPath sets the UriPath field's value. +func (s *XksProxyConfigurationType) SetUriPath(v string) *XksProxyConfigurationType { + s.UriPath = &v + return s +} + +// SetVpcEndpointServiceName sets the VpcEndpointServiceName field's value. +func (s *XksProxyConfigurationType) SetVpcEndpointServiceName(v string) *XksProxyConfigurationType { + s.VpcEndpointServiceName = &v + return s +} + +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +type XksProxyIncorrectAuthenticationCredentialException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyIncorrectAuthenticationCredentialException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyIncorrectAuthenticationCredentialException) GoString() string { + return s.String() +} + +func newErrorXksProxyIncorrectAuthenticationCredentialException(v protocol.ResponseMetadata) error { + return &XksProxyIncorrectAuthenticationCredentialException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyIncorrectAuthenticationCredentialException) Code() string { + return "XksProxyIncorrectAuthenticationCredentialException" +} + +// Message returns the exception's message. +func (s *XksProxyIncorrectAuthenticationCredentialException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyIncorrectAuthenticationCredentialException) OrigErr() error { + return nil +} + +func (s *XksProxyIncorrectAuthenticationCredentialException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyIncorrectAuthenticationCredentialException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyIncorrectAuthenticationCredentialException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the external key store proxy is not configured +// correctly. To identify the cause, see the error message that accompanies +// the exception. +type XksProxyInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksProxyInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksProxyInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyInvalidConfigurationException) Code() string { + return "XksProxyInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksProxyInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksProxyInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +type XksProxyInvalidResponseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidResponseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidResponseException) GoString() string { + return s.String() +} + +func newErrorXksProxyInvalidResponseException(v protocol.ResponseMetadata) error { + return &XksProxyInvalidResponseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyInvalidResponseException) Code() string { + return "XksProxyInvalidResponseException" +} + +// Message returns the exception's message. +func (s *XksProxyInvalidResponseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyInvalidResponseException) OrigErr() error { + return nil +} + +func (s *XksProxyInvalidResponseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyInvalidResponseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyInvalidResponseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the XksProxyUriEndpoint is already associated +// with another external key store in this Amazon Web Services Region. To identify +// the cause, see the error message that accompanies the exception. +type XksProxyUriEndpointInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriEndpointInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriEndpointInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriEndpointInUseException(v protocol.ResponseMetadata) error { + return &XksProxyUriEndpointInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriEndpointInUseException) Code() string { + return "XksProxyUriEndpointInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyUriEndpointInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriEndpointInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyUriEndpointInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriEndpointInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriEndpointInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with another external key store +// in this Amazon Web Services Region. Each external key store in a Region must +// use a unique external key store proxy API address. +type XksProxyUriInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriInUseException(v protocol.ResponseMetadata) error { + return &XksProxyUriInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriInUseException) Code() string { + return "XksProxyUriInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyUriInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyUriInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +type XksProxyUriUnreachableException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriUnreachableException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriUnreachableException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriUnreachableException(v protocol.ResponseMetadata) error { + return &XksProxyUriUnreachableException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriUnreachableException) Code() string { + return "XksProxyUriUnreachableException" +} + +// Message returns the exception's message. +func (s *XksProxyUriUnreachableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriUnreachableException) OrigErr() error { + return nil +} + +func (s *XksProxyUriUnreachableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriUnreachableException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriUnreachableException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with another external key store in this Amazon Web +// Services Region. Each external key store in a Region must use a different +// Amazon VPC endpoint service. +type XksProxyVpcEndpointServiceInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyVpcEndpointServiceInUseException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceInUseException) Code() string { + return "XksProxyVpcEndpointServiceInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyVpcEndpointServiceInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} - // Tells AWS KMS whether the value of the Message parameter is a message or - // message digest. The default value, RAW, indicates a message. To indicate - // a message digest, enter DIGEST. - // - // Use the DIGEST value only when the value of the Message parameter is a message - // digest. If you use the DIGEST value with a raw message, the security of the - // verification operation can be compromised. - MessageType *string `type:"string" enum:"MessageType"` +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} - // The signature that the Sign operation generated. - // - // Signature is automatically base64 encoded/decoded by the SDK. - // - // Signature is a required field - Signature []byte `min:"1" type:"blob" required:"true"` +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceInUseException) RequestID() string { + return s.RespMetadata.RequestID +} - // The signing algorithm that was used to sign the message. If you submit a - // different algorithm, the signature verification fails. - // - // SigningAlgorithm is a required field - SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store. To identify +// the cause, see the error message that accompanies the exception and review +// the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +type XksProxyVpcEndpointServiceInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` } -// String returns the string representation -func (s VerifyInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInvalidConfigurationException) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s VerifyInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInvalidConfigurationException) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *VerifyInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "VerifyInput"} - if s.KeyId == nil { - invalidParams.Add(request.NewErrParamRequired("KeyId")) - } - if s.KeyId != nil && len(*s.KeyId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) - } - if s.Message == nil { - invalidParams.Add(request.NewErrParamRequired("Message")) - } - if s.Message != nil && len(s.Message) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Message", 1)) - } - if s.Signature == nil { - invalidParams.Add(request.NewErrParamRequired("Signature")) - } - if s.Signature != nil && len(s.Signature) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Signature", 1)) - } - if s.SigningAlgorithm == nil { - invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) +func newErrorXksProxyVpcEndpointServiceInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceInvalidConfigurationException{ + RespMetadata: v, } +} - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Code() string { + return "XksProxyVpcEndpointServiceInvalidConfigurationException" } -// SetGrantTokens sets the GrantTokens field's value. -func (s *VerifyInput) SetGrantTokens(v []*string) *VerifyInput { - s.GrantTokens = v - return s +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// SetKeyId sets the KeyId field's value. -func (s *VerifyInput) SetKeyId(v string) *VerifyInput { - s.KeyId = &v - return s +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) OrigErr() error { + return nil } -// SetMessage sets the Message field's value. -func (s *VerifyInput) SetMessage(v []byte) *VerifyInput { - s.Message = v - return s +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetMessageType sets the MessageType field's value. -func (s *VerifyInput) SetMessageType(v string) *VerifyInput { - s.MessageType = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetSignature sets the Signature field's value. -func (s *VerifyInput) SetSignature(v []byte) *VerifyInput { - s.Signature = v - return s +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID } -// SetSigningAlgorithm sets the SigningAlgorithm field's value. -func (s *VerifyInput) SetSigningAlgorithm(v string) *VerifyInput { - s.SigningAlgorithm = &v - return s +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +type XksProxyVpcEndpointServiceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` } -type VerifyOutput struct { - _ struct{} `type:"structure"` +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceNotFoundException) String() string { + return awsutil.Prettify(s) +} - // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) - // of the asymmetric CMK that was used to verify the signature. - KeyId *string `min:"1" type:"string"` +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceNotFoundException) GoString() string { + return s.String() +} - // A Boolean value that indicates whether the signature was verified. A value - // of True indicates that the Signature was produced by signing the Message - // with the specified KeyID and SigningAlgorithm. If the signature is not verified, - // the Verify operation fails with a KMSInvalidSignatureException exception. - SignatureValid *bool `type:"boolean"` +func newErrorXksProxyVpcEndpointServiceNotFoundException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceNotFoundException{ + RespMetadata: v, + } +} - // The signing algorithm that was used to verify the signature. - SigningAlgorithm *string `type:"string" enum:"SigningAlgorithmSpec"` +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceNotFoundException) Code() string { + return "XksProxyVpcEndpointServiceNotFoundException" } -// String returns the string representation -func (s VerifyOutput) String() string { - return awsutil.Prettify(s) +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" } -// GoString returns the string representation -func (s VerifyOutput) GoString() string { - return s.String() +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceNotFoundException) OrigErr() error { + return nil } -// SetKeyId sets the KeyId field's value. -func (s *VerifyOutput) SetKeyId(v string) *VerifyOutput { - s.KeyId = &v - return s +func (s *XksProxyVpcEndpointServiceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } -// SetSignatureValid sets the SignatureValid field's value. -func (s *VerifyOutput) SetSignatureValid(v bool) *VerifyOutput { - s.SignatureValid = &v - return s +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode } -// SetSigningAlgorithm sets the SigningAlgorithm field's value. -func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput { - s.SigningAlgorithm = &v - return s +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID } const ( @@ -14538,6 +23208,15 @@ const ( // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" + + // AlgorithmSpecRsaAesKeyWrapSha1 is a AlgorithmSpec enum value + AlgorithmSpecRsaAesKeyWrapSha1 = "RSA_AES_KEY_WRAP_SHA_1" + + // AlgorithmSpecRsaAesKeyWrapSha256 is a AlgorithmSpec enum value + AlgorithmSpecRsaAesKeyWrapSha256 = "RSA_AES_KEY_WRAP_SHA_256" + + // AlgorithmSpecSm2pke is a AlgorithmSpec enum value + AlgorithmSpecSm2pke = "SM2PKE" ) // AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum @@ -14546,6 +23225,9 @@ func AlgorithmSpec_Values() []string { AlgorithmSpecRsaesPkcs1V15, AlgorithmSpecRsaesOaepSha1, AlgorithmSpecRsaesOaepSha256, + AlgorithmSpecRsaAesKeyWrapSha1, + AlgorithmSpecRsaAesKeyWrapSha256, + AlgorithmSpecSm2pke, } } @@ -14576,6 +23258,33 @@ const ( // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND" + + // ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET" + + // ConnectionErrorCodeTypeXksProxyAccessDenied is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyAccessDenied = "XKS_PROXY_ACCESS_DENIED" + + // ConnectionErrorCodeTypeXksProxyNotReachable is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyNotReachable = "XKS_PROXY_NOT_REACHABLE" + + // ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound = "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND" + + // ConnectionErrorCodeTypeXksProxyInvalidResponse is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidResponse = "XKS_PROXY_INVALID_RESPONSE" + + // ConnectionErrorCodeTypeXksProxyInvalidConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidConfiguration = "XKS_PROXY_INVALID_CONFIGURATION" + + // ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration = "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION" + + // ConnectionErrorCodeTypeXksProxyTimedOut is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyTimedOut = "XKS_PROXY_TIMED_OUT" + + // ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration = "XKS_PROXY_INVALID_TLS_CONFIGURATION" ) // ConnectionErrorCodeType_Values returns all elements of the ConnectionErrorCodeType enum @@ -14590,6 +23299,15 @@ func ConnectionErrorCodeType_Values() []string { ConnectionErrorCodeTypeUserNotFound, ConnectionErrorCodeTypeUserLoggedIn, ConnectionErrorCodeTypeSubnetNotFound, + ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet, + ConnectionErrorCodeTypeXksProxyAccessDenied, + ConnectionErrorCodeTypeXksProxyNotReachable, + ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound, + ConnectionErrorCodeTypeXksProxyInvalidResponse, + ConnectionErrorCodeTypeXksProxyInvalidConfiguration, + ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration, + ConnectionErrorCodeTypeXksProxyTimedOut, + ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration, } } @@ -14621,6 +23339,22 @@ func ConnectionStateType_Values() []string { } } +const ( + // CustomKeyStoreTypeAwsCloudhsm is a CustomKeyStoreType enum value + CustomKeyStoreTypeAwsCloudhsm = "AWS_CLOUDHSM" + + // CustomKeyStoreTypeExternalKeyStore is a CustomKeyStoreType enum value + CustomKeyStoreTypeExternalKeyStore = "EXTERNAL_KEY_STORE" +) + +// CustomKeyStoreType_Values returns all elements of the CustomKeyStoreType enum +func CustomKeyStoreType_Values() []string { + return []string{ + CustomKeyStoreTypeAwsCloudhsm, + CustomKeyStoreTypeExternalKeyStore, + } +} + const ( // CustomerMasterKeySpecRsa2048 is a CustomerMasterKeySpec enum value CustomerMasterKeySpecRsa2048 = "RSA_2048" @@ -14645,6 +23379,21 @@ const ( // CustomerMasterKeySpecSymmetricDefault is a CustomerMasterKeySpec enum value CustomerMasterKeySpecSymmetricDefault = "SYMMETRIC_DEFAULT" + + // CustomerMasterKeySpecHmac224 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecHmac224 = "HMAC_224" + + // CustomerMasterKeySpecHmac256 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecHmac256 = "HMAC_256" + + // CustomerMasterKeySpecHmac384 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecHmac384 = "HMAC_384" + + // CustomerMasterKeySpecHmac512 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecHmac512 = "HMAC_512" + + // CustomerMasterKeySpecSm2 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecSm2 = "SM2" ) // CustomerMasterKeySpec_Values returns all elements of the CustomerMasterKeySpec enum @@ -14658,6 +23407,11 @@ func CustomerMasterKeySpec_Values() []string { CustomerMasterKeySpecEccNistP521, CustomerMasterKeySpecEccSecgP256k1, CustomerMasterKeySpecSymmetricDefault, + CustomerMasterKeySpecHmac224, + CustomerMasterKeySpecHmac256, + CustomerMasterKeySpecHmac384, + CustomerMasterKeySpecHmac512, + CustomerMasterKeySpecSm2, } } @@ -14682,6 +23436,9 @@ const ( // DataKeyPairSpecEccSecgP256k1 is a DataKeyPairSpec enum value DataKeyPairSpecEccSecgP256k1 = "ECC_SECG_P256K1" + + // DataKeyPairSpecSm2 is a DataKeyPairSpec enum value + DataKeyPairSpecSm2 = "SM2" ) // DataKeyPairSpec_Values returns all elements of the DataKeyPairSpec enum @@ -14694,6 +23451,7 @@ func DataKeyPairSpec_Values() []string { DataKeyPairSpecEccNistP384, DataKeyPairSpecEccNistP521, DataKeyPairSpecEccSecgP256k1, + DataKeyPairSpecSm2, } } @@ -14722,6 +23480,9 @@ const ( // EncryptionAlgorithmSpecRsaesOaepSha256 is a EncryptionAlgorithmSpec enum value EncryptionAlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" + + // EncryptionAlgorithmSpecSm2pke is a EncryptionAlgorithmSpec enum value + EncryptionAlgorithmSpecSm2pke = "SM2PKE" ) // EncryptionAlgorithmSpec_Values returns all elements of the EncryptionAlgorithmSpec enum @@ -14730,6 +23491,7 @@ func EncryptionAlgorithmSpec_Values() []string { EncryptionAlgorithmSpecSymmetricDefault, EncryptionAlgorithmSpecRsaesOaepSha1, EncryptionAlgorithmSpecRsaesOaepSha256, + EncryptionAlgorithmSpecSm2pke, } } @@ -14791,6 +23553,15 @@ const ( // GrantOperationGenerateDataKeyPairWithoutPlaintext is a GrantOperation enum value GrantOperationGenerateDataKeyPairWithoutPlaintext = "GenerateDataKeyPairWithoutPlaintext" + + // GrantOperationGenerateMac is a GrantOperation enum value + GrantOperationGenerateMac = "GenerateMac" + + // GrantOperationVerifyMac is a GrantOperation enum value + GrantOperationVerifyMac = "VerifyMac" + + // GrantOperationDeriveSharedSecret is a GrantOperation enum value + GrantOperationDeriveSharedSecret = "DeriveSharedSecret" ) // GrantOperation_Values returns all elements of the GrantOperation enum @@ -14810,6 +23581,33 @@ func GrantOperation_Values() []string { GrantOperationDescribeKey, GrantOperationGenerateDataKeyPair, GrantOperationGenerateDataKeyPairWithoutPlaintext, + GrantOperationGenerateMac, + GrantOperationVerifyMac, + GrantOperationDeriveSharedSecret, + } +} + +const ( + // KeyAgreementAlgorithmSpecEcdh is a KeyAgreementAlgorithmSpec enum value + KeyAgreementAlgorithmSpecEcdh = "ECDH" +) + +// KeyAgreementAlgorithmSpec_Values returns all elements of the KeyAgreementAlgorithmSpec enum +func KeyAgreementAlgorithmSpec_Values() []string { + return []string{ + KeyAgreementAlgorithmSpecEcdh, + } +} + +const ( + // KeyEncryptionMechanismRsaesOaepSha256 is a KeyEncryptionMechanism enum value + KeyEncryptionMechanismRsaesOaepSha256 = "RSAES_OAEP_SHA_256" +) + +// KeyEncryptionMechanism_Values returns all elements of the KeyEncryptionMechanism enum +func KeyEncryptionMechanism_Values() []string { + return []string{ + KeyEncryptionMechanismRsaesOaepSha256, } } @@ -14830,6 +23628,69 @@ func KeyManagerType_Values() []string { } const ( + // KeySpecRsa2048 is a KeySpec enum value + KeySpecRsa2048 = "RSA_2048" + + // KeySpecRsa3072 is a KeySpec enum value + KeySpecRsa3072 = "RSA_3072" + + // KeySpecRsa4096 is a KeySpec enum value + KeySpecRsa4096 = "RSA_4096" + + // KeySpecEccNistP256 is a KeySpec enum value + KeySpecEccNistP256 = "ECC_NIST_P256" + + // KeySpecEccNistP384 is a KeySpec enum value + KeySpecEccNistP384 = "ECC_NIST_P384" + + // KeySpecEccNistP521 is a KeySpec enum value + KeySpecEccNistP521 = "ECC_NIST_P521" + + // KeySpecEccSecgP256k1 is a KeySpec enum value + KeySpecEccSecgP256k1 = "ECC_SECG_P256K1" + + // KeySpecSymmetricDefault is a KeySpec enum value + KeySpecSymmetricDefault = "SYMMETRIC_DEFAULT" + + // KeySpecHmac224 is a KeySpec enum value + KeySpecHmac224 = "HMAC_224" + + // KeySpecHmac256 is a KeySpec enum value + KeySpecHmac256 = "HMAC_256" + + // KeySpecHmac384 is a KeySpec enum value + KeySpecHmac384 = "HMAC_384" + + // KeySpecHmac512 is a KeySpec enum value + KeySpecHmac512 = "HMAC_512" + + // KeySpecSm2 is a KeySpec enum value + KeySpecSm2 = "SM2" +) + +// KeySpec_Values returns all elements of the KeySpec enum +func KeySpec_Values() []string { + return []string{ + KeySpecRsa2048, + KeySpecRsa3072, + KeySpecRsa4096, + KeySpecEccNistP256, + KeySpecEccNistP384, + KeySpecEccNistP521, + KeySpecEccSecgP256k1, + KeySpecSymmetricDefault, + KeySpecHmac224, + KeySpecHmac256, + KeySpecHmac384, + KeySpecHmac512, + KeySpecSm2, + } +} + +const ( + // KeyStateCreating is a KeyState enum value + KeyStateCreating = "Creating" + // KeyStateEnabled is a KeyState enum value KeyStateEnabled = "Enabled" @@ -14842,18 +23703,27 @@ const ( // KeyStatePendingImport is a KeyState enum value KeyStatePendingImport = "PendingImport" + // KeyStatePendingReplicaDeletion is a KeyState enum value + KeyStatePendingReplicaDeletion = "PendingReplicaDeletion" + // KeyStateUnavailable is a KeyState enum value KeyStateUnavailable = "Unavailable" + + // KeyStateUpdating is a KeyState enum value + KeyStateUpdating = "Updating" ) // KeyState_Values returns all elements of the KeyState enum func KeyState_Values() []string { return []string{ + KeyStateCreating, KeyStateEnabled, KeyStateDisabled, KeyStatePendingDeletion, KeyStatePendingImport, + KeyStatePendingReplicaDeletion, KeyStateUnavailable, + KeyStateUpdating, } } @@ -14863,6 +23733,12 @@ const ( // KeyUsageTypeEncryptDecrypt is a KeyUsageType enum value KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT" + + // KeyUsageTypeGenerateVerifyMac is a KeyUsageType enum value + KeyUsageTypeGenerateVerifyMac = "GENERATE_VERIFY_MAC" + + // KeyUsageTypeKeyAgreement is a KeyUsageType enum value + KeyUsageTypeKeyAgreement = "KEY_AGREEMENT" ) // KeyUsageType_Values returns all elements of the KeyUsageType enum @@ -14870,6 +23746,32 @@ func KeyUsageType_Values() []string { return []string{ KeyUsageTypeSignVerify, KeyUsageTypeEncryptDecrypt, + KeyUsageTypeGenerateVerifyMac, + KeyUsageTypeKeyAgreement, + } +} + +const ( + // MacAlgorithmSpecHmacSha224 is a MacAlgorithmSpec enum value + MacAlgorithmSpecHmacSha224 = "HMAC_SHA_224" + + // MacAlgorithmSpecHmacSha256 is a MacAlgorithmSpec enum value + MacAlgorithmSpecHmacSha256 = "HMAC_SHA_256" + + // MacAlgorithmSpecHmacSha384 is a MacAlgorithmSpec enum value + MacAlgorithmSpecHmacSha384 = "HMAC_SHA_384" + + // MacAlgorithmSpecHmacSha512 is a MacAlgorithmSpec enum value + MacAlgorithmSpecHmacSha512 = "HMAC_SHA_512" +) + +// MacAlgorithmSpec_Values returns all elements of the MacAlgorithmSpec enum +func MacAlgorithmSpec_Values() []string { + return []string{ + MacAlgorithmSpecHmacSha224, + MacAlgorithmSpecHmacSha256, + MacAlgorithmSpecHmacSha384, + MacAlgorithmSpecHmacSha512, } } @@ -14889,6 +23791,22 @@ func MessageType_Values() []string { } } +const ( + // MultiRegionKeyTypePrimary is a MultiRegionKeyType enum value + MultiRegionKeyTypePrimary = "PRIMARY" + + // MultiRegionKeyTypeReplica is a MultiRegionKeyType enum value + MultiRegionKeyTypeReplica = "REPLICA" +) + +// MultiRegionKeyType_Values returns all elements of the MultiRegionKeyType enum +func MultiRegionKeyType_Values() []string { + return []string{ + MultiRegionKeyTypePrimary, + MultiRegionKeyTypeReplica, + } +} + const ( // OriginTypeAwsKms is a OriginType enum value OriginTypeAwsKms = "AWS_KMS" @@ -14898,6 +23816,9 @@ const ( // OriginTypeAwsCloudhsm is a OriginType enum value OriginTypeAwsCloudhsm = "AWS_CLOUDHSM" + + // OriginTypeExternalKeyStore is a OriginType enum value + OriginTypeExternalKeyStore = "EXTERNAL_KEY_STORE" ) // OriginType_Values returns all elements of the OriginType enum @@ -14906,6 +23827,23 @@ func OriginType_Values() []string { OriginTypeAwsKms, OriginTypeExternal, OriginTypeAwsCloudhsm, + OriginTypeExternalKeyStore, + } +} + +const ( + // RotationTypeAutomatic is a RotationType enum value + RotationTypeAutomatic = "AUTOMATIC" + + // RotationTypeOnDemand is a RotationType enum value + RotationTypeOnDemand = "ON_DEMAND" +) + +// RotationType_Values returns all elements of the RotationType enum +func RotationType_Values() []string { + return []string{ + RotationTypeAutomatic, + RotationTypeOnDemand, } } @@ -14936,6 +23874,9 @@ const ( // SigningAlgorithmSpecEcdsaSha512 is a SigningAlgorithmSpec enum value SigningAlgorithmSpecEcdsaSha512 = "ECDSA_SHA_512" + + // SigningAlgorithmSpecSm2dsa is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecSm2dsa = "SM2DSA" ) // SigningAlgorithmSpec_Values returns all elements of the SigningAlgorithmSpec enum @@ -14950,17 +23891,46 @@ func SigningAlgorithmSpec_Values() []string { SigningAlgorithmSpecEcdsaSha256, SigningAlgorithmSpecEcdsaSha384, SigningAlgorithmSpecEcdsaSha512, + SigningAlgorithmSpecSm2dsa, } } const ( // WrappingKeySpecRsa2048 is a WrappingKeySpec enum value WrappingKeySpecRsa2048 = "RSA_2048" + + // WrappingKeySpecRsa3072 is a WrappingKeySpec enum value + WrappingKeySpecRsa3072 = "RSA_3072" + + // WrappingKeySpecRsa4096 is a WrappingKeySpec enum value + WrappingKeySpecRsa4096 = "RSA_4096" + + // WrappingKeySpecSm2 is a WrappingKeySpec enum value + WrappingKeySpecSm2 = "SM2" ) // WrappingKeySpec_Values returns all elements of the WrappingKeySpec enum func WrappingKeySpec_Values() []string { return []string{ WrappingKeySpecRsa2048, + WrappingKeySpecRsa3072, + WrappingKeySpecRsa4096, + WrappingKeySpecSm2, + } +} + +const ( + // XksProxyConnectivityTypePublicEndpoint is a XksProxyConnectivityType enum value + XksProxyConnectivityTypePublicEndpoint = "PUBLIC_ENDPOINT" + + // XksProxyConnectivityTypeVpcEndpointService is a XksProxyConnectivityType enum value + XksProxyConnectivityTypeVpcEndpointService = "VPC_ENDPOINT_SERVICE" +) + +// XksProxyConnectivityType_Values returns all elements of the XksProxyConnectivityType enum +func XksProxyConnectivityType_Values() []string { + return []string{ + XksProxyConnectivityTypePublicEndpoint, + XksProxyConnectivityTypeVpcEndpointService, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go index c4c212502..babb91fc8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go @@ -3,84 +3,99 @@ // Package kms provides the client and types for making API // requests to AWS Key Management Service. // -// AWS Key Management Service (AWS KMS) is an encryption and key management -// web service. This guide describes the AWS KMS operations that you can call -// programmatically. For general information about AWS KMS, see the AWS Key -// Management Service Developer Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). -// -// AWS provides SDKs that consist of libraries and sample code for various programming -// languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs -// provide a convenient way to create programmatic access to AWS KMS and other -// AWS services. For example, the SDKs take care of tasks such as signing requests -// (see below), managing errors, and retrying requests automatically. For more -// information about the AWS SDKs, including how to download and install them, -// see Tools for Amazon Web Services (http://aws.amazon.com/tools/). -// -// We recommend that you use the AWS SDKs to make programmatic API calls to -// AWS KMS. -// -// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS -// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy -// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral -// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support -// these modes. -// -// Signing Requests -// -// Requests must be signed by using an access key ID and a secret access key. -// We strongly recommend that you do not use your AWS account (root) access -// key ID and secret key for everyday work with AWS KMS. Instead, use the access -// key ID and secret access key for an IAM user. You can also use the AWS Security -// Token Service to generate temporary security credentials that you can use +// Key Management Service (KMS) is an encryption and key management web service. +// This guide describes the KMS operations that you can call programmatically. +// For general information about KMS, see the Key Management Service Developer +// Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). +// +// KMS has replaced the term customer master key (CMK) with KMS key and KMS +// key. The concept has not changed. To prevent breaking changes, KMS is keeping +// some variations of this term. +// +// Amazon Web Services provides SDKs that consist of libraries and sample code +// for various programming languages and platforms (Java, Ruby, .Net, macOS, +// Android, etc.). The SDKs provide a convenient way to create programmatic +// access to KMS and other Amazon Web Services services. For example, the SDKs +// take care of tasks such as signing requests (see below), managing errors, +// and retrying requests automatically. For more information about the Amazon +// Web Services SDKs, including how to download and install them, see Tools +// for Amazon Web Services (http://aws.amazon.com/tools/). +// +// We recommend that you use the Amazon Web Services SDKs to make programmatic +// API calls to KMS. +// +// If you need to use FIPS 140-2 validated cryptographic modules when communicating +// with Amazon Web Services, use the FIPS endpoint in your preferred Amazon +// Web Services Region. For more information about the available FIPS endpoints, +// see Service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) +// in the Key Management Service topic of the Amazon Web Services General Reference. +// +// All KMS API calls must be signed and be transmitted using Transport Layer +// Security (TLS). KMS recommends you always use the latest supported TLS version. +// Clients must also support cipher suites with Perfect Forward Secrecy (PFS) +// such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman +// (ECDHE). Most modern systems such as Java 7 and later support these modes. +// +// # Signing Requests +// +// Requests must be signed using an access key ID and a secret access key. We +// strongly recommend that you do not use your Amazon Web Services account root +// access key ID and secret access key for everyday work. You can use the access +// key ID and secret access key for an IAM user or you can use the Security +// Token Service (STS) to generate temporary security credentials and use those // to sign requests. // -// All AWS KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// All KMS requests must be signed with Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // -// Logging API Requests +// # Logging API Requests // -// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related -// events for your AWS account and delivers them to an Amazon S3 bucket that -// you specify. By using the information collected by CloudTrail, you can determine -// what requests were made to AWS KMS, who made the request, when it was made, -// and so on. To learn more about CloudTrail, including how to turn it on and -// find your log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +// KMS supports CloudTrail, a service that logs Amazon Web Services API calls +// and related events for your Amazon Web Services account and delivers them +// to an Amazon S3 bucket that you specify. By using the information collected +// by CloudTrail, you can determine what requests were made to KMS, who made +// the request, when it was made, and so on. To learn more about CloudTrail, +// including how to turn it on and find your log files, see the CloudTrail User +// Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). // -// Additional Resources +// # Additional Resources // // For more information about credentials and request signing, see the following: // -// * AWS Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) -// - This topic provides general information about the types of credentials -// used for accessing AWS. +// - Amazon Web Services Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) // -// * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) -// - This section of the IAM User Guide describes how to create and use temporary -// security credentials. +// - This topic provides general information about the types of credentials +// used to access Amazon Web Services. // -// * Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) -// - This set of topics walks you through the process of signing a request -// using an access key ID and a secret access key. +// - Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) // -// Commonly Used API Operations +// - This section of the IAM User Guide describes how to create and use temporary +// security credentials. +// +// - Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) +// +// - This set of topics walks you through the process of signing a request +// using an access key ID and a secret access key. +// +// # Commonly Used API Operations // // Of the API operations discussed in this guide, the following will prove the // most useful for most applications. You will likely perform operations other // than these, such as creating keys and assigning policies, by using the console. // -// * Encrypt +// - Encrypt // -// * Decrypt +// - Decrypt // -// * GenerateDataKey +// - GenerateDataKey // -// * GenerateDataKeyWithoutPlaintext +// - GenerateDataKeyWithoutPlaintext // // See https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01 for more information on this service. // // See kms package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/kms/ // -// Using the Client +// # Using the Client // // To contact AWS Key Management Service with the SDK use the New function to create // a new service client. With that client you can make API requests to the service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go index 911bf576e..993fd2386 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go @@ -18,93 +18,99 @@ const ( // ErrCodeCloudHsmClusterInUseException for service response error code // "CloudHsmClusterInUseException". // - // The request was rejected because the specified AWS CloudHSM cluster is already - // associated with a custom key store or it shares a backup history with a cluster - // that is associated with a custom key store. Each custom key store must be - // associated with a different AWS CloudHSM cluster. - // - // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // The request was rejected because the specified CloudHSM cluster is already + // associated with an CloudHSM key store in the account, or it shares a backup + // history with an CloudHSM key store in the account. Each CloudHSM key store + // in the account must be associated with a different CloudHSM cluster. + // + // CloudHSM clusters that share a backup history have the same cluster certificate. + // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException" // ErrCodeCloudHsmClusterInvalidConfigurationException for service response error code // "CloudHsmClusterInvalidConfigurationException". // - // The request was rejected because the associated AWS CloudHSM cluster did - // not meet the configuration requirements for a custom key store. + // The request was rejected because the associated CloudHSM cluster did not + // meet the configuration requirements for an CloudHSM key store. // - // * The cluster must be configured with private subnets in at least two - // different Availability Zones in the Region. + // * The CloudHSM cluster must be configured with private subnets in at least + // two different Availability Zones in the Region. // // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security - // group ID. These rules are set by default when you create the cluster. - // Do not delete or change them. To get information about a particular security - // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) + // group ID. These rules are set by default when you create the CloudHSM + // cluster. Do not delete or change them. To get information about a particular + // security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // - // * The cluster must contain at least as many HSMs as the operation requires. - // To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) + // * The CloudHSM cluster must contain at least as many HSMs as the operation + // requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey - // operations, the AWS CloudHSM cluster must have at least two active HSMs, - // each in a different Availability Zone. For the ConnectCustomKeyStore operation, - // the AWS CloudHSM must contain at least one active HSM. - // - // For information about the requirements for an AWS CloudHSM cluster that is - // associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) - // in the AWS Key Management Service Developer Guide. For information about - // creating a private subnet for an AWS CloudHSM cluster, see Create a Private - // Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) - // in the AWS CloudHSM User Guide. For information about cluster security groups, + // operations, the CloudHSM cluster must have at least two active HSMs, each + // in a different Availability Zone. For the ConnectCustomKeyStore operation, + // the CloudHSM must contain at least one active HSM. + // + // For information about the requirements for an CloudHSM cluster that is associated + // with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) + // in the Key Management Service Developer Guide. For information about creating + // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) + // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) - // in the AWS CloudHSM User Guide . + // in the CloudHSM User Guide . ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException" // ErrCodeCloudHsmClusterNotActiveException for service response error code // "CloudHsmClusterNotActiveException". // - // The request was rejected because the AWS CloudHSM cluster that is associated - // with the custom key store is not active. Initialize and activate the cluster - // and try the command again. For detailed instructions, see Getting Started - // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) - // in the AWS CloudHSM User Guide. + // The request was rejected because the CloudHSM cluster associated with the + // CloudHSM key store is not active. Initialize and activate the cluster and + // try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) + // in the CloudHSM User Guide. ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException" // ErrCodeCloudHsmClusterNotFoundException for service response error code // "CloudHsmClusterNotFoundException". // - // The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster - // with the specified cluster ID. Retry the request with a different cluster - // ID. + // The request was rejected because KMS cannot find the CloudHSM cluster with + // the specified cluster ID. Retry the request with a different cluster ID. ErrCodeCloudHsmClusterNotFoundException = "CloudHsmClusterNotFoundException" // ErrCodeCloudHsmClusterNotRelatedException for service response error code // "CloudHsmClusterNotRelatedException". // - // The request was rejected because the specified AWS CloudHSM cluster has a - // different cluster certificate than the original cluster. You cannot use the - // operation to specify an unrelated cluster. + // The request was rejected because the specified CloudHSM cluster has a different + // cluster certificate than the original cluster. You cannot use the operation + // to specify an unrelated cluster for an CloudHSM key store. // - // Specify a cluster that shares a backup history with the original cluster. - // This includes clusters that were created from a backup of the current cluster, - // and clusters that were created from the same backup that produced the current - // cluster. + // Specify an CloudHSM cluster that shares a backup history with the original + // cluster. This includes clusters that were created from a backup of the current + // cluster, and clusters that were created from the same backup that produced + // the current cluster. // - // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // CloudHSM clusters that share a backup history have the same cluster certificate. + // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException" + // ErrCodeConflictException for service response error code + // "ConflictException". + // + // The request was rejected because an automatic rotation of this key is currently + // in progress or scheduled to begin within the next 20 minutes. + ErrCodeConflictException = "ConflictException" + // ErrCodeCustomKeyStoreHasCMKsException for service response error code // "CustomKeyStoreHasCMKsException". // - // The request was rejected because the custom key store contains AWS KMS customer - // master keys (CMKs). After verifying that you do not need to use the CMKs, - // use the ScheduleKeyDeletion operation to delete the CMKs. After they are - // deleted, you can delete the custom key store. + // The request was rejected because the custom key store contains KMS keys. + // After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion + // operation to delete the KMS keys. After they are deleted, you can delete + // the custom key store. ErrCodeCustomKeyStoreHasCMKsException = "CustomKeyStoreHasCMKsException" // ErrCodeCustomKeyStoreInvalidStateException for service response error code @@ -116,17 +122,27 @@ const ( // // This exception is thrown under the following conditions: // - // * You requested the CreateKey or GenerateRandom operation in a custom - // key store that is not connected. These operations are valid only when - // the custom key store ConnectionState is CONNECTED. + // * You requested the ConnectCustomKeyStore operation on a custom key store + // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid + // for all other ConnectionState values. To reconnect a custom key store + // in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect + // it (ConnectCustomKeyStore). + // + // * You requested the CreateKey operation in a custom key store that is + // not connected. This operations is valid only when the custom key store + // ConnectionState is CONNECTED. + // + // * You requested the DisconnectCustomKeyStore operation on a custom key + // store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation + // is valid for all other ConnectionState values. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // - // * You requested the ConnectCustomKeyStore operation on a custom key store - // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid - // for all other ConnectionState values. + // * You requested the GenerateRandom operation in an CloudHSM key store + // that is not connected. This operation is valid only when the CloudHSM + // key store ConnectionState is CONNECTED. ErrCodeCustomKeyStoreInvalidStateException = "CustomKeyStoreInvalidStateException" // ErrCodeCustomKeyStoreNameInUseException for service response error code @@ -140,23 +156,29 @@ const ( // ErrCodeCustomKeyStoreNotFoundException for service response error code // "CustomKeyStoreNotFoundException". // - // The request was rejected because AWS KMS cannot find a custom key store with + // The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. ErrCodeCustomKeyStoreNotFoundException = "CustomKeyStoreNotFoundException" // ErrCodeDependencyTimeoutException for service response error code // "DependencyTimeoutException". // - // The system timed out while trying to fulfill the request. The request can - // be retried. + // The system timed out while trying to fulfill the request. You can retry the + // request. ErrCodeDependencyTimeoutException = "DependencyTimeoutException" // ErrCodeDisabledException for service response error code // "DisabledException". // - // The request was rejected because the specified CMK is not enabled. + // The request was rejected because the specified KMS key is not enabled. ErrCodeDisabledException = "DisabledException" + // ErrCodeDryRunOperationException for service response error code + // "DryRunOperationException". + // + // The request was rejected because the DryRun parameter was specified. + ErrCodeDryRunOperationException = "DryRunOperationException" + // ErrCodeExpiredImportTokenException for service response error code // "ExpiredImportTokenException". // @@ -168,9 +190,9 @@ const ( // ErrCodeIncorrectKeyException for service response error code // "IncorrectKeyException". // - // The request was rejected because the specified CMK cannot decrypt the data. - // The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request - // must identify the same CMK that was used to encrypt the ciphertext. + // The request was rejected because the specified KMS key cannot decrypt the + // data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request + // must identify the same KMS key that was used to encrypt the ciphertext. ErrCodeIncorrectKeyException = "IncorrectKeyException" // ErrCodeIncorrectKeyMaterialException for service response error code @@ -178,16 +200,17 @@ const ( // // The request was rejected because the key material in the request is, expired, // invalid, or is not the same key material that was previously imported into - // this customer master key (CMK). + // this KMS key. ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException" // ErrCodeIncorrectTrustAnchorException for service response error code // "IncorrectTrustAnchorException". // // The request was rejected because the trust anchor certificate in the request - // is not the trust anchor certificate for the specified AWS CloudHSM cluster. + // to create an CloudHSM key store is not the trust anchor certificate for the + // specified CloudHSM cluster. // - // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException" @@ -220,8 +243,8 @@ const ( // the ciphertext, such as the encryption context, is corrupted, missing, or // otherwise invalid. // - // From the ImportKeyMaterial operation, the request was rejected because AWS - // KMS could not decrypt the encrypted (wrapped) key material. + // From the ImportKeyMaterial operation, the request was rejected because KMS + // could not decrypt the encrypted (wrapped) key material. ErrCodeInvalidCiphertextException = "InvalidCiphertextException" // ErrCodeInvalidGrantIdException for service response error code @@ -240,7 +263,7 @@ const ( // "InvalidImportTokenException". // // The request was rejected because the provided import token is invalid or - // is associated with a different customer master key (CMK). + // is associated with a different KMS key. ErrCodeInvalidImportTokenException = "InvalidImportTokenException" // ErrCodeInvalidKeyUsageException for service response error code @@ -248,17 +271,20 @@ const ( // // The request was rejected for one of the following reasons: // - // * The KeyUsage value of the CMK is incompatible with the API operation. + // * The KeyUsage value of the KMS key is incompatible with the API operation. // // * The encryption algorithm or signing algorithm specified for the operation - // is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). + // is incompatible with the type of key material in the KMS key (KeySpec). // // For encrypting, decrypting, re-encrypting, and generating data keys, the - // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage - // must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. - // - // To find the encryption or signing algorithms supported for a particular CMK, - // use the DescribeKey operation. + // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the + // KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication + // codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. For deriving key + // agreement secrets, the KeyUsage must be KEY_AGREEMENT. To find the KeyUsage + // of a KMS key, use the DescribeKey operation. + // + // To find the encryption or signing algorithms supported for a particular KMS + // key, use the DescribeKey operation. ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException" // ErrCodeInvalidMarkerException for service response error code @@ -274,24 +300,40 @@ const ( // The request was rejected because the state of the specified resource is not // valid for this request. // - // For more information about how key state affects the use of a CMK, see How - // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the AWS Key Management Service Developer Guide . + // This exceptions means one of the following: + // + // * The key state of the KMS key is not compatible with the operation. To + // find the key state, use the DescribeKey operation. For more information + // about which key states are compatible with each KMS operation, see Key + // states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide . + // + // * For cryptographic operations on KMS keys in custom key stores, this + // exception represents a general failure with many possible causes. To identify + // the cause, see the error message that accompanies the exception. ErrCodeInvalidStateException = "KMSInvalidStateException" + // ErrCodeKMSInvalidMacException for service response error code + // "KMSInvalidMacException". + // + // The request was rejected because the HMAC verification failed. HMAC verification + // fails when the HMAC computed by using the specified message, HMAC KMS key, + // and MAC algorithm does not match the HMAC specified in the request. + ErrCodeKMSInvalidMacException = "KMSInvalidMacException" + // ErrCodeKMSInvalidSignatureException for service response error code // "KMSInvalidSignatureException". // // The request was rejected because the signature verification failed. Signature // verification fails when it cannot confirm that signature was produced by - // signing the specified message with the specified CMK and signing algorithm. + // signing the specified message with the specified KMS key and signing algorithm. ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException" // ErrCodeKeyUnavailableException for service response error code // "KeyUnavailableException". // - // The request was rejected because the specified CMK was not available. You - // can retry the request. + // The request was rejected because the specified KMS key was not available. + // You can retry the request. ErrCodeKeyUnavailableException = "KeyUnavailableException" // ErrCodeLimitExceededException for service response error code @@ -299,7 +341,7 @@ const ( // // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) - // in the AWS Key Management Service Developer Guide. + // in the Key Management Service Developer Guide. ErrCodeLimitExceededException = "LimitExceededException" // ErrCodeMalformedPolicyDocumentException for service response error code @@ -328,40 +370,173 @@ const ( // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. ErrCodeUnsupportedOperationException = "UnsupportedOperationException" + + // ErrCodeXksKeyAlreadyInUseException for service response error code + // "XksKeyAlreadyInUseException". + // + // The request was rejected because the (XksKeyId) is already associated with + // another KMS key in this external key store. Each KMS key in an external key + // store must be associated with a different external key. + ErrCodeXksKeyAlreadyInUseException = "XksKeyAlreadyInUseException" + + // ErrCodeXksKeyInvalidConfigurationException for service response error code + // "XksKeyInvalidConfigurationException". + // + // The request was rejected because the external key specified by the XksKeyId + // parameter did not meet the configuration requirements for an external key + // store. + // + // The external key must be an AES-256 symmetric key that is enabled and performs + // encryption and decryption. + ErrCodeXksKeyInvalidConfigurationException = "XksKeyInvalidConfigurationException" + + // ErrCodeXksKeyNotFoundException for service response error code + // "XksKeyNotFoundException". + // + // The request was rejected because the external key store proxy could not find + // the external key. This exception is thrown when the value of the XksKeyId + // parameter doesn't identify a key in the external key manager associated with + // the external key proxy. + // + // Verify that the XksKeyId represents an existing key in the external key manager. + // Use the key identifier that the external key store proxy uses to identify + // the key. For details, see the documentation provided with your external key + // store proxy or key manager. + ErrCodeXksKeyNotFoundException = "XksKeyNotFoundException" + + // ErrCodeXksProxyIncorrectAuthenticationCredentialException for service response error code + // "XksProxyIncorrectAuthenticationCredentialException". + // + // The request was rejected because the proxy credentials failed to authenticate + // to the specified external key store proxy. The specified external key store + // proxy rejected a status request from KMS due to invalid credentials. This + // can indicate an error in the credentials or in the identification of the + // external key store proxy. + ErrCodeXksProxyIncorrectAuthenticationCredentialException = "XksProxyIncorrectAuthenticationCredentialException" + + // ErrCodeXksProxyInvalidConfigurationException for service response error code + // "XksProxyInvalidConfigurationException". + // + // The request was rejected because the external key store proxy is not configured + // correctly. To identify the cause, see the error message that accompanies + // the exception. + ErrCodeXksProxyInvalidConfigurationException = "XksProxyInvalidConfigurationException" + + // ErrCodeXksProxyInvalidResponseException for service response error code + // "XksProxyInvalidResponseException". + // + // + // KMS cannot interpret the response it received from the external key store + // proxy. The problem might be a poorly constructed response, but it could also + // be a transient network issue. If you see this error repeatedly, report it + // to the proxy vendor. + ErrCodeXksProxyInvalidResponseException = "XksProxyInvalidResponseException" + + // ErrCodeXksProxyUriEndpointInUseException for service response error code + // "XksProxyUriEndpointInUseException". + // + // The request was rejected because the XksProxyUriEndpoint is already associated + // with another external key store in this Amazon Web Services Region. To identify + // the cause, see the error message that accompanies the exception. + ErrCodeXksProxyUriEndpointInUseException = "XksProxyUriEndpointInUseException" + + // ErrCodeXksProxyUriInUseException for service response error code + // "XksProxyUriInUseException". + // + // The request was rejected because the concatenation of the XksProxyUriEndpoint + // and XksProxyUriPath is already associated with another external key store + // in this Amazon Web Services Region. Each external key store in a Region must + // use a unique external key store proxy API address. + ErrCodeXksProxyUriInUseException = "XksProxyUriInUseException" + + // ErrCodeXksProxyUriUnreachableException for service response error code + // "XksProxyUriUnreachableException". + // + // KMS was unable to reach the specified XksProxyUriPath. The path must be reachable + // before you create the external key store or update its settings. + // + // This exception is also thrown when the external key store proxy response + // to a GetHealthStatus request indicates that all external key manager instances + // are unavailable. + ErrCodeXksProxyUriUnreachableException = "XksProxyUriUnreachableException" + + // ErrCodeXksProxyVpcEndpointServiceInUseException for service response error code + // "XksProxyVpcEndpointServiceInUseException". + // + // The request was rejected because the specified Amazon VPC endpoint service + // is already associated with another external key store in this Amazon Web + // Services Region. Each external key store in a Region must use a different + // Amazon VPC endpoint service. + ErrCodeXksProxyVpcEndpointServiceInUseException = "XksProxyVpcEndpointServiceInUseException" + + // ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException for service response error code + // "XksProxyVpcEndpointServiceInvalidConfigurationException". + // + // The request was rejected because the Amazon VPC endpoint service configuration + // does not fulfill the requirements for an external key store. To identify + // the cause, see the error message that accompanies the exception and review + // the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) + // for Amazon VPC endpoint service connectivity for an external key store. + ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException = "XksProxyVpcEndpointServiceInvalidConfigurationException" + + // ErrCodeXksProxyVpcEndpointServiceNotFoundException for service response error code + // "XksProxyVpcEndpointServiceNotFoundException". + // + // The request was rejected because KMS could not find the specified VPC endpoint + // service. Use DescribeCustomKeyStores to verify the VPC endpoint service name + // for the external key store. Also, confirm that the Allow principals list + // for the VPC endpoint service includes the KMS service principal for the Region, + // such as cks.kms.us-east-1.amazonaws.com. + ErrCodeXksProxyVpcEndpointServiceNotFoundException = "XksProxyVpcEndpointServiceNotFoundException" ) var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ - "AlreadyExistsException": newErrorAlreadyExistsException, - "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException, - "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException, - "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException, - "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException, - "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException, - "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException, - "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException, - "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException, - "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException, - "DependencyTimeoutException": newErrorDependencyTimeoutException, - "DisabledException": newErrorDisabledException, - "ExpiredImportTokenException": newErrorExpiredImportTokenException, - "IncorrectKeyException": newErrorIncorrectKeyException, - "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException, - "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException, - "KMSInternalException": newErrorInternalException, - "InvalidAliasNameException": newErrorInvalidAliasNameException, - "InvalidArnException": newErrorInvalidArnException, - "InvalidCiphertextException": newErrorInvalidCiphertextException, - "InvalidGrantIdException": newErrorInvalidGrantIdException, - "InvalidGrantTokenException": newErrorInvalidGrantTokenException, - "InvalidImportTokenException": newErrorInvalidImportTokenException, - "InvalidKeyUsageException": newErrorInvalidKeyUsageException, - "InvalidMarkerException": newErrorInvalidMarkerException, - "KMSInvalidStateException": newErrorInvalidStateException, - "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException, - "KeyUnavailableException": newErrorKeyUnavailableException, - "LimitExceededException": newErrorLimitExceededException, - "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, - "NotFoundException": newErrorNotFoundException, - "TagException": newErrorTagException, - "UnsupportedOperationException": newErrorUnsupportedOperationException, + "AlreadyExistsException": newErrorAlreadyExistsException, + "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException, + "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException, + "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException, + "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException, + "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException, + "ConflictException": newErrorConflictException, + "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException, + "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException, + "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException, + "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException, + "DependencyTimeoutException": newErrorDependencyTimeoutException, + "DisabledException": newErrorDisabledException, + "DryRunOperationException": newErrorDryRunOperationException, + "ExpiredImportTokenException": newErrorExpiredImportTokenException, + "IncorrectKeyException": newErrorIncorrectKeyException, + "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException, + "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException, + "KMSInternalException": newErrorInternalException, + "InvalidAliasNameException": newErrorInvalidAliasNameException, + "InvalidArnException": newErrorInvalidArnException, + "InvalidCiphertextException": newErrorInvalidCiphertextException, + "InvalidGrantIdException": newErrorInvalidGrantIdException, + "InvalidGrantTokenException": newErrorInvalidGrantTokenException, + "InvalidImportTokenException": newErrorInvalidImportTokenException, + "InvalidKeyUsageException": newErrorInvalidKeyUsageException, + "InvalidMarkerException": newErrorInvalidMarkerException, + "KMSInvalidStateException": newErrorInvalidStateException, + "KMSInvalidMacException": newErrorKMSInvalidMacException, + "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException, + "KeyUnavailableException": newErrorKeyUnavailableException, + "LimitExceededException": newErrorLimitExceededException, + "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, + "NotFoundException": newErrorNotFoundException, + "TagException": newErrorTagException, + "UnsupportedOperationException": newErrorUnsupportedOperationException, + "XksKeyAlreadyInUseException": newErrorXksKeyAlreadyInUseException, + "XksKeyInvalidConfigurationException": newErrorXksKeyInvalidConfigurationException, + "XksKeyNotFoundException": newErrorXksKeyNotFoundException, + "XksProxyIncorrectAuthenticationCredentialException": newErrorXksProxyIncorrectAuthenticationCredentialException, + "XksProxyInvalidConfigurationException": newErrorXksProxyInvalidConfigurationException, + "XksProxyInvalidResponseException": newErrorXksProxyInvalidResponseException, + "XksProxyUriEndpointInUseException": newErrorXksProxyUriEndpointInUseException, + "XksProxyUriInUseException": newErrorXksProxyUriInUseException, + "XksProxyUriUnreachableException": newErrorXksProxyUriUnreachableException, + "XksProxyVpcEndpointServiceInUseException": newErrorXksProxyVpcEndpointServiceInUseException, + "XksProxyVpcEndpointServiceInvalidConfigurationException": newErrorXksProxyVpcEndpointServiceInvalidConfigurationException, + "XksProxyVpcEndpointServiceNotFoundException": newErrorXksProxyVpcEndpointServiceNotFoundException, } diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go index f097c5d80..5d3601764 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go @@ -23,37 +23,37 @@ import ( // can be stubbed out for unit testing your code with the SDK without needing // to inject custom request handlers into the SDK's request pipeline. // -// // myFunc uses an SDK service client to make a request to -// // AWS Key Management Service. -// func myFunc(svc kmsiface.KMSAPI) bool { -// // Make svc.CancelKeyDeletion request -// } +// // myFunc uses an SDK service client to make a request to +// // AWS Key Management Service. +// func myFunc(svc kmsiface.KMSAPI) bool { +// // Make svc.CancelKeyDeletion request +// } // -// func main() { -// sess := session.New() -// svc := kms.New(sess) +// func main() { +// sess := session.New() +// svc := kms.New(sess) // -// myFunc(svc) -// } +// myFunc(svc) +// } // // In your _test.go file: // -// // Define a mock struct to be used in your unit tests of myFunc. -// type mockKMSClient struct { -// kmsiface.KMSAPI -// } -// func (m *mockKMSClient) CancelKeyDeletion(input *kms.CancelKeyDeletionInput) (*kms.CancelKeyDeletionOutput, error) { -// // mock response/functionality -// } +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockKMSClient struct { +// kmsiface.KMSAPI +// } +// func (m *mockKMSClient) CancelKeyDeletion(input *kms.CancelKeyDeletionInput) (*kms.CancelKeyDeletionOutput, error) { +// // mock response/functionality +// } // -// func TestMyFunc(t *testing.T) { -// // Setup Test -// mockSvc := &mockKMSClient{} +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockKMSClient{} // -// myfunc(mockSvc) +// myfunc(mockSvc) // -// // Verify myFunc's functionality -// } +// // Verify myFunc's functionality +// } // // It is important to note that this interface will have breaking changes // when the service model is updated and adds new API operations, paginators, @@ -100,10 +100,17 @@ type KMSAPI interface { DeleteImportedKeyMaterialWithContext(aws.Context, *kms.DeleteImportedKeyMaterialInput, ...request.Option) (*kms.DeleteImportedKeyMaterialOutput, error) DeleteImportedKeyMaterialRequest(*kms.DeleteImportedKeyMaterialInput) (*request.Request, *kms.DeleteImportedKeyMaterialOutput) + DeriveSharedSecret(*kms.DeriveSharedSecretInput) (*kms.DeriveSharedSecretOutput, error) + DeriveSharedSecretWithContext(aws.Context, *kms.DeriveSharedSecretInput, ...request.Option) (*kms.DeriveSharedSecretOutput, error) + DeriveSharedSecretRequest(*kms.DeriveSharedSecretInput) (*request.Request, *kms.DeriveSharedSecretOutput) + DescribeCustomKeyStores(*kms.DescribeCustomKeyStoresInput) (*kms.DescribeCustomKeyStoresOutput, error) DescribeCustomKeyStoresWithContext(aws.Context, *kms.DescribeCustomKeyStoresInput, ...request.Option) (*kms.DescribeCustomKeyStoresOutput, error) DescribeCustomKeyStoresRequest(*kms.DescribeCustomKeyStoresInput) (*request.Request, *kms.DescribeCustomKeyStoresOutput) + DescribeCustomKeyStoresPages(*kms.DescribeCustomKeyStoresInput, func(*kms.DescribeCustomKeyStoresOutput, bool) bool) error + DescribeCustomKeyStoresPagesWithContext(aws.Context, *kms.DescribeCustomKeyStoresInput, func(*kms.DescribeCustomKeyStoresOutput, bool) bool, ...request.Option) error + DescribeKey(*kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) DescribeKeyWithContext(aws.Context, *kms.DescribeKeyInput, ...request.Option) (*kms.DescribeKeyOutput, error) DescribeKeyRequest(*kms.DescribeKeyInput) (*request.Request, *kms.DescribeKeyOutput) @@ -148,6 +155,10 @@ type KMSAPI interface { GenerateDataKeyWithoutPlaintextWithContext(aws.Context, *kms.GenerateDataKeyWithoutPlaintextInput, ...request.Option) (*kms.GenerateDataKeyWithoutPlaintextOutput, error) GenerateDataKeyWithoutPlaintextRequest(*kms.GenerateDataKeyWithoutPlaintextInput) (*request.Request, *kms.GenerateDataKeyWithoutPlaintextOutput) + GenerateMac(*kms.GenerateMacInput) (*kms.GenerateMacOutput, error) + GenerateMacWithContext(aws.Context, *kms.GenerateMacInput, ...request.Option) (*kms.GenerateMacOutput, error) + GenerateMacRequest(*kms.GenerateMacInput) (*request.Request, *kms.GenerateMacOutput) + GenerateRandom(*kms.GenerateRandomInput) (*kms.GenerateRandomOutput, error) GenerateRandomWithContext(aws.Context, *kms.GenerateRandomInput, ...request.Option) (*kms.GenerateRandomOutput, error) GenerateRandomRequest(*kms.GenerateRandomInput) (*request.Request, *kms.GenerateRandomOutput) @@ -193,6 +204,13 @@ type KMSAPI interface { ListKeyPoliciesPages(*kms.ListKeyPoliciesInput, func(*kms.ListKeyPoliciesOutput, bool) bool) error ListKeyPoliciesPagesWithContext(aws.Context, *kms.ListKeyPoliciesInput, func(*kms.ListKeyPoliciesOutput, bool) bool, ...request.Option) error + ListKeyRotations(*kms.ListKeyRotationsInput) (*kms.ListKeyRotationsOutput, error) + ListKeyRotationsWithContext(aws.Context, *kms.ListKeyRotationsInput, ...request.Option) (*kms.ListKeyRotationsOutput, error) + ListKeyRotationsRequest(*kms.ListKeyRotationsInput) (*request.Request, *kms.ListKeyRotationsOutput) + + ListKeyRotationsPages(*kms.ListKeyRotationsInput, func(*kms.ListKeyRotationsOutput, bool) bool) error + ListKeyRotationsPagesWithContext(aws.Context, *kms.ListKeyRotationsInput, func(*kms.ListKeyRotationsOutput, bool) bool, ...request.Option) error + ListKeys(*kms.ListKeysInput) (*kms.ListKeysOutput, error) ListKeysWithContext(aws.Context, *kms.ListKeysInput, ...request.Option) (*kms.ListKeysOutput, error) ListKeysRequest(*kms.ListKeysInput) (*request.Request, *kms.ListKeysOutput) @@ -204,10 +222,16 @@ type KMSAPI interface { ListResourceTagsWithContext(aws.Context, *kms.ListResourceTagsInput, ...request.Option) (*kms.ListResourceTagsOutput, error) ListResourceTagsRequest(*kms.ListResourceTagsInput) (*request.Request, *kms.ListResourceTagsOutput) + ListResourceTagsPages(*kms.ListResourceTagsInput, func(*kms.ListResourceTagsOutput, bool) bool) error + ListResourceTagsPagesWithContext(aws.Context, *kms.ListResourceTagsInput, func(*kms.ListResourceTagsOutput, bool) bool, ...request.Option) error + ListRetirableGrants(*kms.ListRetirableGrantsInput) (*kms.ListGrantsResponse, error) ListRetirableGrantsWithContext(aws.Context, *kms.ListRetirableGrantsInput, ...request.Option) (*kms.ListGrantsResponse, error) ListRetirableGrantsRequest(*kms.ListRetirableGrantsInput) (*request.Request, *kms.ListGrantsResponse) + ListRetirableGrantsPages(*kms.ListRetirableGrantsInput, func(*kms.ListGrantsResponse, bool) bool) error + ListRetirableGrantsPagesWithContext(aws.Context, *kms.ListRetirableGrantsInput, func(*kms.ListGrantsResponse, bool) bool, ...request.Option) error + PutKeyPolicy(*kms.PutKeyPolicyInput) (*kms.PutKeyPolicyOutput, error) PutKeyPolicyWithContext(aws.Context, *kms.PutKeyPolicyInput, ...request.Option) (*kms.PutKeyPolicyOutput, error) PutKeyPolicyRequest(*kms.PutKeyPolicyInput) (*request.Request, *kms.PutKeyPolicyOutput) @@ -216,6 +240,10 @@ type KMSAPI interface { ReEncryptWithContext(aws.Context, *kms.ReEncryptInput, ...request.Option) (*kms.ReEncryptOutput, error) ReEncryptRequest(*kms.ReEncryptInput) (*request.Request, *kms.ReEncryptOutput) + ReplicateKey(*kms.ReplicateKeyInput) (*kms.ReplicateKeyOutput, error) + ReplicateKeyWithContext(aws.Context, *kms.ReplicateKeyInput, ...request.Option) (*kms.ReplicateKeyOutput, error) + ReplicateKeyRequest(*kms.ReplicateKeyInput) (*request.Request, *kms.ReplicateKeyOutput) + RetireGrant(*kms.RetireGrantInput) (*kms.RetireGrantOutput, error) RetireGrantWithContext(aws.Context, *kms.RetireGrantInput, ...request.Option) (*kms.RetireGrantOutput, error) RetireGrantRequest(*kms.RetireGrantInput) (*request.Request, *kms.RetireGrantOutput) @@ -224,6 +252,10 @@ type KMSAPI interface { RevokeGrantWithContext(aws.Context, *kms.RevokeGrantInput, ...request.Option) (*kms.RevokeGrantOutput, error) RevokeGrantRequest(*kms.RevokeGrantInput) (*request.Request, *kms.RevokeGrantOutput) + RotateKeyOnDemand(*kms.RotateKeyOnDemandInput) (*kms.RotateKeyOnDemandOutput, error) + RotateKeyOnDemandWithContext(aws.Context, *kms.RotateKeyOnDemandInput, ...request.Option) (*kms.RotateKeyOnDemandOutput, error) + RotateKeyOnDemandRequest(*kms.RotateKeyOnDemandInput) (*request.Request, *kms.RotateKeyOnDemandOutput) + ScheduleKeyDeletion(*kms.ScheduleKeyDeletionInput) (*kms.ScheduleKeyDeletionOutput, error) ScheduleKeyDeletionWithContext(aws.Context, *kms.ScheduleKeyDeletionInput, ...request.Option) (*kms.ScheduleKeyDeletionOutput, error) ScheduleKeyDeletionRequest(*kms.ScheduleKeyDeletionInput) (*request.Request, *kms.ScheduleKeyDeletionOutput) @@ -252,9 +284,17 @@ type KMSAPI interface { UpdateKeyDescriptionWithContext(aws.Context, *kms.UpdateKeyDescriptionInput, ...request.Option) (*kms.UpdateKeyDescriptionOutput, error) UpdateKeyDescriptionRequest(*kms.UpdateKeyDescriptionInput) (*request.Request, *kms.UpdateKeyDescriptionOutput) + UpdatePrimaryRegion(*kms.UpdatePrimaryRegionInput) (*kms.UpdatePrimaryRegionOutput, error) + UpdatePrimaryRegionWithContext(aws.Context, *kms.UpdatePrimaryRegionInput, ...request.Option) (*kms.UpdatePrimaryRegionOutput, error) + UpdatePrimaryRegionRequest(*kms.UpdatePrimaryRegionInput) (*request.Request, *kms.UpdatePrimaryRegionOutput) + Verify(*kms.VerifyInput) (*kms.VerifyOutput, error) VerifyWithContext(aws.Context, *kms.VerifyInput, ...request.Option) (*kms.VerifyOutput, error) VerifyRequest(*kms.VerifyInput) (*request.Request, *kms.VerifyOutput) + + VerifyMac(*kms.VerifyMacInput) (*kms.VerifyMacOutput, error) + VerifyMacWithContext(aws.Context, *kms.VerifyMacInput, ...request.Option) (*kms.VerifyMacOutput, error) + VerifyMacRequest(*kms.VerifyMacInput) (*request.Request, *kms.VerifyMacOutput) } var _ KMSAPI = (*kms.KMS)(nil) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/service.go b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go index 50ca0c092..c1717d0d8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go @@ -40,33 +40,39 @@ const ( // aws.Config parameter to add your extra config. // // Example: -// mySession := session.Must(session.NewSession()) // -// // Create a KMS client from just a session. -// svc := kms.New(mySession) +// mySession := session.Must(session.NewSession()) // -// // Create a KMS client with additional configuration -// svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +// // Create a KMS client from just a session. +// svc := kms.New(mySession) +// +// // Create a KMS client with additional configuration +// svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2")) func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS { c := p.ClientConfig(EndpointsID, cfgs...) - return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = EndpointsID + // No Fallback + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } // newClient creates, initializes and returns a new service client instance. -func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *KMS { +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *KMS { svc := &KMS{ Client: client.New( cfg, metadata.ClientInfo{ - ServiceName: ServiceName, - ServiceID: ServiceID, - SigningName: signingName, - SigningRegion: signingRegion, - PartitionID: partitionID, - Endpoint: endpoint, - APIVersion: "2014-11-01", - JSONVersion: "1.1", - TargetPrefix: "TrentService", + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2014-11-01", + ResolvedRegion: resolvedRegion, + JSONVersion: "1.1", + TargetPrefix: "TrentService", }, handlers, ), diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/api.go b/vendor/github.com/aws/aws-sdk-go/service/rds/api.go index 532c8496d..ca7bb44a8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/api.go @@ -29,14 +29,13 @@ const opAddRoleToDBCluster = "AddRoleToDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AddRoleToDBClusterRequest method. +// req, resp := client.AddRoleToDBClusterRequest(params) // -// // Example sending a request using the AddRoleToDBClusterRequest method. -// req, resp := client.AddRoleToDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddRoleToDBCluster func (c *RDS) AddRoleToDBClusterRequest(input *AddRoleToDBClusterInput) (req *request.Request, output *AddRoleToDBClusterOutput) { @@ -58,12 +57,7 @@ func (c *RDS) AddRoleToDBClusterRequest(input *AddRoleToDBClusterInput) (req *re // AddRoleToDBCluster API operation for Amazon Relational Database Service. // -// Associates an Identity and Access Management (IAM) role from an Amazon Aurora -// DB cluster. For more information, see Authorizing Amazon Aurora MySQL to -// Access Other AWS Services on Your Behalf (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.html) -// in the Amazon Aurora User Guide. -// -// This action only applies to Aurora DB clusters. +// Associates an Identity and Access Management (IAM) role with a DB cluster. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -73,19 +67,20 @@ func (c *RDS) AddRoleToDBClusterRequest(input *AddRoleToDBClusterInput) (req *re // API operation AddRoleToDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBClusterRoleAlreadyExistsFault "DBClusterRoleAlreadyExists" -// The specified IAM role Amazon Resource Name (ARN) is already associated with -// the specified DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBClusterRoleAlreadyExistsFault "DBClusterRoleAlreadyExists" +// The specified IAM role Amazon Resource Name (ARN) is already associated with +// the specified DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeDBClusterRoleQuotaExceededFault "DBClusterRoleQuotaExceeded" -// You have exceeded the maximum number of IAM roles that can be associated -// with the specified DB cluster. +// - ErrCodeDBClusterRoleQuotaExceededFault "DBClusterRoleQuotaExceeded" +// You have exceeded the maximum number of IAM roles that can be associated +// with the specified DB cluster. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddRoleToDBCluster func (c *RDS) AddRoleToDBCluster(input *AddRoleToDBClusterInput) (*AddRoleToDBClusterOutput, error) { @@ -125,14 +120,13 @@ const opAddRoleToDBInstance = "AddRoleToDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AddRoleToDBInstanceRequest method. +// req, resp := client.AddRoleToDBInstanceRequest(params) // -// // Example sending a request using the AddRoleToDBInstanceRequest method. -// req, resp := client.AddRoleToDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddRoleToDBInstance func (c *RDS) AddRoleToDBInstanceRequest(input *AddRoleToDBInstanceInput) (req *request.Request, output *AddRoleToDBInstanceOutput) { @@ -154,10 +148,13 @@ func (c *RDS) AddRoleToDBInstanceRequest(input *AddRoleToDBInstanceInput) (req * // AddRoleToDBInstance API operation for Amazon Relational Database Service. // -// Associates an AWS Identity and Access Management (IAM) role with a DB instance. +// Associates an Amazon Web Services Identity and Access Management (IAM) role +// with a DB instance. // // To add a role to a DB instance, the status of the DB instance must be available. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -166,19 +163,20 @@ func (c *RDS) AddRoleToDBInstanceRequest(input *AddRoleToDBInstanceInput) (req * // API operation AddRoleToDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBInstanceRoleAlreadyExistsFault "DBInstanceRoleAlreadyExists" -// The specified RoleArn or FeatureName value is already associated with the -// DB instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeDBInstanceRoleAlreadyExistsFault "DBInstanceRoleAlreadyExists" +// The specified RoleArn or FeatureName value is already associated with the +// DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeDBInstanceRoleQuotaExceededFault "DBInstanceRoleQuotaExceeded" -// You can't associate any more AWS Identity and Access Management (IAM) roles -// with the DB instance because the quota has been reached. +// - ErrCodeDBInstanceRoleQuotaExceededFault "DBInstanceRoleQuotaExceeded" +// You can't associate any more Amazon Web Services Identity and Access Management +// (IAM) roles with the DB instance because the quota has been reached. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddRoleToDBInstance func (c *RDS) AddRoleToDBInstance(input *AddRoleToDBInstanceInput) (*AddRoleToDBInstanceOutput, error) { @@ -218,14 +216,13 @@ const opAddSourceIdentifierToSubscription = "AddSourceIdentifierToSubscription" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AddSourceIdentifierToSubscriptionRequest method. +// req, resp := client.AddSourceIdentifierToSubscriptionRequest(params) // -// // Example sending a request using the AddSourceIdentifierToSubscriptionRequest method. -// req, resp := client.AddSourceIdentifierToSubscriptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddSourceIdentifierToSubscription func (c *RDS) AddSourceIdentifierToSubscriptionRequest(input *AddSourceIdentifierToSubscriptionInput) (req *request.Request, output *AddSourceIdentifierToSubscriptionOutput) { @@ -256,11 +253,12 @@ func (c *RDS) AddSourceIdentifierToSubscriptionRequest(input *AddSourceIdentifie // API operation AddSourceIdentifierToSubscription for usage and error information. // // Returned Error Codes: -// * ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" -// The subscription name does not exist. // -// * ErrCodeSourceNotFoundFault "SourceNotFound" -// The requested source could not be found. +// - ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" +// The subscription name does not exist. +// +// - ErrCodeSourceNotFoundFault "SourceNotFound" +// The requested source could not be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddSourceIdentifierToSubscription func (c *RDS) AddSourceIdentifierToSubscription(input *AddSourceIdentifierToSubscriptionInput) (*AddSourceIdentifierToSubscriptionOutput, error) { @@ -300,14 +298,13 @@ const opAddTagsToResource = "AddTagsToResource" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AddTagsToResourceRequest method. +// req, resp := client.AddTagsToResourceRequest(params) // -// // Example sending a request using the AddTagsToResourceRequest method. -// req, resp := client.AddTagsToResourceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddTagsToResource func (c *RDS) AddTagsToResourceRequest(input *AddTagsToResourceInput) (req *request.Request, output *AddTagsToResourceOutput) { @@ -333,8 +330,9 @@ func (c *RDS) AddTagsToResourceRequest(input *AddTagsToResourceInput) (req *requ // with cost allocation reporting to track cost associated with Amazon RDS resources, // or used in a Condition statement in an IAM policy for Amazon RDS. // -// For an overview on tagging Amazon RDS resources, see Tagging Amazon RDS Resources -// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Tagging.html). +// For an overview on tagging your relational database resources, see Tagging +// Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) +// or Tagging Amazon Aurora and Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -344,22 +342,35 @@ func (c *RDS) AddTagsToResourceRequest(input *AddTagsToResourceInput) (req *requ // API operation AddTagsToResource for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeBlueGreenDeploymentNotFoundFault "BlueGreenDeploymentNotFoundFault" +// BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment. +// +// - ErrCodeIntegrationNotFoundFault "IntegrationNotFoundFault" +// The specified integration could not be found. +// +// - ErrCodeTenantDatabaseNotFoundFault "TenantDatabaseNotFound" +// The specified tenant database wasn't found in the DB instance. +// +// - ErrCodeDBSnapshotTenantDatabaseNotFoundFault "DBSnapshotTenantDatabaseNotFoundFault" +// The specified snapshot tenant database wasn't found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AddTagsToResource func (c *RDS) AddTagsToResource(input *AddTagsToResourceInput) (*AddTagsToResourceOutput, error) { @@ -399,14 +410,13 @@ const opApplyPendingMaintenanceAction = "ApplyPendingMaintenanceAction" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ApplyPendingMaintenanceActionRequest method. +// req, resp := client.ApplyPendingMaintenanceActionRequest(params) // -// // Example sending a request using the ApplyPendingMaintenanceActionRequest method. -// req, resp := client.ApplyPendingMaintenanceActionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ApplyPendingMaintenanceAction func (c *RDS) ApplyPendingMaintenanceActionRequest(input *ApplyPendingMaintenanceActionInput) (req *request.Request, output *ApplyPendingMaintenanceActionOutput) { @@ -438,14 +448,15 @@ func (c *RDS) ApplyPendingMaintenanceActionRequest(input *ApplyPendingMaintenanc // API operation ApplyPendingMaintenanceAction for usage and error information. // // Returned Error Codes: -// * ErrCodeResourceNotFoundFault "ResourceNotFoundFault" -// The specified resource ID was not found. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeResourceNotFoundFault "ResourceNotFoundFault" +// The specified resource ID was not found. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ApplyPendingMaintenanceAction func (c *RDS) ApplyPendingMaintenanceAction(input *ApplyPendingMaintenanceActionInput) (*ApplyPendingMaintenanceActionOutput, error) { @@ -485,14 +496,13 @@ const opAuthorizeDBSecurityGroupIngress = "AuthorizeDBSecurityGroupIngress" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AuthorizeDBSecurityGroupIngressRequest method. +// req, resp := client.AuthorizeDBSecurityGroupIngressRequest(params) // -// // Example sending a request using the AuthorizeDBSecurityGroupIngressRequest method. -// req, resp := client.AuthorizeDBSecurityGroupIngressRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AuthorizeDBSecurityGroupIngress func (c *RDS) AuthorizeDBSecurityGroupIngressRequest(input *AuthorizeDBSecurityGroupIngressInput) (req *request.Request, output *AuthorizeDBSecurityGroupIngressOutput) { @@ -517,16 +527,25 @@ func (c *RDS) AuthorizeDBSecurityGroupIngressRequest(input *AuthorizeDBSecurityG // First, EC2 or VPC security groups can be added to the DBSecurityGroup if // the application using the database is running on EC2 or VPC instances. Second, // IP ranges are available if the application accessing your database is running -// on the Internet. Required parameters for this API are one of CIDR range, +// on the internet. Required parameters for this API are one of CIDR range, // EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName // or EC2SecurityGroupId for non-VPC). // -// You can't authorize ingress from an EC2 security group in one AWS Region -// to an Amazon RDS DB instance in another. You can't authorize ingress from -// a VPC security group in one VPC to an Amazon RDS DB instance in another. +// You can't authorize ingress from an EC2 security group in one Amazon Web +// Services Region to an Amazon RDS DB instance in another. You can't authorize +// ingress from a VPC security group in one VPC to an Amazon RDS DB instance +// in another. // // For an overview of CIDR ranges, go to the Wikipedia Tutorial (http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). // +// EC2-Classic was retired on August 15, 2022. If you haven't migrated from +// EC2-Classic to a VPC, we recommend that you migrate as soon as possible. +// For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) +// in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring +// – Here’s How to Prepare (http://aws.amazon.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/), +// and Moving a DB instance not in a VPC into a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html) +// in the Amazon RDS User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -535,18 +554,19 @@ func (c *RDS) AuthorizeDBSecurityGroupIngressRequest(input *AuthorizeDBSecurityG // API operation AuthorizeDBSecurityGroupIngress for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" -// The state of the DB security group doesn't allow deletion. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. +// +// - ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" +// The state of the DB security group doesn't allow deletion. // -// * ErrCodeAuthorizationAlreadyExistsFault "AuthorizationAlreadyExists" -// The specified CIDR IP range or Amazon EC2 security group is already authorized -// for the specified DB security group. +// - ErrCodeAuthorizationAlreadyExistsFault "AuthorizationAlreadyExists" +// The specified CIDR IP range or Amazon EC2 security group is already authorized +// for the specified DB security group. // -// * ErrCodeAuthorizationQuotaExceededFault "AuthorizationQuotaExceeded" -// The DB security group authorization quota has been reached. +// - ErrCodeAuthorizationQuotaExceededFault "AuthorizationQuotaExceeded" +// The DB security group authorization quota has been reached. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/AuthorizeDBSecurityGroupIngress func (c *RDS) AuthorizeDBSecurityGroupIngress(input *AuthorizeDBSecurityGroupIngressInput) (*AuthorizeDBSecurityGroupIngressOutput, error) { @@ -586,14 +606,13 @@ const opBacktrackDBCluster = "BacktrackDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the BacktrackDBClusterRequest method. +// req, resp := client.BacktrackDBClusterRequest(params) // -// // Example sending a request using the BacktrackDBClusterRequest method. -// req, resp := client.BacktrackDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/BacktrackDBCluster func (c *RDS) BacktrackDBClusterRequest(input *BacktrackDBClusterInput) (req *request.Request, output *BacktrackDBClusterOutput) { @@ -620,7 +639,7 @@ func (c *RDS) BacktrackDBClusterRequest(input *BacktrackDBClusterInput) (req *re // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora MySQL DB clusters. +// This action applies only to Aurora MySQL DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -630,11 +649,12 @@ func (c *RDS) BacktrackDBClusterRequest(input *BacktrackDBClusterInput) (req *re // API operation BacktrackDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/BacktrackDBCluster func (c *RDS) BacktrackDBCluster(input *BacktrackDBClusterInput) (*BacktrackDBClusterOutput, error) { @@ -674,14 +694,13 @@ const opCancelExportTask = "CancelExportTask" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CancelExportTaskRequest method. +// req, resp := client.CancelExportTaskRequest(params) // -// // Example sending a request using the CancelExportTaskRequest method. -// req, resp := client.CancelExportTaskRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CancelExportTask func (c *RDS) CancelExportTaskRequest(input *CancelExportTaskInput) (req *request.Request, output *CancelExportTaskOutput) { @@ -702,8 +721,9 @@ func (c *RDS) CancelExportTaskRequest(input *CancelExportTaskInput) (req *reques // CancelExportTask API operation for Amazon Relational Database Service. // -// Cancels an export task in progress that is exporting a snapshot to Amazon -// S3. Any data that has already been written to the S3 bucket isn't removed. +// Cancels an export task in progress that is exporting a snapshot or cluster +// to Amazon S3. Any data that has already been written to the S3 bucket isn't +// removed. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -713,11 +733,12 @@ func (c *RDS) CancelExportTaskRequest(input *CancelExportTaskInput) (req *reques // API operation CancelExportTask for usage and error information. // // Returned Error Codes: -// * ErrCodeExportTaskNotFoundFault "ExportTaskNotFound" -// The export task doesn't exist. // -// * ErrCodeInvalidExportTaskStateFault "InvalidExportTaskStateFault" -// You can't cancel an export task that has completed. +// - ErrCodeExportTaskNotFoundFault "ExportTaskNotFound" +// The export task doesn't exist. +// +// - ErrCodeInvalidExportTaskStateFault "InvalidExportTaskStateFault" +// You can't cancel an export task that has completed. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CancelExportTask func (c *RDS) CancelExportTask(input *CancelExportTaskInput) (*CancelExportTaskOutput, error) { @@ -757,14 +778,13 @@ const opCopyDBClusterParameterGroup = "CopyDBClusterParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CopyDBClusterParameterGroupRequest method. +// req, resp := client.CopyDBClusterParameterGroupRequest(params) // -// // Example sending a request using the CopyDBClusterParameterGroupRequest method. -// req, resp := client.CopyDBClusterParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBClusterParameterGroup func (c *RDS) CopyDBClusterParameterGroupRequest(input *CopyDBClusterParameterGroupInput) (req *request.Request, output *CopyDBClusterParameterGroupOutput) { @@ -787,7 +807,9 @@ func (c *RDS) CopyDBClusterParameterGroupRequest(input *CopyDBClusterParameterGr // // Copies the specified DB cluster parameter group. // -// This action only applies to Aurora DB clusters. +// You can't copy a default DB cluster parameter group. Instead, create a new +// custom DB cluster parameter group, which copies the default parameters and +// values for the specified DB cluster parameter group family. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -797,15 +819,16 @@ func (c *RDS) CopyDBClusterParameterGroupRequest(input *CopyDBClusterParameterGr // API operation CopyDBClusterParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB parameter -// groups. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. +// +// - ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB parameter +// groups. // -// * ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" -// A DB parameter group with the same name exists. +// - ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" +// A DB parameter group with the same name exists. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBClusterParameterGroup func (c *RDS) CopyDBClusterParameterGroup(input *CopyDBClusterParameterGroupInput) (*CopyDBClusterParameterGroupOutput, error) { @@ -845,14 +868,13 @@ const opCopyDBClusterSnapshot = "CopyDBClusterSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CopyDBClusterSnapshotRequest method. +// req, resp := client.CopyDBClusterSnapshotRequest(params) // -// // Example sending a request using the CopyDBClusterSnapshotRequest method. -// req, resp := client.CopyDBClusterSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBClusterSnapshot func (c *RDS) CopyDBClusterSnapshotRequest(input *CopyDBClusterSnapshotInput) (req *request.Request, output *CopyDBClusterSnapshotOutput) { @@ -878,63 +900,40 @@ func (c *RDS) CopyDBClusterSnapshotRequest(input *CopyDBClusterSnapshotInput) (r // To copy a DB cluster snapshot from a shared manual DB cluster snapshot, SourceDBClusterSnapshotIdentifier // must be the Amazon Resource Name (ARN) of the shared DB cluster snapshot. // -// You can copy an encrypted DB cluster snapshot from another AWS Region. In -// that case, the AWS Region where you call the CopyDBClusterSnapshot action -// is the destination AWS Region for the encrypted DB cluster snapshot to be -// copied to. To copy an encrypted DB cluster snapshot from another AWS Region, -// you must provide the following values: -// -// * KmsKeyId - The AWS Key Management System (AWS KMS) key identifier for -// the key to use to encrypt the copy of the DB cluster snapshot in the destination -// AWS Region. -// -// * PreSignedUrl - A URL that contains a Signature Version 4 signed request -// for the CopyDBClusterSnapshot action to be called in the source AWS Region -// where the DB cluster snapshot is copied from. The pre-signed URL must -// be a valid request for the CopyDBClusterSnapshot API action that can be -// executed in the source AWS Region that contains the encrypted DB cluster -// snapshot to be copied. The pre-signed URL request must contain the following -// parameter values: KmsKeyId - The AWS KMS key identifier for the customer -// master key (CMK) to use to encrypt the copy of the DB cluster snapshot -// in the destination AWS Region. This is the same identifier for both the -// CopyDBClusterSnapshot action that is called in the destination AWS Region, -// and the action contained in the pre-signed URL. DestinationRegion - The -// name of the AWS Region that the DB cluster snapshot is to be created in. -// SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier -// for the encrypted DB cluster snapshot to be copied. This identifier must -// be in the Amazon Resource Name (ARN) format for the source AWS Region. -// For example, if you are copying an encrypted DB cluster snapshot from -// the us-west-2 AWS Region, then your SourceDBClusterSnapshotIdentifier -// looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115. -// To learn how to generate a Signature Version 4 signed request, see Authenticating -// Requests: Using Query Parameters (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) -// and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). -// If you are using an AWS SDK tool or the AWS CLI, you can specify SourceRegion -// (or --source-region for the AWS CLI) instead of specifying PreSignedUrl -// manually. Specifying SourceRegion autogenerates a pre-signed URL that -// is a valid request for the operation that can be executed in the source -// AWS Region. -// -// * TargetDBClusterSnapshotIdentifier - The identifier for the new copy -// of the DB cluster snapshot in the destination AWS Region. -// -// * SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier -// for the encrypted DB cluster snapshot to be copied. This identifier must -// be in the ARN format for the source AWS Region and is the same value as -// the SourceDBClusterSnapshotIdentifier in the pre-signed URL. +// You can copy an encrypted DB cluster snapshot from another Amazon Web Services +// Region. In that case, the Amazon Web Services Region where you call the CopyDBClusterSnapshot +// operation is the destination Amazon Web Services Region for the encrypted +// DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot +// from another Amazon Web Services Region, you must provide the following values: +// +// - KmsKeyId - The Amazon Web Services Key Management System (Amazon Web +// Services KMS) key identifier for the key to use to encrypt the copy of +// the DB cluster snapshot in the destination Amazon Web Services Region. +// +// - TargetDBClusterSnapshotIdentifier - The identifier for the new copy +// of the DB cluster snapshot in the destination Amazon Web Services Region. +// +// - SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier +// for the encrypted DB cluster snapshot to be copied. This identifier must +// be in the ARN format for the source Amazon Web Services Region and is +// the same value as the SourceDBClusterSnapshotIdentifier in the presigned +// URL. // // To cancel the copy operation once it is in progress, delete the target DB // cluster snapshot identified by TargetDBClusterSnapshotIdentifier while that // DB cluster snapshot is in "copying" status. // -// For more information on copying encrypted DB cluster snapshots from one AWS -// Region to another, see Copying a Snapshot (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CopySnapshot.html) +// For more information on copying encrypted Amazon Aurora DB cluster snapshots +// from one Amazon Web Services Region to another, see Copying a Snapshot (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CopySnapshot.html) // in the Amazon Aurora User Guide. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -944,23 +943,24 @@ func (c *RDS) CopyDBClusterSnapshotRequest(input *CopyDBClusterSnapshotInput) (r // API operation CopyDBClusterSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterSnapshotAlreadyExistsFault "DBClusterSnapshotAlreadyExistsFault" -// The user already has a DB cluster snapshot with the given identifier. // -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// - ErrCodeDBClusterSnapshotAlreadyExistsFault "DBClusterSnapshotAlreadyExistsFault" +// The user already has a DB cluster snapshot with the given identifier. +// +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" -// The supplied value isn't a valid DB cluster snapshot state. +// - ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" +// The supplied value isn't a valid DB cluster snapshot state. // -// * ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB snapshots. +// - ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB snapshots. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBClusterSnapshot func (c *RDS) CopyDBClusterSnapshot(input *CopyDBClusterSnapshotInput) (*CopyDBClusterSnapshotOutput, error) { @@ -1000,14 +1000,13 @@ const opCopyDBParameterGroup = "CopyDBParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CopyDBParameterGroupRequest method. +// req, resp := client.CopyDBParameterGroupRequest(params) // -// // Example sending a request using the CopyDBParameterGroupRequest method. -// req, resp := client.CopyDBParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBParameterGroup func (c *RDS) CopyDBParameterGroupRequest(input *CopyDBParameterGroupInput) (req *request.Request, output *CopyDBParameterGroupOutput) { @@ -1030,6 +1029,10 @@ func (c *RDS) CopyDBParameterGroupRequest(input *CopyDBParameterGroupInput) (req // // Copies the specified DB parameter group. // +// You can't copy a default DB parameter group. Instead, create a new custom +// DB parameter group, which copies the default parameters and values for the +// specified DB parameter group family. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1038,15 +1041,16 @@ func (c *RDS) CopyDBParameterGroupRequest(input *CopyDBParameterGroupInput) (req // API operation CopyDBParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" -// A DB parameter group with the same name exists. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB parameter -// groups. +// - ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" +// A DB parameter group with the same name exists. +// +// - ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB parameter +// groups. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBParameterGroup func (c *RDS) CopyDBParameterGroup(input *CopyDBParameterGroupInput) (*CopyDBParameterGroupOutput, error) { @@ -1086,14 +1090,13 @@ const opCopyDBSnapshot = "CopyDBSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CopyDBSnapshotRequest method. +// req, resp := client.CopyDBSnapshotRequest(params) // -// // Example sending a request using the CopyDBSnapshotRequest method. -// req, resp := client.CopyDBSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBSnapshot func (c *RDS) CopyDBSnapshotRequest(input *CopyDBSnapshotInput) (req *request.Request, output *CopyDBSnapshotOutput) { @@ -1117,9 +1120,12 @@ func (c *RDS) CopyDBSnapshotRequest(input *CopyDBSnapshotInput) (req *request.Re // Copies the specified DB snapshot. The source DB snapshot must be in the available // state. // -// You can copy a snapshot from one AWS Region to another. In that case, the -// AWS Region where you call the CopyDBSnapshot action is the destination AWS -// Region for the DB snapshot copy. +// You can copy a snapshot from one Amazon Web Services Region to another. In +// that case, the Amazon Web Services Region where you call the CopyDBSnapshot +// operation is the destination Amazon Web Services Region for the DB snapshot +// copy. +// +// This command doesn't apply to RDS Custom. // // For more information about copying snapshots, see Copying a DB Snapshot (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html#USER_CopyDBSnapshot) // in the Amazon RDS User Guide. @@ -1132,24 +1138,25 @@ func (c *RDS) CopyDBSnapshotRequest(input *CopyDBSnapshotInput) (req *request.Re // API operation CopyDBSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" -// DBSnapshotIdentifier is already used by an existing snapshot. // -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" +// DBSnapshotIdentifier is already used by an existing snapshot. +// +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // -// * ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" -// The state of the DB snapshot doesn't allow deletion. +// - ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" +// The state of the DB snapshot doesn't allow deletion. // -// * ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB snapshots. +// - ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB snapshots. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeCustomAvailabilityZoneNotFoundFault "CustomAvailabilityZoneNotFound" -// CustomAvailabilityZoneId doesn't refer to an existing custom Availability -// Zone identifier. +// - ErrCodeCustomAvailabilityZoneNotFoundFault "CustomAvailabilityZoneNotFound" +// CustomAvailabilityZoneId doesn't refer to an existing custom Availability +// Zone identifier. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyDBSnapshot func (c *RDS) CopyDBSnapshot(input *CopyDBSnapshotInput) (*CopyDBSnapshotOutput, error) { @@ -1189,14 +1196,13 @@ const opCopyOptionGroup = "CopyOptionGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CopyOptionGroupRequest method. +// req, resp := client.CopyOptionGroupRequest(params) // -// // Example sending a request using the CopyOptionGroupRequest method. -// req, resp := client.CopyOptionGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyOptionGroup func (c *RDS) CopyOptionGroupRequest(input *CopyOptionGroupInput) (req *request.Request, output *CopyOptionGroupOutput) { @@ -1227,14 +1233,15 @@ func (c *RDS) CopyOptionGroupRequest(input *CopyOptionGroupInput) (req *request. // API operation CopyOptionGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeOptionGroupAlreadyExistsFault "OptionGroupAlreadyExistsFault" -// The option group you are trying to create already exists. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeOptionGroupAlreadyExistsFault "OptionGroupAlreadyExistsFault" +// The option group you are trying to create already exists. +// +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeOptionGroupQuotaExceededFault "OptionGroupQuotaExceededFault" -// The quota of 20 option groups was exceeded for this AWS account. +// - ErrCodeOptionGroupQuotaExceededFault "OptionGroupQuotaExceededFault" +// The quota of 20 option groups was exceeded for this Amazon Web Services account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CopyOptionGroup func (c *RDS) CopyOptionGroup(input *CopyOptionGroupInput) (*CopyOptionGroupOutput, error) { @@ -1258,93 +1265,223 @@ func (c *RDS) CopyOptionGroupWithContext(ctx aws.Context, input *CopyOptionGroup return out, req.Send() } -const opCreateCustomAvailabilityZone = "CreateCustomAvailabilityZone" +const opCreateBlueGreenDeployment = "CreateBlueGreenDeployment" -// CreateCustomAvailabilityZoneRequest generates a "aws/request.Request" representing the -// client's request for the CreateCustomAvailabilityZone operation. The "output" return +// CreateBlueGreenDeploymentRequest generates a "aws/request.Request" representing the +// client's request for the CreateBlueGreenDeployment operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See CreateCustomAvailabilityZone for more information on using the CreateCustomAvailabilityZone +// See CreateBlueGreenDeployment for more information on using the CreateBlueGreenDeployment // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateBlueGreenDeploymentRequest method. +// req, resp := client.CreateBlueGreenDeploymentRequest(params) // -// // Example sending a request using the CreateCustomAvailabilityZoneRequest method. -// req, resp := client.CreateCustomAvailabilityZoneRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateCustomAvailabilityZone -func (c *RDS) CreateCustomAvailabilityZoneRequest(input *CreateCustomAvailabilityZoneInput) (req *request.Request, output *CreateCustomAvailabilityZoneOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateBlueGreenDeployment +func (c *RDS) CreateBlueGreenDeploymentRequest(input *CreateBlueGreenDeploymentInput) (req *request.Request, output *CreateBlueGreenDeploymentOutput) { op := &request.Operation{ - Name: opCreateCustomAvailabilityZone, + Name: opCreateBlueGreenDeployment, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &CreateCustomAvailabilityZoneInput{} + input = &CreateBlueGreenDeploymentInput{} } - output = &CreateCustomAvailabilityZoneOutput{} + output = &CreateBlueGreenDeploymentOutput{} req = c.newRequest(op, input, output) return } -// CreateCustomAvailabilityZone API operation for Amazon Relational Database Service. +// CreateBlueGreenDeployment API operation for Amazon Relational Database Service. // -// Creates a custom Availability Zone (AZ). +// Creates a blue/green deployment. // -// A custom AZ is an on-premises AZ that is integrated with a VMware vSphere -// cluster. +// A blue/green deployment creates a staging environment that copies the production +// environment. In a blue/green deployment, the blue environment is the current +// production environment. The green environment is the staging environment. +// The staging environment stays in sync with the current production environment +// using logical replication. // -// For more information about RDS on VMware, see the RDS on VMware User Guide. -// (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) +// You can make changes to the databases in the green environment without affecting +// production workloads. For example, you can upgrade the major or minor DB +// engine version, change database parameters, or make schema changes in the +// staging environment. You can thoroughly test changes in the green environment. +// When ready, you can switch over the environments to promote the green environment +// to be the new production environment. The switchover typically takes under +// a minute. +// +// For more information, see Using Amazon RDS Blue/Green Deployments for database +// updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) +// in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments +// for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) +// in the Amazon Aurora User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon Relational Database Service's -// API operation CreateCustomAvailabilityZone for usage and error information. +// API operation CreateBlueGreenDeployment for usage and error information. // // Returned Error Codes: -// * ErrCodeCustomAvailabilityZoneAlreadyExistsFault "CustomAvailabilityZoneAlreadyExists" -// CustomAvailabilityZoneName is already used by an existing custom Availability -// Zone. // -// * ErrCodeCustomAvailabilityZoneQuotaExceededFault "CustomAvailabilityZoneQuotaExceeded" -// You have exceeded the maximum number of custom Availability Zones. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeSourceDatabaseNotSupportedFault "SourceDatabaseNotSupportedFault" +// The source DB instance isn't supported for a blue/green deployment. +// +// - ErrCodeSourceClusterNotSupportedFault "SourceClusterNotSupportedFault" +// The source DB cluster isn't supported for a blue/green deployment. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeBlueGreenDeploymentAlreadyExistsFault "BlueGreenDeploymentAlreadyExistsFault" +// A blue/green deployment with the specified name already exists. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateCustomAvailabilityZone -func (c *RDS) CreateCustomAvailabilityZone(input *CreateCustomAvailabilityZoneInput) (*CreateCustomAvailabilityZoneOutput, error) { - req, out := c.CreateCustomAvailabilityZoneRequest(input) +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. +// +// - ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" +// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter +// group. +// +// - ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB instances. +// +// - ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" +// The user attempted to create a new DB cluster and the user has already reached +// the maximum allowed DB cluster quota. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateBlueGreenDeployment +func (c *RDS) CreateBlueGreenDeployment(input *CreateBlueGreenDeploymentInput) (*CreateBlueGreenDeploymentOutput, error) { + req, out := c.CreateBlueGreenDeploymentRequest(input) return out, req.Send() } -// CreateCustomAvailabilityZoneWithContext is the same as CreateCustomAvailabilityZone with the addition of +// CreateBlueGreenDeploymentWithContext is the same as CreateBlueGreenDeployment with the addition of // the ability to pass a context and additional request options. // -// See CreateCustomAvailabilityZone for details on how to use this API operation. +// See CreateBlueGreenDeployment for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) CreateCustomAvailabilityZoneWithContext(ctx aws.Context, input *CreateCustomAvailabilityZoneInput, opts ...request.Option) (*CreateCustomAvailabilityZoneOutput, error) { - req, out := c.CreateCustomAvailabilityZoneRequest(input) +func (c *RDS) CreateBlueGreenDeploymentWithContext(ctx aws.Context, input *CreateBlueGreenDeploymentInput, opts ...request.Option) (*CreateBlueGreenDeploymentOutput, error) { + req, out := c.CreateBlueGreenDeploymentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateCustomDBEngineVersion = "CreateCustomDBEngineVersion" + +// CreateCustomDBEngineVersionRequest generates a "aws/request.Request" representing the +// client's request for the CreateCustomDBEngineVersion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateCustomDBEngineVersion for more information on using the CreateCustomDBEngineVersion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateCustomDBEngineVersionRequest method. +// req, resp := client.CreateCustomDBEngineVersionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateCustomDBEngineVersion +func (c *RDS) CreateCustomDBEngineVersionRequest(input *CreateCustomDBEngineVersionInput) (req *request.Request, output *CreateCustomDBEngineVersionOutput) { + op := &request.Operation{ + Name: opCreateCustomDBEngineVersion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateCustomDBEngineVersionInput{} + } + + output = &CreateCustomDBEngineVersionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateCustomDBEngineVersion API operation for Amazon Relational Database Service. +// +// Creates a custom DB engine version (CEV). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation CreateCustomDBEngineVersion for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeCustomDBEngineVersionAlreadyExistsFault "CustomDBEngineVersionAlreadyExistsFault" +// A CEV with the specified name already exists. +// +// - ErrCodeCustomDBEngineVersionQuotaExceededFault "CustomDBEngineVersionQuotaExceededFault" +// You have exceeded your CEV quota. +// +// - ErrCodeEc2ImagePropertiesNotSupportedFault "Ec2ImagePropertiesNotSupportedFault" +// The AMI configuration prerequisite has not been met. +// +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. +// +// - ErrCodeCreateCustomDBEngineVersionFault "CreateCustomDBEngineVersionFault" +// An error occurred while trying to create the CEV. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateCustomDBEngineVersion +func (c *RDS) CreateCustomDBEngineVersion(input *CreateCustomDBEngineVersionInput) (*CreateCustomDBEngineVersionOutput, error) { + req, out := c.CreateCustomDBEngineVersionRequest(input) + return out, req.Send() +} + +// CreateCustomDBEngineVersionWithContext is the same as CreateCustomDBEngineVersion with the addition of +// the ability to pass a context and additional request options. +// +// See CreateCustomDBEngineVersion for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) CreateCustomDBEngineVersionWithContext(ctx aws.Context, input *CreateCustomDBEngineVersionInput, opts ...request.Option) (*CreateCustomDBEngineVersionOutput, error) { + req, out := c.CreateCustomDBEngineVersionRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() @@ -1366,14 +1503,13 @@ const opCreateDBCluster = "CreateDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBClusterRequest method. +// req, resp := client.CreateDBClusterRequest(params) // -// // Example sending a request using the CreateDBClusterRequest method. -// req, resp := client.CreateDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBCluster func (c *RDS) CreateDBClusterRequest(input *CreateDBClusterInput) (req *request.Request, output *CreateDBClusterOutput) { @@ -1394,17 +1530,25 @@ func (c *RDS) CreateDBClusterRequest(input *CreateDBClusterInput) (req *request. // CreateDBCluster API operation for Amazon Relational Database Service. // -// Creates a new Amazon Aurora DB cluster. +// Creates a new Amazon Aurora DB cluster or Multi-AZ DB cluster. // -// You can use the ReplicationSourceIdentifier parameter to create the DB cluster -// as a read replica of another DB cluster or Amazon RDS MySQL DB instance. -// For cross-region replication where the DB cluster identified by ReplicationSourceIdentifier -// is encrypted, you must also specify the PreSignedUrl parameter. +// If you create an Aurora DB cluster, the request creates an empty cluster. +// You must explicitly create the writer instance for your DB cluster using +// the CreateDBInstance (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) +// operation. If you create a Multi-AZ DB cluster, the request creates a writer +// and two reader DB instances for you, each in a different Availability Zone. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// You can use the ReplicationSourceIdentifier parameter to create an Amazon +// Aurora DB cluster as a read replica of another DB cluster or Amazon RDS for +// MySQL or PostgreSQL DB instance. For more information about Amazon Aurora, +// see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// You can also use the ReplicationSourceIdentifier parameter to create a Multi-AZ +// DB cluster read replica with an RDS for MySQL or PostgreSQL DB instance as +// the source. For more information about Multi-AZ DB clusters, see Multi-AZ +// DB cluster deployments (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1414,65 +1558,81 @@ func (c *RDS) CreateDBClusterRequest(input *CreateDBClusterInput) (req *request. // API operation CreateDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" -// The user already has a DB cluster with the given identifier. // -// * ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" -// There is insufficient storage available for the current action. You might -// be able to resolve this error by updating your subnet group to use different -// Availability Zones that have more storage available. +// - ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" +// The user already has a DB cluster with the given identifier. +// +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. +// +// - ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" +// There is insufficient storage available for the current action. You might +// be able to resolve this error by updating your subnet group to use different +// Availability Zones that have more storage available. +// +// - ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" +// The user attempted to create a new DB cluster and the user has already reached +// the maximum allowed DB cluster quota. +// +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" -// The user attempted to create a new DB cluster and the user has already reached -// the maximum allowed DB cluster quota. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeInvalidDBSubnetGroupFault "InvalidDBSubnetGroupFault" +// The DBSubnetGroup doesn't belong to the same VPC as that of an existing cross-region +// read replica of the same source instance. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" +// The DB subnet group cannot be deleted because it's in use. // -// * ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" -// The DB subnet group cannot be deleted because it's in use. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" +// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter +// group. // -// * ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" -// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter -// group. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// The GlobalClusterIdentifier doesn't refer to an existing global database +// cluster. // -// * ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// - ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// The global cluster is in an invalid state and can't perform the requested +// operation. // -// * ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBCluster func (c *RDS) CreateDBCluster(input *CreateDBClusterInput) (*CreateDBClusterOutput, error) { @@ -1512,14 +1672,13 @@ const opCreateDBClusterEndpoint = "CreateDBClusterEndpoint" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBClusterEndpointRequest method. +// req, resp := client.CreateDBClusterEndpointRequest(params) // -// // Example sending a request using the CreateDBClusterEndpointRequest method. -// req, resp := client.CreateDBClusterEndpointRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBClusterEndpoint func (c *RDS) CreateDBClusterEndpointRequest(input *CreateDBClusterEndpointInput) (req *request.Request, output *CreateDBClusterEndpointOutput) { @@ -1543,7 +1702,7 @@ func (c *RDS) CreateDBClusterEndpointRequest(input *CreateDBClusterEndpointInput // Creates a new custom endpoint and associates it with an Amazon Aurora DB // cluster. // -// This action only applies to Aurora DB clusters. +// This action applies only to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1553,23 +1712,24 @@ func (c *RDS) CreateDBClusterEndpointRequest(input *CreateDBClusterEndpointInput // API operation CreateDBClusterEndpoint for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterEndpointQuotaExceededFault "DBClusterEndpointQuotaExceededFault" -// The cluster already has the maximum number of custom endpoints. // -// * ErrCodeDBClusterEndpointAlreadyExistsFault "DBClusterEndpointAlreadyExistsFault" -// The specified custom endpoint can't be created because it already exists. +// - ErrCodeDBClusterEndpointQuotaExceededFault "DBClusterEndpointQuotaExceededFault" +// The cluster already has the maximum number of custom endpoints. +// +// - ErrCodeDBClusterEndpointAlreadyExistsFault "DBClusterEndpointAlreadyExistsFault" +// The specified custom endpoint can't be created because it already exists. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBClusterEndpoint func (c *RDS) CreateDBClusterEndpoint(input *CreateDBClusterEndpointInput) (*CreateDBClusterEndpointOutput, error) { @@ -1609,14 +1769,13 @@ const opCreateDBClusterParameterGroup = "CreateDBClusterParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBClusterParameterGroupRequest method. +// req, resp := client.CreateDBClusterParameterGroupRequest(params) // -// // Example sending a request using the CreateDBClusterParameterGroupRequest method. -// req, resp := client.CreateDBClusterParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBClusterParameterGroup func (c *RDS) CreateDBClusterParameterGroupRequest(input *CreateDBClusterParameterGroupInput) (req *request.Request, output *CreateDBClusterParameterGroupOutput) { @@ -1647,10 +1806,15 @@ func (c *RDS) CreateDBClusterParameterGroupRequest(input *CreateDBClusterParamet // values for any of the parameters, you must modify the group after creating // it using ModifyDBClusterParameterGroup. Once you've created a DB cluster // parameter group, you need to associate it with your DB cluster using ModifyDBCluster. -// When you associate a new DB cluster parameter group with a running DB cluster, -// you need to reboot the DB instances in the DB cluster without failover for +// +// When you associate a new DB cluster parameter group with a running Aurora +// DB cluster, reboot the DB instances in the DB cluster without failover for // the new DB cluster parameter group and associated settings to take effect. // +// When you associate a new DB cluster parameter group with a running Multi-AZ +// DB cluster, reboot the DB cluster without failover for the new DB cluster +// parameter group and associated settings to take effect. +// // After you create a DB cluster parameter group, you should wait at least 5 // minutes before creating your first DB cluster that uses that DB cluster parameter // group as the default parameter group. This allows Amazon RDS to fully complete @@ -1660,13 +1824,15 @@ func (c *RDS) CreateDBClusterParameterGroupRequest(input *CreateDBClusterParamet // character set for the default database defined by the character_set_database // parameter. You can use the Parameter Groups option of the Amazon RDS console // (https://console.aws.amazon.com/rds/) or the DescribeDBClusterParameters -// action to verify that your DB cluster parameter group has been created or -// modified. +// operation to verify that your DB cluster parameter group has been created +// or modified. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1676,12 +1842,13 @@ func (c *RDS) CreateDBClusterParameterGroupRequest(input *CreateDBClusterParamet // API operation CreateDBClusterParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB parameter -// groups. // -// * ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" -// A DB parameter group with the same name exists. +// - ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB parameter +// groups. +// +// - ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" +// A DB parameter group with the same name exists. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBClusterParameterGroup func (c *RDS) CreateDBClusterParameterGroup(input *CreateDBClusterParameterGroupInput) (*CreateDBClusterParameterGroupOutput, error) { @@ -1721,14 +1888,13 @@ const opCreateDBClusterSnapshot = "CreateDBClusterSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBClusterSnapshotRequest method. +// req, resp := client.CreateDBClusterSnapshotRequest(params) // -// // Example sending a request using the CreateDBClusterSnapshotRequest method. -// req, resp := client.CreateDBClusterSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBClusterSnapshot func (c *RDS) CreateDBClusterSnapshotRequest(input *CreateDBClusterSnapshotInput) (req *request.Request, output *CreateDBClusterSnapshotOutput) { @@ -1749,11 +1915,14 @@ func (c *RDS) CreateDBClusterSnapshotRequest(input *CreateDBClusterSnapshotInput // CreateDBClusterSnapshot API operation for Amazon Relational Database Service. // -// Creates a snapshot of a DB cluster. For more information on Amazon Aurora, -// see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// Creates a snapshot of a DB cluster. +// +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1763,20 +1932,21 @@ func (c *RDS) CreateDBClusterSnapshotRequest(input *CreateDBClusterSnapshotInput // API operation CreateDBClusterSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterSnapshotAlreadyExistsFault "DBClusterSnapshotAlreadyExistsFault" -// The user already has a DB cluster snapshot with the given identifier. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterSnapshotAlreadyExistsFault "DBClusterSnapshotAlreadyExistsFault" +// The user already has a DB cluster snapshot with the given identifier. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB snapshots. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" -// The supplied value isn't a valid DB cluster snapshot state. +// - ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB snapshots. +// +// - ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" +// The supplied value isn't a valid DB cluster snapshot state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBClusterSnapshot func (c *RDS) CreateDBClusterSnapshot(input *CreateDBClusterSnapshotInput) (*CreateDBClusterSnapshotOutput, error) { @@ -1816,14 +1986,13 @@ const opCreateDBInstance = "CreateDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBInstanceRequest method. +// req, resp := client.CreateDBInstanceRequest(params) // -// // Example sending a request using the CreateDBInstanceRequest method. -// req, resp := client.CreateDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstance func (c *RDS) CreateDBInstanceRequest(input *CreateDBInstanceInput) (req *request.Request, output *CreateDBInstanceOutput) { @@ -1846,6 +2015,18 @@ func (c *RDS) CreateDBInstanceRequest(input *CreateDBInstanceInput) (req *reques // // Creates a new DB instance. // +// The new DB instance can be an RDS DB instance, or it can be a DB instance +// in an Aurora DB cluster. For an Aurora DB cluster, you can call this operation +// multiple times to add more than one DB instance to the cluster. +// +// For more information about creating an RDS DB instance, see Creating an Amazon +// RDS DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) +// in the Amazon RDS User Guide. +// +// For more information about creating a DB instance in an Aurora DB cluster, +// see Creating an Amazon Aurora DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) +// in the Amazon Aurora User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1854,70 +2035,82 @@ func (c *RDS) CreateDBInstanceRequest(input *CreateDBInstanceInput) (req *reques // API operation CreateDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" -// The user already has a DB instance with the given identifier. // -// * ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" -// The specified DB instance class isn't available in the specified Availability -// Zone. +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. +// +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. +// +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB instances. // -// * ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB instances. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" +// Provisioned IOPS not available in the specified Availability Zone. // -// * ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" -// Provisioned IOPS not available in the specified Availability Zone. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. // -// * ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" +// The specified CIDR IP range or Amazon EC2 security group might not be authorized +// for the specified DB security group. // -// * ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" -// The specified CIDR IP range or Amazon EC2 security group might not be authorized -// for the specified DB security group. +// Or, RDS might not be authorized to perform necessary actions using IAM on +// your behalf. // -// Or, RDS might not be authorized to perform necessary actions using IAM on -// your behalf. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" // -// * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" +// - ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. +// +// - ErrCodeTenantDatabaseQuotaExceededFault "TenantDatabaseQuotaExceeded" +// You attempted to create more tenant databases than are permitted in your +// Amazon Web Services account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstance func (c *RDS) CreateDBInstance(input *CreateDBInstanceInput) (*CreateDBInstanceOutput, error) { @@ -1957,14 +2150,13 @@ const opCreateDBInstanceReadReplica = "CreateDBInstanceReadReplica" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBInstanceReadReplicaRequest method. +// req, resp := client.CreateDBInstanceReadReplicaRequest(params) // -// // Example sending a request using the CreateDBInstanceReadReplicaRequest method. -// req, resp := client.CreateDBInstanceReadReplicaRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstanceReadReplica func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadReplicaInput) (req *request.Request, output *CreateDBInstanceReadReplicaOutput) { @@ -1986,19 +2178,22 @@ func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadRepl // CreateDBInstanceReadReplica API operation for Amazon Relational Database Service. // // Creates a new DB instance that acts as a read replica for an existing source -// DB instance. You can create a read replica for a DB instance running MySQL, -// MariaDB, Oracle, PostgreSQL, or SQL Server. For more information, see Working -// with Read Replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) +// DB instance or Multi-AZ DB cluster. You can create a read replica for a DB +// instance running Db2, MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server. +// You can create a read replica for a Multi-AZ DB cluster running MySQL or +// PostgreSQL. For more information, see Working with read replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) +// and Migrating from a Multi-AZ DB cluster to a DB instance using a read replica +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html#multi-az-db-clusters-migrating-to-instance-with-read-replica) // in the Amazon RDS User Guide. // -// Amazon Aurora doesn't support this action. Call the CreateDBInstance action -// to create a DB instance for an Aurora DB cluster. +// Amazon Aurora doesn't support this operation. To create a DB instance for +// an Aurora DB cluster, use the CreateDBInstance operation. // // All read replica DB instances are created with backups disabled. All other -// DB instance attributes (including DB security groups and DB parameter groups) -// are inherited from the source DB instance, except as specified. +// attributes (including DB security groups and DB parameter groups) are inherited +// from the source DB instance or cluster, except as specified. // -// Your source DB instance must have backup retention enabled. +// Your source DB instance or cluster must have backup retention enabled. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2008,69 +2203,87 @@ func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadRepl // API operation CreateDBInstanceReadReplica for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" -// The user already has a DB instance with the given identifier. // -// * ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" -// The specified DB instance class isn't available in the specified Availability -// Zone. +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. +// +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB instances. +// - ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" -// Provisioned IOPS not available in the specified Availability Zone. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeDBSubnetGroupNotAllowedFault "DBSubnetGroupNotAllowedFault" -// The DBSubnetGroup shouldn't be specified while creating read replicas that -// lie in the same region as the source instance. +// - ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" +// Provisioned IOPS not available in the specified Availability Zone. // -// * ErrCodeInvalidDBSubnetGroupFault "InvalidDBSubnetGroupFault" -// The DBSubnetGroup doesn't belong to the same VPC as that of an existing cross-region -// read replica of the same source instance. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// - ErrCodeDBSubnetGroupNotAllowedFault "DBSubnetGroupNotAllowedFault" +// The DBSubnetGroup shouldn't be specified while creating read replicas that +// lie in the same region as the source instance. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeInvalidDBSubnetGroupFault "InvalidDBSubnetGroupFault" +// The DBSubnetGroup doesn't belong to the same VPC as that of an existing cross-region +// read replica of the same source instance. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. +// +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. +// +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. +// +// - ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// +// - ErrCodeTenantDatabaseQuotaExceededFault "TenantDatabaseQuotaExceeded" +// You attempted to create more tenant databases than are permitted in your +// Amazon Web Services account. +// +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstanceReadReplica func (c *RDS) CreateDBInstanceReadReplica(input *CreateDBInstanceReadReplicaInput) (*CreateDBInstanceReadReplicaOutput, error) { @@ -2110,14 +2323,13 @@ const opCreateDBParameterGroup = "CreateDBParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBParameterGroupRequest method. +// req, resp := client.CreateDBParameterGroupRequest(params) // -// // Example sending a request using the CreateDBParameterGroupRequest method. -// req, resp := client.CreateDBParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBParameterGroup func (c *RDS) CreateDBParameterGroupRequest(input *CreateDBParameterGroupInput) (req *request.Request, output *CreateDBParameterGroupOutput) { @@ -2149,6 +2361,8 @@ func (c *RDS) CreateDBParameterGroupRequest(input *CreateDBParameterGroupInput) // DB instance without failover for the new DB parameter group and associated // settings to take effect. // +// This command doesn't apply to RDS Custom. +// // After you create a DB parameter group, you should wait at least 5 minutes // before creating your first DB instance that uses that DB parameter group // as the default parameter group. This allows Amazon RDS to fully complete @@ -2168,12 +2382,13 @@ func (c *RDS) CreateDBParameterGroupRequest(input *CreateDBParameterGroupInput) // API operation CreateDBParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB parameter -// groups. // -// * ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" -// A DB parameter group with the same name exists. +// - ErrCodeDBParameterGroupQuotaExceededFault "DBParameterGroupQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB parameter +// groups. +// +// - ErrCodeDBParameterGroupAlreadyExistsFault "DBParameterGroupAlreadyExists" +// A DB parameter group with the same name exists. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBParameterGroup func (c *RDS) CreateDBParameterGroup(input *CreateDBParameterGroupInput) (*CreateDBParameterGroupOutput, error) { @@ -2213,14 +2428,13 @@ const opCreateDBProxy = "CreateDBProxy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBProxyRequest method. +// req, resp := client.CreateDBProxyRequest(params) // -// // Example sending a request using the CreateDBProxyRequest method. -// req, resp := client.CreateDBProxyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBProxy func (c *RDS) CreateDBProxyRequest(input *CreateDBProxyInput) (req *request.Request, output *CreateDBProxyOutput) { @@ -2251,17 +2465,18 @@ func (c *RDS) CreateDBProxyRequest(input *CreateDBProxyInput) (req *request.Requ // API operation CreateDBProxy for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. // -// * ErrCodeDBProxyAlreadyExistsFault "DBProxyTargetExistsFault" -// The specified proxy name must be unique for all proxies owned by your AWS -// account in the specified AWS Region. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeDBProxyQuotaExceededFault "DBProxyQuotaExceededFault" -// Your AWS account already has the maximum number of proxies in the specified -// AWS Region. +// - ErrCodeDBProxyAlreadyExistsFault "DBProxyAlreadyExistsFault" +// The specified proxy name must be unique for all proxies owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyQuotaExceededFault "DBProxyQuotaExceededFault" +// Your Amazon Web Services account already has the maximum number of proxies +// in the specified Amazon Web Services Region. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBProxy func (c *RDS) CreateDBProxy(input *CreateDBProxyInput) (*CreateDBProxyOutput, error) { @@ -2285,6 +2500,104 @@ func (c *RDS) CreateDBProxyWithContext(ctx aws.Context, input *CreateDBProxyInpu return out, req.Send() } +const opCreateDBProxyEndpoint = "CreateDBProxyEndpoint" + +// CreateDBProxyEndpointRequest generates a "aws/request.Request" representing the +// client's request for the CreateDBProxyEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateDBProxyEndpoint for more information on using the CreateDBProxyEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateDBProxyEndpointRequest method. +// req, resp := client.CreateDBProxyEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBProxyEndpoint +func (c *RDS) CreateDBProxyEndpointRequest(input *CreateDBProxyEndpointInput) (req *request.Request, output *CreateDBProxyEndpointOutput) { + op := &request.Operation{ + Name: opCreateDBProxyEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateDBProxyEndpointInput{} + } + + output = &CreateDBProxyEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateDBProxyEndpoint API operation for Amazon Relational Database Service. +// +// Creates a DBProxyEndpoint. Only applies to proxies that are associated with +// Aurora DB clusters. You can use DB proxy endpoints to specify read/write +// or read-only access to the DB cluster. You can also use DB proxy endpoints +// to access a DB proxy through a different VPC than the proxy's default VPC. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation CreateDBProxyEndpoint for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. +// +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyEndpointAlreadyExistsFault "DBProxyEndpointAlreadyExistsFault" +// The specified DB proxy endpoint name must be unique for all DB proxy endpoints +// owned by your Amazon Web Services account in the specified Amazon Web Services +// Region. +// +// - ErrCodeDBProxyEndpointQuotaExceededFault "DBProxyEndpointQuotaExceededFault" +// The DB proxy already has the maximum number of endpoints. +// +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBProxyEndpoint +func (c *RDS) CreateDBProxyEndpoint(input *CreateDBProxyEndpointInput) (*CreateDBProxyEndpointOutput, error) { + req, out := c.CreateDBProxyEndpointRequest(input) + return out, req.Send() +} + +// CreateDBProxyEndpointWithContext is the same as CreateDBProxyEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See CreateDBProxyEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) CreateDBProxyEndpointWithContext(ctx aws.Context, input *CreateDBProxyEndpointInput, opts ...request.Option) (*CreateDBProxyEndpointOutput, error) { + req, out := c.CreateDBProxyEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateDBSecurityGroup = "CreateDBSecurityGroup" // CreateDBSecurityGroupRequest generates a "aws/request.Request" representing the @@ -2301,14 +2614,13 @@ const opCreateDBSecurityGroup = "CreateDBSecurityGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBSecurityGroupRequest method. +// req, resp := client.CreateDBSecurityGroupRequest(params) // -// // Example sending a request using the CreateDBSecurityGroupRequest method. -// req, resp := client.CreateDBSecurityGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBSecurityGroup func (c *RDS) CreateDBSecurityGroupRequest(input *CreateDBSecurityGroupInput) (req *request.Request, output *CreateDBSecurityGroupOutput) { @@ -2335,6 +2647,14 @@ func (c *RDS) CreateDBSecurityGroupRequest(input *CreateDBSecurityGroupInput) (r // A DB security group controls access to EC2-Classic DB instances that are // not in a VPC. // +// EC2-Classic was retired on August 15, 2022. If you haven't migrated from +// EC2-Classic to a VPC, we recommend that you migrate as soon as possible. +// For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) +// in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring +// – Here’s How to Prepare (http://aws.amazon.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/), +// and Moving a DB instance not in a VPC into a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html) +// in the Amazon RDS User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2343,16 +2663,17 @@ func (c *RDS) CreateDBSecurityGroupRequest(input *CreateDBSecurityGroupInput) (r // API operation CreateDBSecurityGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSecurityGroupAlreadyExistsFault "DBSecurityGroupAlreadyExists" -// A DB security group with the name specified in DBSecurityGroupName already -// exists. // -// * ErrCodeDBSecurityGroupQuotaExceededFault "QuotaExceeded.DBSecurityGroup" -// The request would result in the user exceeding the allowed number of DB security -// groups. +// - ErrCodeDBSecurityGroupAlreadyExistsFault "DBSecurityGroupAlreadyExists" +// A DB security group with the name specified in DBSecurityGroupName already +// exists. +// +// - ErrCodeDBSecurityGroupQuotaExceededFault "QuotaExceeded.DBSecurityGroup" +// The request would result in the user exceeding the allowed number of DB security +// groups. // -// * ErrCodeDBSecurityGroupNotSupportedFault "DBSecurityGroupNotSupported" -// A DB security group isn't allowed for this action. +// - ErrCodeDBSecurityGroupNotSupportedFault "DBSecurityGroupNotSupported" +// A DB security group isn't allowed for this action. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBSecurityGroup func (c *RDS) CreateDBSecurityGroup(input *CreateDBSecurityGroupInput) (*CreateDBSecurityGroupOutput, error) { @@ -2376,6 +2697,110 @@ func (c *RDS) CreateDBSecurityGroupWithContext(ctx aws.Context, input *CreateDBS return out, req.Send() } +const opCreateDBShardGroup = "CreateDBShardGroup" + +// CreateDBShardGroupRequest generates a "aws/request.Request" representing the +// client's request for the CreateDBShardGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateDBShardGroup for more information on using the CreateDBShardGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateDBShardGroupRequest method. +// req, resp := client.CreateDBShardGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBShardGroup +func (c *RDS) CreateDBShardGroupRequest(input *CreateDBShardGroupInput) (req *request.Request, output *CreateDBShardGroupOutput) { + op := &request.Operation{ + Name: opCreateDBShardGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateDBShardGroupInput{} + } + + output = &CreateDBShardGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateDBShardGroup API operation for Amazon Relational Database Service. +// +// Creates a new DB shard group for Aurora Limitless Database. You must enable +// Aurora Limitless Database to create a DB shard group. +// +// Valid for: Aurora DB clusters only +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation CreateDBShardGroup for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBShardGroupAlreadyExistsFault "DBShardGroupAlreadyExists" +// The specified DB shard group name must be unique in your Amazon Web Services +// account in the specified Amazon Web Services Region. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeMaxDBShardGroupLimitReached "MaxDBShardGroupLimitReached" +// The maximum number of DB shard groups for your Amazon Web Services account +// in the specified Amazon Web Services Region has been reached. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeInvalidMaxAcuFault "InvalidMaxAcu" +// The maximum capacity of the DB shard group must be 48-7168 Aurora capacity +// units (ACUs). +// +// - ErrCodeUnsupportedDBEngineVersionFault "UnsupportedDBEngineVersion" +// The specified DB engine version isn't supported for Aurora Limitless Database. +// +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBShardGroup +func (c *RDS) CreateDBShardGroup(input *CreateDBShardGroupInput) (*CreateDBShardGroupOutput, error) { + req, out := c.CreateDBShardGroupRequest(input) + return out, req.Send() +} + +// CreateDBShardGroupWithContext is the same as CreateDBShardGroup with the addition of +// the ability to pass a context and additional request options. +// +// See CreateDBShardGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) CreateDBShardGroupWithContext(ctx aws.Context, input *CreateDBShardGroupInput, opts ...request.Option) (*CreateDBShardGroupOutput, error) { + req, out := c.CreateDBShardGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateDBSnapshot = "CreateDBSnapshot" // CreateDBSnapshotRequest generates a "aws/request.Request" representing the @@ -2392,14 +2817,13 @@ const opCreateDBSnapshot = "CreateDBSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBSnapshotRequest method. +// req, resp := client.CreateDBSnapshotRequest(params) // -// // Example sending a request using the CreateDBSnapshotRequest method. -// req, resp := client.CreateDBSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBSnapshot func (c *RDS) CreateDBSnapshotRequest(input *CreateDBSnapshotInput) (req *request.Request, output *CreateDBSnapshotOutput) { @@ -2431,17 +2855,18 @@ func (c *RDS) CreateDBSnapshotRequest(input *CreateDBSnapshotInput) (req *reques // API operation CreateDBSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" -// DBSnapshotIdentifier is already used by an existing snapshot. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" +// DBSnapshotIdentifier is already used by an existing snapshot. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB snapshots. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB snapshots. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBSnapshot func (c *RDS) CreateDBSnapshot(input *CreateDBSnapshotInput) (*CreateDBSnapshotOutput, error) { @@ -2481,14 +2906,13 @@ const opCreateDBSubnetGroup = "CreateDBSubnetGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateDBSubnetGroupRequest method. +// req, resp := client.CreateDBSubnetGroupRequest(params) // -// // Example sending a request using the CreateDBSubnetGroupRequest method. -// req, resp := client.CreateDBSubnetGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBSubnetGroup func (c *RDS) CreateDBSubnetGroupRequest(input *CreateDBSubnetGroupInput) (req *request.Request, output *CreateDBSubnetGroupOutput) { @@ -2510,7 +2934,7 @@ func (c *RDS) CreateDBSubnetGroupRequest(input *CreateDBSubnetGroupInput) (req * // CreateDBSubnetGroup API operation for Amazon Relational Database Service. // // Creates a new DB subnet group. DB subnet groups must contain at least one -// subnet in at least two AZs in the AWS Region. +// subnet in at least two AZs in the Amazon Web Services Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2520,24 +2944,25 @@ func (c *RDS) CreateDBSubnetGroupRequest(input *CreateDBSubnetGroupInput) (req * // API operation CreateDBSubnetGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSubnetGroupAlreadyExistsFault "DBSubnetGroupAlreadyExists" -// DBSubnetGroupName is already used by an existing DB subnet group. // -// * ErrCodeDBSubnetGroupQuotaExceededFault "DBSubnetGroupQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB subnet -// groups. +// - ErrCodeDBSubnetGroupAlreadyExistsFault "DBSubnetGroupAlreadyExists" +// DBSubnetGroupName is already used by an existing DB subnet group. +// +// - ErrCodeDBSubnetGroupQuotaExceededFault "DBSubnetGroupQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB subnet +// groups. // -// * ErrCodeDBSubnetQuotaExceededFault "DBSubnetQuotaExceededFault" -// The request would result in the user exceeding the allowed number of subnets -// in a DB subnet groups. +// - ErrCodeDBSubnetQuotaExceededFault "DBSubnetQuotaExceededFault" +// The request would result in the user exceeding the allowed number of subnets +// in a DB subnet groups. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBSubnetGroup func (c *RDS) CreateDBSubnetGroup(input *CreateDBSubnetGroupInput) (*CreateDBSubnetGroupOutput, error) { @@ -2577,14 +3002,13 @@ const opCreateEventSubscription = "CreateEventSubscription" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateEventSubscriptionRequest method. +// req, resp := client.CreateEventSubscriptionRequest(params) // -// // Example sending a request using the CreateEventSubscriptionRequest method. -// req, resp := client.CreateEventSubscriptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateEventSubscription func (c *RDS) CreateEventSubscriptionRequest(input *CreateEventSubscriptionInput) (req *request.Request, output *CreateEventSubscriptionOutput) { @@ -2605,10 +3029,11 @@ func (c *RDS) CreateEventSubscriptionRequest(input *CreateEventSubscriptionInput // CreateEventSubscription API operation for Amazon Relational Database Service. // -// Creates an RDS event notification subscription. This action requires a topic -// Amazon Resource Name (ARN) created by either the RDS console, the SNS console, -// or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon -// SNS and subscribe to the topic. The ARN is displayed in the SNS console. +// Creates an RDS event notification subscription. This operation requires a +// topic Amazon Resource Name (ARN) created by either the RDS console, the SNS +// console, or the SNS API. To obtain an ARN with SNS, you must create a topic +// in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS +// console. // // You can specify the type of source (SourceType) that you want to be notified // of and provide a list of RDS sources (SourceIds) that triggers the events. @@ -2618,15 +3043,20 @@ func (c *RDS) CreateEventSubscriptionRequest(input *CreateEventSubscriptionInput // = Availability, Backup. // // If you specify both the SourceType and SourceIds, such as SourceType = db-instance -// and SourceIdentifier = myDBInstance1, you are notified of all the db-instance -// events for the specified source. If you specify a SourceType but do not specify -// a SourceIdentifier, you receive notice of the events for that source type -// for all your RDS sources. If you don't specify either the SourceType or the -// SourceIdentifier, you are notified of events generated from all RDS sources -// belonging to your customer account. +// and SourceIds = myDBInstance1, you are notified of all the db-instance events +// for the specified source. If you specify a SourceType but do not specify +// SourceIds, you receive notice of the events for that source type for all +// your RDS sources. If you don't specify either the SourceType or the SourceIds, +// you are notified of events generated from all RDS sources belonging to your +// customer account. +// +// For more information about subscribing to an event for RDS DB engines, see +// Subscribing to Amazon RDS event notification (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Subscribing.html) +// in the Amazon RDS User Guide. // -// RDS event notification is only available for unencrypted SNS topics. If you -// specify an encrypted SNS topic, event notifications aren't sent for the topic. +// For more information about subscribing to an event for Aurora DB engines, +// see Subscribing to Amazon RDS event notification (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Subscribing.html) +// in the Amazon Aurora User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2636,26 +3066,27 @@ func (c *RDS) CreateEventSubscriptionRequest(input *CreateEventSubscriptionInput // API operation CreateEventSubscription for usage and error information. // // Returned Error Codes: -// * ErrCodeEventSubscriptionQuotaExceededFault "EventSubscriptionQuotaExceeded" -// You have reached the maximum number of event subscriptions. // -// * ErrCodeSubscriptionAlreadyExistFault "SubscriptionAlreadyExist" -// The supplied subscription name already exists. +// - ErrCodeEventSubscriptionQuotaExceededFault "EventSubscriptionQuotaExceeded" +// You have reached the maximum number of event subscriptions. +// +// - ErrCodeSubscriptionAlreadyExistFault "SubscriptionAlreadyExist" +// The supplied subscription name already exists. // -// * ErrCodeSNSInvalidTopicFault "SNSInvalidTopic" -// SNS has responded that there is a problem with the SND topic specified. +// - ErrCodeSNSInvalidTopicFault "SNSInvalidTopic" +// SNS has responded that there is a problem with the SNS topic specified. // -// * ErrCodeSNSNoAuthorizationFault "SNSNoAuthorization" -// You do not have permission to publish to the SNS topic ARN. +// - ErrCodeSNSNoAuthorizationFault "SNSNoAuthorization" +// You do not have permission to publish to the SNS topic ARN. // -// * ErrCodeSNSTopicArnNotFoundFault "SNSTopicArnNotFound" -// The SNS topic ARN does not exist. +// - ErrCodeSNSTopicArnNotFoundFault "SNSTopicArnNotFound" +// The SNS topic ARN does not exist. // -// * ErrCodeSubscriptionCategoryNotFoundFault "SubscriptionCategoryNotFound" -// The supplied category does not exist. +// - ErrCodeSubscriptionCategoryNotFoundFault "SubscriptionCategoryNotFound" +// The supplied category does not exist. // -// * ErrCodeSourceNotFoundFault "SourceNotFound" -// The requested source could not be found. +// - ErrCodeSourceNotFoundFault "SourceNotFound" +// The requested source could not be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateEventSubscription func (c *RDS) CreateEventSubscription(input *CreateEventSubscriptionInput) (*CreateEventSubscriptionOutput, error) { @@ -2695,14 +3126,13 @@ const opCreateGlobalCluster = "CreateGlobalCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateGlobalClusterRequest method. +// req, resp := client.CreateGlobalClusterRequest(params) // -// // Example sending a request using the CreateGlobalClusterRequest method. -// req, resp := client.CreateGlobalClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateGlobalCluster func (c *RDS) CreateGlobalClusterRequest(input *CreateGlobalClusterInput) (req *request.Request, output *CreateGlobalClusterOutput) { @@ -2723,17 +3153,18 @@ func (c *RDS) CreateGlobalClusterRequest(input *CreateGlobalClusterInput) (req * // CreateGlobalCluster API operation for Amazon Relational Database Service. // -// Creates an Aurora global database spread across multiple AWS Regions. The -// global database contains a single primary cluster with read-write capability, -// and a read-only secondary cluster that receives data from the primary cluster -// through high-speed replication performed by the Aurora storage subsystem. +// Creates an Aurora global database spread across multiple Amazon Web Services +// Regions. The global database contains a single primary cluster with read-write +// capability, and a read-only secondary cluster that receives data from the +// primary cluster through high-speed replication performed by the Aurora storage +// subsystem. // -// You can create a global database that is initially empty, and then add a -// primary cluster and a secondary cluster to it. Or you can specify an existing -// Aurora cluster during the create operation, and this cluster becomes the -// primary cluster of the global database. +// You can create a global database that is initially empty, and then create +// the primary and secondary DB clusters in the global database. Or you can +// specify an existing Aurora cluster during the create operation, and this +// cluster becomes the primary cluster of the global database. // -// This action only applies to Aurora DB clusters. +// This operation applies only to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2743,15 +3174,20 @@ func (c *RDS) CreateGlobalClusterRequest(input *CreateGlobalClusterInput) (req * // API operation CreateGlobalCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeGlobalClusterAlreadyExistsFault "GlobalClusterAlreadyExistsFault" // -// * ErrCodeGlobalClusterQuotaExceededFault "GlobalClusterQuotaExceededFault" +// - ErrCodeGlobalClusterAlreadyExistsFault "GlobalClusterAlreadyExistsFault" +// The GlobalClusterIdentifier already exists. Choose a new global database +// identifier (unique name) to create a new global database cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeGlobalClusterQuotaExceededFault "GlobalClusterQuotaExceededFault" +// The number of global database clusters for this account is already at the +// maximum allowed. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateGlobalCluster func (c *RDS) CreateGlobalCluster(input *CreateGlobalClusterInput) (*CreateGlobalClusterOutput, error) { @@ -2775,6 +3211,104 @@ func (c *RDS) CreateGlobalClusterWithContext(ctx aws.Context, input *CreateGloba return out, req.Send() } +const opCreateIntegration = "CreateIntegration" + +// CreateIntegrationRequest generates a "aws/request.Request" representing the +// client's request for the CreateIntegration operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateIntegration for more information on using the CreateIntegration +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateIntegrationRequest method. +// req, resp := client.CreateIntegrationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateIntegration +func (c *RDS) CreateIntegrationRequest(input *CreateIntegrationInput) (req *request.Request, output *CreateIntegrationOutput) { + op := &request.Operation{ + Name: opCreateIntegration, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateIntegrationInput{} + } + + output = &CreateIntegrationOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateIntegration API operation for Amazon Relational Database Service. +// +// Creates a zero-ETL integration with Amazon Redshift. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation CreateIntegration for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeIntegrationAlreadyExistsFault "IntegrationAlreadyExistsFault" +// The integration you are trying to create already exists. +// +// - ErrCodeIntegrationQuotaExceededFault "IntegrationQuotaExceededFault" +// You can't crate any more zero-ETL integrations because the quota has been +// reached. +// +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. +// +// - ErrCodeIntegrationConflictOperationFault "IntegrationConflictOperationFault" +// A conflicting conditional operation is currently in progress against this +// resource. Typically occurs when there are multiple requests being made to +// the same resource at the same time, and these requests conflict with each +// other. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateIntegration +func (c *RDS) CreateIntegration(input *CreateIntegrationInput) (*CreateIntegrationOutput, error) { + req, out := c.CreateIntegrationRequest(input) + return out, req.Send() +} + +// CreateIntegrationWithContext is the same as CreateIntegration with the addition of +// the ability to pass a context and additional request options. +// +// See CreateIntegration for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) CreateIntegrationWithContext(ctx aws.Context, input *CreateIntegrationInput, opts ...request.Option) (*CreateIntegrationOutput, error) { + req, out := c.CreateIntegrationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateOptionGroup = "CreateOptionGroup" // CreateOptionGroupRequest generates a "aws/request.Request" representing the @@ -2791,14 +3325,13 @@ const opCreateOptionGroup = "CreateOptionGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateOptionGroupRequest method. +// req, resp := client.CreateOptionGroupRequest(params) // -// // Example sending a request using the CreateOptionGroupRequest method. -// req, resp := client.CreateOptionGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateOptionGroup func (c *RDS) CreateOptionGroupRequest(input *CreateOptionGroupInput) (req *request.Request, output *CreateOptionGroupOutput) { @@ -2821,6 +3354,8 @@ func (c *RDS) CreateOptionGroupRequest(input *CreateOptionGroupInput) (req *requ // // Creates a new option group. You can create up to 20 option groups. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2829,11 +3364,12 @@ func (c *RDS) CreateOptionGroupRequest(input *CreateOptionGroupInput) (req *requ // API operation CreateOptionGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeOptionGroupAlreadyExistsFault "OptionGroupAlreadyExistsFault" -// The option group you are trying to create already exists. // -// * ErrCodeOptionGroupQuotaExceededFault "OptionGroupQuotaExceededFault" -// The quota of 20 option groups was exceeded for this AWS account. +// - ErrCodeOptionGroupAlreadyExistsFault "OptionGroupAlreadyExistsFault" +// The option group you are trying to create already exists. +// +// - ErrCodeOptionGroupQuotaExceededFault "OptionGroupQuotaExceededFault" +// The quota of 20 option groups was exceeded for this Amazon Web Services account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateOptionGroup func (c *RDS) CreateOptionGroup(input *CreateOptionGroupInput) (*CreateOptionGroupOutput, error) { @@ -2857,90 +3393,282 @@ func (c *RDS) CreateOptionGroupWithContext(ctx aws.Context, input *CreateOptionG return out, req.Send() } -const opDeleteCustomAvailabilityZone = "DeleteCustomAvailabilityZone" +const opCreateTenantDatabase = "CreateTenantDatabase" -// DeleteCustomAvailabilityZoneRequest generates a "aws/request.Request" representing the -// client's request for the DeleteCustomAvailabilityZone operation. The "output" return +// CreateTenantDatabaseRequest generates a "aws/request.Request" representing the +// client's request for the CreateTenantDatabase operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteCustomAvailabilityZone for more information on using the DeleteCustomAvailabilityZone +// See CreateTenantDatabase for more information on using the CreateTenantDatabase // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateTenantDatabaseRequest method. +// req, resp := client.CreateTenantDatabaseRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateTenantDatabase +func (c *RDS) CreateTenantDatabaseRequest(input *CreateTenantDatabaseInput) (req *request.Request, output *CreateTenantDatabaseOutput) { + op := &request.Operation{ + Name: opCreateTenantDatabase, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTenantDatabaseInput{} + } + + output = &CreateTenantDatabaseOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTenantDatabase API operation for Amazon Relational Database Service. +// +// Creates a tenant database in a DB instance that uses the multi-tenant configuration. +// Only RDS for Oracle container database (CDB) instances are supported. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation CreateTenantDatabase for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeTenantDatabaseAlreadyExistsFault "TenantDatabaseAlreadyExists" +// You attempted to either create a tenant database that already exists or modify +// a tenant database to use the name of an existing tenant database. +// +// - ErrCodeTenantDatabaseQuotaExceededFault "TenantDatabaseQuotaExceeded" +// You attempted to create more tenant databases than are permitted in your +// Amazon Web Services account. // -// // Example sending a request using the DeleteCustomAvailabilityZoneRequest method. -// req, resp := client.DeleteCustomAvailabilityZoneRequest(params) +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateTenantDatabase +func (c *RDS) CreateTenantDatabase(input *CreateTenantDatabaseInput) (*CreateTenantDatabaseOutput, error) { + req, out := c.CreateTenantDatabaseRequest(input) + return out, req.Send() +} + +// CreateTenantDatabaseWithContext is the same as CreateTenantDatabase with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTenantDatabase for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) CreateTenantDatabaseWithContext(ctx aws.Context, input *CreateTenantDatabaseInput, opts ...request.Option) (*CreateTenantDatabaseOutput, error) { + req, out := c.CreateTenantDatabaseRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteBlueGreenDeployment = "DeleteBlueGreenDeployment" + +// DeleteBlueGreenDeploymentRequest generates a "aws/request.Request" representing the +// client's request for the DeleteBlueGreenDeployment operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteBlueGreenDeployment for more information on using the DeleteBlueGreenDeployment +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// // Example sending a request using the DeleteBlueGreenDeploymentRequest method. +// req, resp := client.DeleteBlueGreenDeploymentRequest(params) // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteCustomAvailabilityZone -func (c *RDS) DeleteCustomAvailabilityZoneRequest(input *DeleteCustomAvailabilityZoneInput) (req *request.Request, output *DeleteCustomAvailabilityZoneOutput) { +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteBlueGreenDeployment +func (c *RDS) DeleteBlueGreenDeploymentRequest(input *DeleteBlueGreenDeploymentInput) (req *request.Request, output *DeleteBlueGreenDeploymentOutput) { op := &request.Operation{ - Name: opDeleteCustomAvailabilityZone, + Name: opDeleteBlueGreenDeployment, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteCustomAvailabilityZoneInput{} + input = &DeleteBlueGreenDeploymentInput{} } - output = &DeleteCustomAvailabilityZoneOutput{} + output = &DeleteBlueGreenDeploymentOutput{} req = c.newRequest(op, input, output) return } -// DeleteCustomAvailabilityZone API operation for Amazon Relational Database Service. +// DeleteBlueGreenDeployment API operation for Amazon Relational Database Service. // -// Deletes a custom Availability Zone (AZ). +// Deletes a blue/green deployment. // -// A custom AZ is an on-premises AZ that is integrated with a VMware vSphere -// cluster. +// For more information, see Using Amazon RDS Blue/Green Deployments for database +// updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) +// in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments +// for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) +// in the Amazon Aurora User Guide. // -// For more information about RDS on VMware, see the RDS on VMware User Guide. -// (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DeleteBlueGreenDeployment for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeBlueGreenDeploymentNotFoundFault "BlueGreenDeploymentNotFoundFault" +// BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment. +// +// - ErrCodeInvalidBlueGreenDeploymentStateFault "InvalidBlueGreenDeploymentStateFault" +// The blue/green deployment can't be switched over or deleted because there +// is an invalid configuration in the green environment. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteBlueGreenDeployment +func (c *RDS) DeleteBlueGreenDeployment(input *DeleteBlueGreenDeploymentInput) (*DeleteBlueGreenDeploymentOutput, error) { + req, out := c.DeleteBlueGreenDeploymentRequest(input) + return out, req.Send() +} + +// DeleteBlueGreenDeploymentWithContext is the same as DeleteBlueGreenDeployment with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteBlueGreenDeployment for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DeleteBlueGreenDeploymentWithContext(ctx aws.Context, input *DeleteBlueGreenDeploymentInput, opts ...request.Option) (*DeleteBlueGreenDeploymentOutput, error) { + req, out := c.DeleteBlueGreenDeploymentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteCustomDBEngineVersion = "DeleteCustomDBEngineVersion" + +// DeleteCustomDBEngineVersionRequest generates a "aws/request.Request" representing the +// client's request for the DeleteCustomDBEngineVersion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteCustomDBEngineVersion for more information on using the DeleteCustomDBEngineVersion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteCustomDBEngineVersionRequest method. +// req, resp := client.DeleteCustomDBEngineVersionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteCustomDBEngineVersion +func (c *RDS) DeleteCustomDBEngineVersionRequest(input *DeleteCustomDBEngineVersionInput) (req *request.Request, output *DeleteCustomDBEngineVersionOutput) { + op := &request.Operation{ + Name: opDeleteCustomDBEngineVersion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteCustomDBEngineVersionInput{} + } + + output = &DeleteCustomDBEngineVersionOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteCustomDBEngineVersion API operation for Amazon Relational Database Service. +// +// Deletes a custom engine version. To run this command, make sure you meet +// the following prerequisites: +// +// - The CEV must not be the default for RDS Custom. If it is, change the +// default before running this command. +// +// - The CEV must not be associated with an RDS Custom DB instance, RDS Custom +// instance snapshot, or automated backup of your RDS Custom instance. +// +// Typically, deletion takes a few minutes. +// +// The MediaImport service that imports files from Amazon S3 to create CEVs +// isn't integrated with Amazon Web Services CloudTrail. If you turn on data +// logging for Amazon RDS in CloudTrail, calls to the DeleteCustomDbEngineVersion +// event aren't logged. However, you might see calls from the API gateway that +// accesses your Amazon S3 bucket. These calls originate from the MediaImport +// service for the DeleteCustomDbEngineVersion event. +// +// For more information, see Deleting a CEV (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.delete) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon Relational Database Service's -// API operation DeleteCustomAvailabilityZone for usage and error information. +// API operation DeleteCustomDBEngineVersion for usage and error information. // // Returned Error Codes: -// * ErrCodeCustomAvailabilityZoneNotFoundFault "CustomAvailabilityZoneNotFound" -// CustomAvailabilityZoneId doesn't refer to an existing custom Availability -// Zone identifier. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeCustomDBEngineVersionNotFoundFault "CustomDBEngineVersionNotFoundFault" +// The specified CEV was not found. +// +// - ErrCodeInvalidCustomDBEngineVersionStateFault "InvalidCustomDBEngineVersionStateFault" +// You can't delete the CEV. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteCustomAvailabilityZone -func (c *RDS) DeleteCustomAvailabilityZone(input *DeleteCustomAvailabilityZoneInput) (*DeleteCustomAvailabilityZoneOutput, error) { - req, out := c.DeleteCustomAvailabilityZoneRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteCustomDBEngineVersion +func (c *RDS) DeleteCustomDBEngineVersion(input *DeleteCustomDBEngineVersionInput) (*DeleteCustomDBEngineVersionOutput, error) { + req, out := c.DeleteCustomDBEngineVersionRequest(input) return out, req.Send() } -// DeleteCustomAvailabilityZoneWithContext is the same as DeleteCustomAvailabilityZone with the addition of +// DeleteCustomDBEngineVersionWithContext is the same as DeleteCustomDBEngineVersion with the addition of // the ability to pass a context and additional request options. // -// See DeleteCustomAvailabilityZone for details on how to use this API operation. +// See DeleteCustomDBEngineVersion for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) DeleteCustomAvailabilityZoneWithContext(ctx aws.Context, input *DeleteCustomAvailabilityZoneInput, opts ...request.Option) (*DeleteCustomAvailabilityZoneOutput, error) { - req, out := c.DeleteCustomAvailabilityZoneRequest(input) +func (c *RDS) DeleteCustomDBEngineVersionWithContext(ctx aws.Context, input *DeleteCustomDBEngineVersionInput, opts ...request.Option) (*DeleteCustomDBEngineVersionOutput, error) { + req, out := c.DeleteCustomDBEngineVersionRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() @@ -2962,14 +3690,13 @@ const opDeleteDBCluster = "DeleteDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBClusterRequest method. +// req, resp := client.DeleteDBClusterRequest(params) // -// // Example sending a request using the DeleteDBClusterRequest method. -// req, resp := client.DeleteDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBCluster func (c *RDS) DeleteDBClusterRequest(input *DeleteDBClusterInput) (req *request.Request, output *DeleteDBClusterOutput) { @@ -2995,10 +3722,15 @@ func (c *RDS) DeleteDBClusterRequest(input *DeleteDBClusterInput) (req *request. // and can't be recovered. Manual DB cluster snapshots of the specified DB cluster // are not deleted. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// If you're deleting a Multi-AZ DB cluster with read replicas, all cluster +// members are terminated and read replicas are promoted to standalone instances. +// +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3008,20 +3740,26 @@ func (c *RDS) DeleteDBClusterRequest(input *DeleteDBClusterInput) (req *request. // API operation DeleteDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBClusterSnapshotAlreadyExistsFault "DBClusterSnapshotAlreadyExistsFault" -// The user already has a DB cluster snapshot with the given identifier. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB snapshots. +// - ErrCodeDBClusterSnapshotAlreadyExistsFault "DBClusterSnapshotAlreadyExistsFault" +// The user already has a DB cluster snapshot with the given identifier. // -// * ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" -// The supplied value isn't a valid DB cluster snapshot state. +// - ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB snapshots. +// +// - ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" +// The supplied value isn't a valid DB cluster snapshot state. +// +// - ErrCodeDBClusterAutomatedBackupQuotaExceededFault "DBClusterAutomatedBackupQuotaExceededFault" +// The quota for retained automated backups was exceeded. This prevents you +// from retaining any additional automated backups. The retained automated backups +// quota is the same as your DB cluster quota. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBCluster func (c *RDS) DeleteDBCluster(input *DeleteDBClusterInput) (*DeleteDBClusterOutput, error) { @@ -3045,6 +3783,90 @@ func (c *RDS) DeleteDBClusterWithContext(ctx aws.Context, input *DeleteDBCluster return out, req.Send() } +const opDeleteDBClusterAutomatedBackup = "DeleteDBClusterAutomatedBackup" + +// DeleteDBClusterAutomatedBackupRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDBClusterAutomatedBackup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteDBClusterAutomatedBackup for more information on using the DeleteDBClusterAutomatedBackup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteDBClusterAutomatedBackupRequest method. +// req, resp := client.DeleteDBClusterAutomatedBackupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterAutomatedBackup +func (c *RDS) DeleteDBClusterAutomatedBackupRequest(input *DeleteDBClusterAutomatedBackupInput) (req *request.Request, output *DeleteDBClusterAutomatedBackupOutput) { + op := &request.Operation{ + Name: opDeleteDBClusterAutomatedBackup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteDBClusterAutomatedBackupInput{} + } + + output = &DeleteDBClusterAutomatedBackupOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteDBClusterAutomatedBackup API operation for Amazon Relational Database Service. +// +// Deletes automated backups using the DbClusterResourceId value of the source +// DB cluster or the Amazon Resource Name (ARN) of the automated backups. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DeleteDBClusterAutomatedBackup for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidDBClusterAutomatedBackupStateFault "InvalidDBClusterAutomatedBackupStateFault" +// The automated backup is in an invalid state. For example, this automated +// backup is associated with an active cluster. +// +// - ErrCodeDBClusterAutomatedBackupNotFoundFault "DBClusterAutomatedBackupNotFoundFault" +// No automated backup for this DB cluster was found. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterAutomatedBackup +func (c *RDS) DeleteDBClusterAutomatedBackup(input *DeleteDBClusterAutomatedBackupInput) (*DeleteDBClusterAutomatedBackupOutput, error) { + req, out := c.DeleteDBClusterAutomatedBackupRequest(input) + return out, req.Send() +} + +// DeleteDBClusterAutomatedBackupWithContext is the same as DeleteDBClusterAutomatedBackup with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteDBClusterAutomatedBackup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DeleteDBClusterAutomatedBackupWithContext(ctx aws.Context, input *DeleteDBClusterAutomatedBackupInput, opts ...request.Option) (*DeleteDBClusterAutomatedBackupOutput, error) { + req, out := c.DeleteDBClusterAutomatedBackupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteDBClusterEndpoint = "DeleteDBClusterEndpoint" // DeleteDBClusterEndpointRequest generates a "aws/request.Request" representing the @@ -3061,14 +3883,13 @@ const opDeleteDBClusterEndpoint = "DeleteDBClusterEndpoint" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBClusterEndpointRequest method. +// req, resp := client.DeleteDBClusterEndpointRequest(params) // -// // Example sending a request using the DeleteDBClusterEndpointRequest method. -// req, resp := client.DeleteDBClusterEndpointRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterEndpoint func (c *RDS) DeleteDBClusterEndpointRequest(input *DeleteDBClusterEndpointInput) (req *request.Request, output *DeleteDBClusterEndpointOutput) { @@ -3101,15 +3922,16 @@ func (c *RDS) DeleteDBClusterEndpointRequest(input *DeleteDBClusterEndpointInput // API operation DeleteDBClusterEndpoint for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBClusterEndpointStateFault "InvalidDBClusterEndpointStateFault" -// The requested operation can't be performed on the endpoint while the endpoint -// is in this state. // -// * ErrCodeDBClusterEndpointNotFoundFault "DBClusterEndpointNotFoundFault" -// The specified custom endpoint doesn't exist. +// - ErrCodeInvalidDBClusterEndpointStateFault "InvalidDBClusterEndpointStateFault" +// The requested operation can't be performed on the endpoint while the endpoint +// is in this state. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterEndpointNotFoundFault "DBClusterEndpointNotFoundFault" +// The specified custom endpoint doesn't exist. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterEndpoint func (c *RDS) DeleteDBClusterEndpoint(input *DeleteDBClusterEndpointInput) (*DeleteDBClusterEndpointOutput, error) { @@ -3149,14 +3971,13 @@ const opDeleteDBClusterParameterGroup = "DeleteDBClusterParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBClusterParameterGroupRequest method. +// req, resp := client.DeleteDBClusterParameterGroupRequest(params) // -// // Example sending a request using the DeleteDBClusterParameterGroupRequest method. -// req, resp := client.DeleteDBClusterParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterParameterGroup func (c *RDS) DeleteDBClusterParameterGroupRequest(input *DeleteDBClusterParameterGroupInput) (req *request.Request, output *DeleteDBClusterParameterGroupOutput) { @@ -3181,10 +4002,12 @@ func (c *RDS) DeleteDBClusterParameterGroupRequest(input *DeleteDBClusterParamet // Deletes a specified DB cluster parameter group. The DB cluster parameter // group to be deleted can't be associated with any DB clusters. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3194,13 +4017,14 @@ func (c *RDS) DeleteDBClusterParameterGroupRequest(input *DeleteDBClusterParamet // API operation DeleteDBClusterParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" -// The DB parameter group is in use or is in an invalid state. If you are attempting -// to delete the parameter group, you can't delete it when the parameter group -// is in this state. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" +// The DB parameter group is in use or is in an invalid state. If you are attempting +// to delete the parameter group, you can't delete it when the parameter group +// is in this state. +// +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterParameterGroup func (c *RDS) DeleteDBClusterParameterGroup(input *DeleteDBClusterParameterGroupInput) (*DeleteDBClusterParameterGroupOutput, error) { @@ -3240,14 +4064,13 @@ const opDeleteDBClusterSnapshot = "DeleteDBClusterSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBClusterSnapshotRequest method. +// req, resp := client.DeleteDBClusterSnapshotRequest(params) // -// // Example sending a request using the DeleteDBClusterSnapshotRequest method. -// req, resp := client.DeleteDBClusterSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterSnapshot func (c *RDS) DeleteDBClusterSnapshotRequest(input *DeleteDBClusterSnapshotInput) (req *request.Request, output *DeleteDBClusterSnapshotOutput) { @@ -3273,10 +4096,12 @@ func (c *RDS) DeleteDBClusterSnapshotRequest(input *DeleteDBClusterSnapshotInput // // The DB cluster snapshot must be in the available state to be deleted. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3286,11 +4111,12 @@ func (c *RDS) DeleteDBClusterSnapshotRequest(input *DeleteDBClusterSnapshotInput // API operation DeleteDBClusterSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" -// The supplied value isn't a valid DB cluster snapshot state. // -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// - ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" +// The supplied value isn't a valid DB cluster snapshot state. +// +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBClusterSnapshot func (c *RDS) DeleteDBClusterSnapshot(input *DeleteDBClusterSnapshotInput) (*DeleteDBClusterSnapshotOutput, error) { @@ -3330,14 +4156,13 @@ const opDeleteDBInstance = "DeleteDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBInstanceRequest method. +// req, resp := client.DeleteDBInstanceRequest(params) // -// // Example sending a request using the DeleteDBInstanceRequest method. -// req, resp := client.DeleteDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstance func (c *RDS) DeleteDBInstanceRequest(input *DeleteDBInstanceInput) (req *request.Request, output *DeleteDBInstanceOutput) { @@ -3358,15 +4183,14 @@ func (c *RDS) DeleteDBInstanceRequest(input *DeleteDBInstanceInput) (req *reques // DeleteDBInstance API operation for Amazon Relational Database Service. // -// The DeleteDBInstance action deletes a previously provisioned DB instance. -// When you delete a DB instance, all automated backups for that instance are -// deleted and can't be recovered. Manual DB snapshots of the DB instance to -// be deleted by DeleteDBInstance are not deleted. +// Deletes a previously provisioned DB instance. When you delete a DB instance, +// all automated backups for that instance are deleted and can't be recovered. +// However, manual DB snapshots of the DB instance aren't deleted. // -// If you request a final DB snapshot the status of the Amazon RDS DB instance -// is deleting until the DB snapshot is created. The API action DescribeDBInstance -// is used to monitor the status of this operation. The action can't be canceled -// or reverted once submitted. +// If you request a final DB snapshot, the status of the Amazon RDS DB instance +// is deleting until the DB snapshot is created. This operation can't be canceled +// or reverted after it begins. To monitor the status of this operation, use +// DescribeDBInstance. // // When a DB instance is in a failure state and has a status of failed, incompatible-restore, // or incompatible-network, you can only delete it when you skip creation of @@ -3375,15 +4199,20 @@ func (c *RDS) DeleteDBInstanceRequest(input *DeleteDBInstanceInput) (req *reques // If the specified DB instance is part of an Amazon Aurora DB cluster, you // can't delete the DB instance if both of the following conditions are true: // -// * The DB cluster is a read replica of another Amazon Aurora DB cluster. +// - The DB cluster is a read replica of another Amazon Aurora DB cluster. // -// * The DB instance is the only instance in the DB cluster. +// - The DB instance is the only instance in the DB cluster. // -// To delete a DB instance in this case, first call the PromoteReadReplicaDBCluster -// API action to promote the DB cluster so it's no longer a read replica. After -// the promotion completes, then call the DeleteDBInstance API action to delete +// To delete a DB instance in this case, first use the PromoteReadReplicaDBCluster +// operation to promote the DB cluster so that it's no longer a read replica. +// After the promotion completes, use the DeleteDBInstance operation to delete // the final instance in the DB cluster. // +// For RDS Custom DB instances, deleting the DB instance permanently deletes +// the EC2 instance and the associated EBS volumes. Make sure that you don't +// terminate or delete these resources before you delete the DB instance. Otherwise, +// deleting the DB instance and creation of the final snapshot might fail. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3392,25 +4221,26 @@ func (c *RDS) DeleteDBInstanceRequest(input *DeleteDBInstanceInput) (req *reques // API operation DeleteDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" -// DBSnapshotIdentifier is already used by an existing snapshot. +// - ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" +// DBSnapshotIdentifier is already used by an existing snapshot. // -// * ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB snapshots. +// - ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB snapshots. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeDBInstanceAutomatedBackupQuotaExceededFault "DBInstanceAutomatedBackupQuotaExceeded" -// The quota for retained automated backups was exceeded. This prevents you -// from retaining any additional automated backups. The retained automated backups -// quota is the same as your DB Instance quota. +// - ErrCodeDBInstanceAutomatedBackupQuotaExceededFault "DBInstanceAutomatedBackupQuotaExceeded" +// The quota for retained automated backups was exceeded. This prevents you +// from retaining any additional automated backups. The retained automated backups +// quota is the same as your DB instance quota. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstance func (c *RDS) DeleteDBInstance(input *DeleteDBInstanceInput) (*DeleteDBInstanceOutput, error) { @@ -3450,14 +4280,13 @@ const opDeleteDBInstanceAutomatedBackup = "DeleteDBInstanceAutomatedBackup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBInstanceAutomatedBackupRequest method. +// req, resp := client.DeleteDBInstanceAutomatedBackupRequest(params) // -// // Example sending a request using the DeleteDBInstanceAutomatedBackupRequest method. -// req, resp := client.DeleteDBInstanceAutomatedBackupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackup func (c *RDS) DeleteDBInstanceAutomatedBackupRequest(input *DeleteDBInstanceAutomatedBackupInput) (req *request.Request, output *DeleteDBInstanceAutomatedBackupOutput) { @@ -3489,12 +4318,13 @@ func (c *RDS) DeleteDBInstanceAutomatedBackupRequest(input *DeleteDBInstanceAuto // API operation DeleteDBInstanceAutomatedBackup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBInstanceAutomatedBackupStateFault "InvalidDBInstanceAutomatedBackupState" -// The automated backup is in an invalid state. For example, this automated -// backup is associated with an active instance. // -// * ErrCodeDBInstanceAutomatedBackupNotFoundFault "DBInstanceAutomatedBackupNotFound" -// No automated backup for this DB instance was found. +// - ErrCodeInvalidDBInstanceAutomatedBackupStateFault "InvalidDBInstanceAutomatedBackupState" +// The automated backup is in an invalid state. For example, this automated +// backup is associated with an active instance. +// +// - ErrCodeDBInstanceAutomatedBackupNotFoundFault "DBInstanceAutomatedBackupNotFound" +// No automated backup for this DB instance was found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackup func (c *RDS) DeleteDBInstanceAutomatedBackup(input *DeleteDBInstanceAutomatedBackupInput) (*DeleteDBInstanceAutomatedBackupOutput, error) { @@ -3534,14 +4364,13 @@ const opDeleteDBParameterGroup = "DeleteDBParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBParameterGroupRequest method. +// req, resp := client.DeleteDBParameterGroupRequest(params) // -// // Example sending a request using the DeleteDBParameterGroupRequest method. -// req, resp := client.DeleteDBParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBParameterGroup func (c *RDS) DeleteDBParameterGroupRequest(input *DeleteDBParameterGroupInput) (req *request.Request, output *DeleteDBParameterGroupOutput) { @@ -3574,13 +4403,14 @@ func (c *RDS) DeleteDBParameterGroupRequest(input *DeleteDBParameterGroupInput) // API operation DeleteDBParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" -// The DB parameter group is in use or is in an invalid state. If you are attempting -// to delete the parameter group, you can't delete it when the parameter group -// is in this state. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" +// The DB parameter group is in use or is in an invalid state. If you are attempting +// to delete the parameter group, you can't delete it when the parameter group +// is in this state. +// +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBParameterGroup func (c *RDS) DeleteDBParameterGroup(input *DeleteDBParameterGroupInput) (*DeleteDBParameterGroupOutput, error) { @@ -3620,14 +4450,13 @@ const opDeleteDBProxy = "DeleteDBProxy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBProxyRequest method. +// req, resp := client.DeleteDBProxyRequest(params) // -// // Example sending a request using the DeleteDBProxyRequest method. -// req, resp := client.DeleteDBProxyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBProxy func (c *RDS) DeleteDBProxyRequest(input *DeleteDBProxyInput) (req *request.Request, output *DeleteDBProxyOutput) { @@ -3648,7 +4477,7 @@ func (c *RDS) DeleteDBProxyRequest(input *DeleteDBProxyInput) (req *request.Requ // DeleteDBProxy API operation for Amazon Relational Database Service. // -// Deletes an existing proxy. +// Deletes an existing DB proxy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3658,12 +4487,13 @@ func (c *RDS) DeleteDBProxyRequest(input *DeleteDBProxyInput) (req *request.Requ // API operation DeleteDBProxy for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. // -// * ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" -// The requested operation can't be performed while the proxy is in this state. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBProxy func (c *RDS) DeleteDBProxy(input *DeleteDBProxyInput) (*DeleteDBProxyOutput, error) { @@ -3687,6 +4517,92 @@ func (c *RDS) DeleteDBProxyWithContext(ctx aws.Context, input *DeleteDBProxyInpu return out, req.Send() } +const opDeleteDBProxyEndpoint = "DeleteDBProxyEndpoint" + +// DeleteDBProxyEndpointRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDBProxyEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteDBProxyEndpoint for more information on using the DeleteDBProxyEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteDBProxyEndpointRequest method. +// req, resp := client.DeleteDBProxyEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBProxyEndpoint +func (c *RDS) DeleteDBProxyEndpointRequest(input *DeleteDBProxyEndpointInput) (req *request.Request, output *DeleteDBProxyEndpointOutput) { + op := &request.Operation{ + Name: opDeleteDBProxyEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteDBProxyEndpointInput{} + } + + output = &DeleteDBProxyEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteDBProxyEndpoint API operation for Amazon Relational Database Service. +// +// Deletes a DBProxyEndpoint. Doing so removes the ability to access the DB +// proxy using the endpoint that you defined. The endpoint that you delete might +// have provided capabilities such as read/write or read-only operations, or +// using a different VPC than the DB proxy's default VPC. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DeleteDBProxyEndpoint for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBProxyEndpointNotFoundFault "DBProxyEndpointNotFoundFault" +// The DB proxy endpoint doesn't exist. +// +// - ErrCodeInvalidDBProxyEndpointStateFault "InvalidDBProxyEndpointStateFault" +// You can't perform this operation while the DB proxy endpoint is in a particular +// state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBProxyEndpoint +func (c *RDS) DeleteDBProxyEndpoint(input *DeleteDBProxyEndpointInput) (*DeleteDBProxyEndpointOutput, error) { + req, out := c.DeleteDBProxyEndpointRequest(input) + return out, req.Send() +} + +// DeleteDBProxyEndpointWithContext is the same as DeleteDBProxyEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteDBProxyEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DeleteDBProxyEndpointWithContext(ctx aws.Context, input *DeleteDBProxyEndpointInput, opts ...request.Option) (*DeleteDBProxyEndpointOutput, error) { + req, out := c.DeleteDBProxyEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteDBSecurityGroup = "DeleteDBSecurityGroup" // DeleteDBSecurityGroupRequest generates a "aws/request.Request" representing the @@ -3703,14 +4619,13 @@ const opDeleteDBSecurityGroup = "DeleteDBSecurityGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBSecurityGroupRequest method. +// req, resp := client.DeleteDBSecurityGroupRequest(params) // -// // Example sending a request using the DeleteDBSecurityGroupRequest method. -// req, resp := client.DeleteDBSecurityGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBSecurityGroup func (c *RDS) DeleteDBSecurityGroupRequest(input *DeleteDBSecurityGroupInput) (req *request.Request, output *DeleteDBSecurityGroupOutput) { @@ -3736,6 +4651,14 @@ func (c *RDS) DeleteDBSecurityGroupRequest(input *DeleteDBSecurityGroupInput) (r // // The specified DB security group must not be associated with any DB instances. // +// EC2-Classic was retired on August 15, 2022. If you haven't migrated from +// EC2-Classic to a VPC, we recommend that you migrate as soon as possible. +// For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) +// in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring +// – Here’s How to Prepare (http://aws.amazon.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/), +// and Moving a DB instance not in a VPC into a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html) +// in the Amazon RDS User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3744,11 +4667,12 @@ func (c *RDS) DeleteDBSecurityGroupRequest(input *DeleteDBSecurityGroupInput) (r // API operation DeleteDBSecurityGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" -// The state of the DB security group doesn't allow deletion. // -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" +// The state of the DB security group doesn't allow deletion. +// +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBSecurityGroup func (c *RDS) DeleteDBSecurityGroup(input *DeleteDBSecurityGroupInput) (*DeleteDBSecurityGroupOutput, error) { @@ -3772,6 +4696,91 @@ func (c *RDS) DeleteDBSecurityGroupWithContext(ctx aws.Context, input *DeleteDBS return out, req.Send() } +const opDeleteDBShardGroup = "DeleteDBShardGroup" + +// DeleteDBShardGroupRequest generates a "aws/request.Request" representing the +// client's request for the DeleteDBShardGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteDBShardGroup for more information on using the DeleteDBShardGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteDBShardGroupRequest method. +// req, resp := client.DeleteDBShardGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBShardGroup +func (c *RDS) DeleteDBShardGroupRequest(input *DeleteDBShardGroupInput) (req *request.Request, output *DeleteDBShardGroupOutput) { + op := &request.Operation{ + Name: opDeleteDBShardGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteDBShardGroupInput{} + } + + output = &DeleteDBShardGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteDBShardGroup API operation for Amazon Relational Database Service. +// +// Deletes an Aurora Limitless Database DB shard group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DeleteDBShardGroup for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBShardGroupNotFoundFault "DBShardGroupNotFound" +// The specified DB shard group name wasn't found. +// +// - ErrCodeInvalidDBShardGroupStateFault "InvalidDBShardGroupState" +// The DB shard group must be in the available state. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBShardGroup +func (c *RDS) DeleteDBShardGroup(input *DeleteDBShardGroupInput) (*DeleteDBShardGroupOutput, error) { + req, out := c.DeleteDBShardGroupRequest(input) + return out, req.Send() +} + +// DeleteDBShardGroupWithContext is the same as DeleteDBShardGroup with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteDBShardGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DeleteDBShardGroupWithContext(ctx aws.Context, input *DeleteDBShardGroupInput, opts ...request.Option) (*DeleteDBShardGroupOutput, error) { + req, out := c.DeleteDBShardGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteDBSnapshot = "DeleteDBSnapshot" // DeleteDBSnapshotRequest generates a "aws/request.Request" representing the @@ -3788,14 +4797,13 @@ const opDeleteDBSnapshot = "DeleteDBSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBSnapshotRequest method. +// req, resp := client.DeleteDBSnapshotRequest(params) // -// // Example sending a request using the DeleteDBSnapshotRequest method. -// req, resp := client.DeleteDBSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBSnapshot func (c *RDS) DeleteDBSnapshotRequest(input *DeleteDBSnapshotInput) (req *request.Request, output *DeleteDBSnapshotOutput) { @@ -3829,11 +4837,12 @@ func (c *RDS) DeleteDBSnapshotRequest(input *DeleteDBSnapshotInput) (req *reques // API operation DeleteDBSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" -// The state of the DB snapshot doesn't allow deletion. // -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" +// The state of the DB snapshot doesn't allow deletion. +// +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBSnapshot func (c *RDS) DeleteDBSnapshot(input *DeleteDBSnapshotInput) (*DeleteDBSnapshotOutput, error) { @@ -3873,14 +4882,13 @@ const opDeleteDBSubnetGroup = "DeleteDBSubnetGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteDBSubnetGroupRequest method. +// req, resp := client.DeleteDBSubnetGroupRequest(params) // -// // Example sending a request using the DeleteDBSubnetGroupRequest method. -// req, resp := client.DeleteDBSubnetGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBSubnetGroup func (c *RDS) DeleteDBSubnetGroupRequest(input *DeleteDBSubnetGroupInput) (req *request.Request, output *DeleteDBSubnetGroupOutput) { @@ -3914,14 +4922,15 @@ func (c *RDS) DeleteDBSubnetGroupRequest(input *DeleteDBSubnetGroupInput) (req * // API operation DeleteDBSubnetGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" -// The DB subnet group cannot be deleted because it's in use. // -// * ErrCodeInvalidDBSubnetStateFault "InvalidDBSubnetStateFault" -// The DB subnet isn't in the available state. +// - ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" +// The DB subnet group cannot be deleted because it's in use. +// +// - ErrCodeInvalidDBSubnetStateFault "InvalidDBSubnetStateFault" +// The DB subnet isn't in the available state. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBSubnetGroup func (c *RDS) DeleteDBSubnetGroup(input *DeleteDBSubnetGroupInput) (*DeleteDBSubnetGroupOutput, error) { @@ -3961,14 +4970,13 @@ const opDeleteEventSubscription = "DeleteEventSubscription" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteEventSubscriptionRequest method. +// req, resp := client.DeleteEventSubscriptionRequest(params) // -// // Example sending a request using the DeleteEventSubscriptionRequest method. -// req, resp := client.DeleteEventSubscriptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteEventSubscription func (c *RDS) DeleteEventSubscriptionRequest(input *DeleteEventSubscriptionInput) (req *request.Request, output *DeleteEventSubscriptionOutput) { @@ -3999,12 +5007,13 @@ func (c *RDS) DeleteEventSubscriptionRequest(input *DeleteEventSubscriptionInput // API operation DeleteEventSubscription for usage and error information. // // Returned Error Codes: -// * ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" -// The subscription name does not exist. // -// * ErrCodeInvalidEventSubscriptionStateFault "InvalidEventSubscriptionState" -// This error can occur if someone else is modifying a subscription. You should -// retry the action. +// - ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" +// The subscription name does not exist. +// +// - ErrCodeInvalidEventSubscriptionStateFault "InvalidEventSubscriptionState" +// This error can occur if someone else is modifying a subscription. You should +// retry the action. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteEventSubscription func (c *RDS) DeleteEventSubscription(input *DeleteEventSubscriptionInput) (*DeleteEventSubscriptionOutput, error) { @@ -4044,14 +5053,13 @@ const opDeleteGlobalCluster = "DeleteGlobalCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteGlobalClusterRequest method. +// req, resp := client.DeleteGlobalClusterRequest(params) // -// // Example sending a request using the DeleteGlobalClusterRequest method. -// req, resp := client.DeleteGlobalClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteGlobalCluster func (c *RDS) DeleteGlobalClusterRequest(input *DeleteGlobalClusterInput) (req *request.Request, output *DeleteGlobalClusterOutput) { @@ -4085,9 +5093,14 @@ func (c *RDS) DeleteGlobalClusterRequest(input *DeleteGlobalClusterInput) (req * // API operation DeleteGlobalCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" // -// * ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// - ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// The GlobalClusterIdentifier doesn't refer to an existing global database +// cluster. +// +// - ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// The global cluster is in an invalid state and can't perform the requested +// operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteGlobalCluster func (c *RDS) DeleteGlobalCluster(input *DeleteGlobalClusterInput) (*DeleteGlobalClusterOutput, error) { @@ -4111,81 +5124,89 @@ func (c *RDS) DeleteGlobalClusterWithContext(ctx aws.Context, input *DeleteGloba return out, req.Send() } -const opDeleteInstallationMedia = "DeleteInstallationMedia" +const opDeleteIntegration = "DeleteIntegration" -// DeleteInstallationMediaRequest generates a "aws/request.Request" representing the -// client's request for the DeleteInstallationMedia operation. The "output" return +// DeleteIntegrationRequest generates a "aws/request.Request" representing the +// client's request for the DeleteIntegration operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DeleteInstallationMedia for more information on using the DeleteInstallationMedia +// See DeleteIntegration for more information on using the DeleteIntegration // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteIntegrationRequest method. +// req, resp := client.DeleteIntegrationRequest(params) // -// // Example sending a request using the DeleteInstallationMediaRequest method. -// req, resp := client.DeleteInstallationMediaRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteInstallationMedia -func (c *RDS) DeleteInstallationMediaRequest(input *DeleteInstallationMediaInput) (req *request.Request, output *DeleteInstallationMediaOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteIntegration +func (c *RDS) DeleteIntegrationRequest(input *DeleteIntegrationInput) (req *request.Request, output *DeleteIntegrationOutput) { op := &request.Operation{ - Name: opDeleteInstallationMedia, + Name: opDeleteIntegration, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &DeleteInstallationMediaInput{} + input = &DeleteIntegrationInput{} } - output = &DeleteInstallationMediaOutput{} + output = &DeleteIntegrationOutput{} req = c.newRequest(op, input, output) return } -// DeleteInstallationMedia API operation for Amazon Relational Database Service. +// DeleteIntegration API operation for Amazon Relational Database Service. // -// Deletes the installation medium for a DB engine that requires an on-premises -// customer provided license, such as Microsoft SQL Server. +// Deletes a zero-ETL integration with Amazon Redshift. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon Relational Database Service's -// API operation DeleteInstallationMedia for usage and error information. +// API operation DeleteIntegration for usage and error information. // // Returned Error Codes: -// * ErrCodeInstallationMediaNotFoundFault "InstallationMediaNotFound" -// InstallationMediaID doesn't refer to an existing installation medium. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteInstallationMedia -func (c *RDS) DeleteInstallationMedia(input *DeleteInstallationMediaInput) (*DeleteInstallationMediaOutput, error) { - req, out := c.DeleteInstallationMediaRequest(input) +// - ErrCodeIntegrationNotFoundFault "IntegrationNotFoundFault" +// The specified integration could not be found. +// +// - ErrCodeIntegrationConflictOperationFault "IntegrationConflictOperationFault" +// A conflicting conditional operation is currently in progress against this +// resource. Typically occurs when there are multiple requests being made to +// the same resource at the same time, and these requests conflict with each +// other. +// +// - ErrCodeInvalidIntegrationStateFault "InvalidIntegrationStateFault" +// The integration is in an invalid state and can't perform the requested operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteIntegration +func (c *RDS) DeleteIntegration(input *DeleteIntegrationInput) (*DeleteIntegrationOutput, error) { + req, out := c.DeleteIntegrationRequest(input) return out, req.Send() } -// DeleteInstallationMediaWithContext is the same as DeleteInstallationMedia with the addition of +// DeleteIntegrationWithContext is the same as DeleteIntegration with the addition of // the ability to pass a context and additional request options. // -// See DeleteInstallationMedia for details on how to use this API operation. +// See DeleteIntegration for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) DeleteInstallationMediaWithContext(ctx aws.Context, input *DeleteInstallationMediaInput, opts ...request.Option) (*DeleteInstallationMediaOutput, error) { - req, out := c.DeleteInstallationMediaRequest(input) +func (c *RDS) DeleteIntegrationWithContext(ctx aws.Context, input *DeleteIntegrationInput, opts ...request.Option) (*DeleteIntegrationOutput, error) { + req, out := c.DeleteIntegrationRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() @@ -4207,14 +5228,13 @@ const opDeleteOptionGroup = "DeleteOptionGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteOptionGroupRequest method. +// req, resp := client.DeleteOptionGroupRequest(params) // -// // Example sending a request using the DeleteOptionGroupRequest method. -// req, resp := client.DeleteOptionGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteOptionGroup func (c *RDS) DeleteOptionGroupRequest(input *DeleteOptionGroupInput) (req *request.Request, output *DeleteOptionGroupOutput) { @@ -4246,11 +5266,12 @@ func (c *RDS) DeleteOptionGroupRequest(input *DeleteOptionGroupInput) (req *requ // API operation DeleteOptionGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. // -// * ErrCodeInvalidOptionGroupStateFault "InvalidOptionGroupStateFault" -// The option group isn't in the available state. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. +// +// - ErrCodeInvalidOptionGroupStateFault "InvalidOptionGroupStateFault" +// The option group isn't in the available state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteOptionGroup func (c *RDS) DeleteOptionGroup(input *DeleteOptionGroupInput) (*DeleteOptionGroupOutput, error) { @@ -4274,6 +5295,94 @@ func (c *RDS) DeleteOptionGroupWithContext(ctx aws.Context, input *DeleteOptionG return out, req.Send() } +const opDeleteTenantDatabase = "DeleteTenantDatabase" + +// DeleteTenantDatabaseRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTenantDatabase operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTenantDatabase for more information on using the DeleteTenantDatabase +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteTenantDatabaseRequest method. +// req, resp := client.DeleteTenantDatabaseRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteTenantDatabase +func (c *RDS) DeleteTenantDatabaseRequest(input *DeleteTenantDatabaseInput) (req *request.Request, output *DeleteTenantDatabaseOutput) { + op := &request.Operation{ + Name: opDeleteTenantDatabase, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTenantDatabaseInput{} + } + + output = &DeleteTenantDatabaseOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTenantDatabase API operation for Amazon Relational Database Service. +// +// Deletes a tenant database from your DB instance. This command only applies +// to RDS for Oracle container database (CDB) instances. +// +// You can't delete a tenant database when it is the only tenant in the DB instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DeleteTenantDatabase for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeTenantDatabaseNotFoundFault "TenantDatabaseNotFound" +// The specified tenant database wasn't found in the DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteTenantDatabase +func (c *RDS) DeleteTenantDatabase(input *DeleteTenantDatabaseInput) (*DeleteTenantDatabaseOutput, error) { + req, out := c.DeleteTenantDatabaseRequest(input) + return out, req.Send() +} + +// DeleteTenantDatabaseWithContext is the same as DeleteTenantDatabase with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTenantDatabase for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DeleteTenantDatabaseWithContext(ctx aws.Context, input *DeleteTenantDatabaseInput, opts ...request.Option) (*DeleteTenantDatabaseOutput, error) { + req, out := c.DeleteTenantDatabaseRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeregisterDBProxyTargets = "DeregisterDBProxyTargets" // DeregisterDBProxyTargetsRequest generates a "aws/request.Request" representing the @@ -4290,14 +5399,13 @@ const opDeregisterDBProxyTargets = "DeregisterDBProxyTargets" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeregisterDBProxyTargetsRequest method. +// req, resp := client.DeregisterDBProxyTargetsRequest(params) // -// // Example sending a request using the DeregisterDBProxyTargetsRequest method. -// req, resp := client.DeregisterDBProxyTargetsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeregisterDBProxyTargets func (c *RDS) DeregisterDBProxyTargetsRequest(input *DeregisterDBProxyTargetsInput) (req *request.Request, output *DeregisterDBProxyTargetsOutput) { @@ -4330,20 +5438,22 @@ func (c *RDS) DeregisterDBProxyTargetsRequest(input *DeregisterDBProxyTargetsInp // API operation DeregisterDBProxyTargets for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyTargetNotFoundFault "DBProxyTargetNotFoundFault" -// The specified RDS DB instance or Aurora DB cluster isn't available for a -// proxy owned by your AWS account in the specified AWS Region. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyTargetNotFoundFault "DBProxyTargetNotFoundFault" +// The specified RDS DB instance or Aurora DB cluster isn't available for a +// proxy owned by your Amazon Web Services account in the specified Amazon Web +// Services Region. // -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" -// The requested operation can't be performed while the proxy is in this state. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeregisterDBProxyTargets func (c *RDS) DeregisterDBProxyTargets(input *DeregisterDBProxyTargetsInput) (*DeregisterDBProxyTargetsOutput, error) { @@ -4383,14 +5493,13 @@ const opDescribeAccountAttributes = "DescribeAccountAttributes" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeAccountAttributesRequest method. +// req, resp := client.DescribeAccountAttributesRequest(params) // -// // Example sending a request using the DescribeAccountAttributesRequest method. -// req, resp := client.DescribeAccountAttributesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeAccountAttributes func (c *RDS) DescribeAccountAttributesRequest(input *DescribeAccountAttributesInput) (req *request.Request, output *DescribeAccountAttributesOutput) { @@ -4446,6 +5555,147 @@ func (c *RDS) DescribeAccountAttributesWithContext(ctx aws.Context, input *Descr return out, req.Send() } +const opDescribeBlueGreenDeployments = "DescribeBlueGreenDeployments" + +// DescribeBlueGreenDeploymentsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeBlueGreenDeployments operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeBlueGreenDeployments for more information on using the DescribeBlueGreenDeployments +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeBlueGreenDeploymentsRequest method. +// req, resp := client.DescribeBlueGreenDeploymentsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeBlueGreenDeployments +func (c *RDS) DescribeBlueGreenDeploymentsRequest(input *DescribeBlueGreenDeploymentsInput) (req *request.Request, output *DescribeBlueGreenDeploymentsOutput) { + op := &request.Operation{ + Name: opDescribeBlueGreenDeployments, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeBlueGreenDeploymentsInput{} + } + + output = &DescribeBlueGreenDeploymentsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeBlueGreenDeployments API operation for Amazon Relational Database Service. +// +// Describes one or more blue/green deployments. +// +// For more information, see Using Amazon RDS Blue/Green Deployments for database +// updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) +// in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments +// for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) +// in the Amazon Aurora User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DescribeBlueGreenDeployments for usage and error information. +// +// Returned Error Codes: +// - ErrCodeBlueGreenDeploymentNotFoundFault "BlueGreenDeploymentNotFoundFault" +// BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeBlueGreenDeployments +func (c *RDS) DescribeBlueGreenDeployments(input *DescribeBlueGreenDeploymentsInput) (*DescribeBlueGreenDeploymentsOutput, error) { + req, out := c.DescribeBlueGreenDeploymentsRequest(input) + return out, req.Send() +} + +// DescribeBlueGreenDeploymentsWithContext is the same as DescribeBlueGreenDeployments with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeBlueGreenDeployments for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeBlueGreenDeploymentsWithContext(ctx aws.Context, input *DescribeBlueGreenDeploymentsInput, opts ...request.Option) (*DescribeBlueGreenDeploymentsOutput, error) { + req, out := c.DescribeBlueGreenDeploymentsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeBlueGreenDeploymentsPages iterates over the pages of a DescribeBlueGreenDeployments operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeBlueGreenDeployments method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeBlueGreenDeployments operation. +// pageNum := 0 +// err := client.DescribeBlueGreenDeploymentsPages(params, +// func(page *rds.DescribeBlueGreenDeploymentsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *RDS) DescribeBlueGreenDeploymentsPages(input *DescribeBlueGreenDeploymentsInput, fn func(*DescribeBlueGreenDeploymentsOutput, bool) bool) error { + return c.DescribeBlueGreenDeploymentsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeBlueGreenDeploymentsPagesWithContext same as DescribeBlueGreenDeploymentsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeBlueGreenDeploymentsPagesWithContext(ctx aws.Context, input *DescribeBlueGreenDeploymentsInput, fn func(*DescribeBlueGreenDeploymentsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeBlueGreenDeploymentsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeBlueGreenDeploymentsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeBlueGreenDeploymentsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeCertificates = "DescribeCertificates" // DescribeCertificatesRequest generates a "aws/request.Request" representing the @@ -4462,14 +5712,13 @@ const opDescribeCertificates = "DescribeCertificates" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeCertificatesRequest method. +// req, resp := client.DescribeCertificatesRequest(params) // -// // Example sending a request using the DescribeCertificatesRequest method. -// req, resp := client.DescribeCertificatesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeCertificates func (c *RDS) DescribeCertificatesRequest(input *DescribeCertificatesInput) (req *request.Request, output *DescribeCertificatesOutput) { @@ -4496,7 +5745,14 @@ func (c *RDS) DescribeCertificatesRequest(input *DescribeCertificatesInput) (req // DescribeCertificates API operation for Amazon Relational Database Service. // -// Lists the set of CA certificates provided by Amazon RDS for this AWS account. +// Lists the set of certificate authority (CA) certificates provided by Amazon +// RDS for this Amazon Web Services account. +// +// For more information, see Using SSL/TLS to encrypt a connection to a DB instance +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) +// in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to +// a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) +// in the Amazon Aurora User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4506,8 +5762,8 @@ func (c *RDS) DescribeCertificatesRequest(input *DescribeCertificatesInput) (req // API operation DescribeCertificates for usage and error information. // // Returned Error Codes: -// * ErrCodeCertificateNotFoundFault "CertificateNotFound" -// CertificateIdentifier doesn't refer to an existing certificate. +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeCertificates func (c *RDS) DescribeCertificates(input *DescribeCertificatesInput) (*DescribeCertificatesOutput, error) { @@ -4539,15 +5795,14 @@ func (c *RDS) DescribeCertificatesWithContext(ctx aws.Context, input *DescribeCe // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeCertificates operation. -// pageNum := 0 -// err := client.DescribeCertificatesPages(params, -// func(page *rds.DescribeCertificatesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeCertificates operation. +// pageNum := 0 +// err := client.DescribeCertificatesPages(params, +// func(page *rds.DescribeCertificatesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeCertificatesPages(input *DescribeCertificatesInput, fn func(*DescribeCertificatesOutput, bool) bool) error { return c.DescribeCertificatesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -4583,35 +5838,34 @@ func (c *RDS) DescribeCertificatesPagesWithContext(ctx aws.Context, input *Descr return p.Err() } -const opDescribeCustomAvailabilityZones = "DescribeCustomAvailabilityZones" +const opDescribeDBClusterAutomatedBackups = "DescribeDBClusterAutomatedBackups" -// DescribeCustomAvailabilityZonesRequest generates a "aws/request.Request" representing the -// client's request for the DescribeCustomAvailabilityZones operation. The "output" return +// DescribeDBClusterAutomatedBackupsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDBClusterAutomatedBackups operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeCustomAvailabilityZones for more information on using the DescribeCustomAvailabilityZones +// See DescribeDBClusterAutomatedBackups for more information on using the DescribeDBClusterAutomatedBackups // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClusterAutomatedBackupsRequest method. +// req, resp := client.DescribeDBClusterAutomatedBackupsRequest(params) // -// // Example sending a request using the DescribeCustomAvailabilityZonesRequest method. -// req, resp := client.DescribeCustomAvailabilityZonesRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeCustomAvailabilityZones -func (c *RDS) DescribeCustomAvailabilityZonesRequest(input *DescribeCustomAvailabilityZonesInput) (req *request.Request, output *DescribeCustomAvailabilityZonesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterAutomatedBackups +func (c *RDS) DescribeDBClusterAutomatedBackupsRequest(input *DescribeDBClusterAutomatedBackupsInput) (req *request.Request, output *DescribeDBClusterAutomatedBackupsOutput) { op := &request.Operation{ - Name: opDescribeCustomAvailabilityZones, + Name: opDescribeDBClusterAutomatedBackups, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ @@ -4623,95 +5877,92 @@ func (c *RDS) DescribeCustomAvailabilityZonesRequest(input *DescribeCustomAvaila } if input == nil { - input = &DescribeCustomAvailabilityZonesInput{} + input = &DescribeDBClusterAutomatedBackupsInput{} } - output = &DescribeCustomAvailabilityZonesOutput{} + output = &DescribeDBClusterAutomatedBackupsOutput{} req = c.newRequest(op, input, output) return } -// DescribeCustomAvailabilityZones API operation for Amazon Relational Database Service. -// -// Returns information about custom Availability Zones (AZs). +// DescribeDBClusterAutomatedBackups API operation for Amazon Relational Database Service. // -// A custom AZ is an on-premises AZ that is integrated with a VMware vSphere -// cluster. +// Displays backups for both current and deleted DB clusters. For example, use +// this operation to find details about automated backups for previously deleted +// clusters. Current clusters are returned for both the DescribeDBClusterAutomatedBackups +// and DescribeDBClusters operations. // -// For more information about RDS on VMware, see the RDS on VMware User Guide. -// (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) +// All parameters are optional. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon Relational Database Service's -// API operation DescribeCustomAvailabilityZones for usage and error information. +// API operation DescribeDBClusterAutomatedBackups for usage and error information. // // Returned Error Codes: -// * ErrCodeCustomAvailabilityZoneNotFoundFault "CustomAvailabilityZoneNotFound" -// CustomAvailabilityZoneId doesn't refer to an existing custom Availability -// Zone identifier. +// - ErrCodeDBClusterAutomatedBackupNotFoundFault "DBClusterAutomatedBackupNotFoundFault" +// No automated backup for this DB cluster was found. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeCustomAvailabilityZones -func (c *RDS) DescribeCustomAvailabilityZones(input *DescribeCustomAvailabilityZonesInput) (*DescribeCustomAvailabilityZonesOutput, error) { - req, out := c.DescribeCustomAvailabilityZonesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterAutomatedBackups +func (c *RDS) DescribeDBClusterAutomatedBackups(input *DescribeDBClusterAutomatedBackupsInput) (*DescribeDBClusterAutomatedBackupsOutput, error) { + req, out := c.DescribeDBClusterAutomatedBackupsRequest(input) return out, req.Send() } -// DescribeCustomAvailabilityZonesWithContext is the same as DescribeCustomAvailabilityZones with the addition of +// DescribeDBClusterAutomatedBackupsWithContext is the same as DescribeDBClusterAutomatedBackups with the addition of // the ability to pass a context and additional request options. // -// See DescribeCustomAvailabilityZones for details on how to use this API operation. +// See DescribeDBClusterAutomatedBackups for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) DescribeCustomAvailabilityZonesWithContext(ctx aws.Context, input *DescribeCustomAvailabilityZonesInput, opts ...request.Option) (*DescribeCustomAvailabilityZonesOutput, error) { - req, out := c.DescribeCustomAvailabilityZonesRequest(input) +func (c *RDS) DescribeDBClusterAutomatedBackupsWithContext(ctx aws.Context, input *DescribeDBClusterAutomatedBackupsInput, opts ...request.Option) (*DescribeDBClusterAutomatedBackupsOutput, error) { + req, out := c.DescribeDBClusterAutomatedBackupsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// DescribeCustomAvailabilityZonesPages iterates over the pages of a DescribeCustomAvailabilityZones operation, +// DescribeDBClusterAutomatedBackupsPages iterates over the pages of a DescribeDBClusterAutomatedBackups operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See DescribeCustomAvailabilityZones method for more information on how to use this operation. +// See DescribeDBClusterAutomatedBackups method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeCustomAvailabilityZones operation. -// pageNum := 0 -// err := client.DescribeCustomAvailabilityZonesPages(params, -// func(page *rds.DescribeCustomAvailabilityZonesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *RDS) DescribeCustomAvailabilityZonesPages(input *DescribeCustomAvailabilityZonesInput, fn func(*DescribeCustomAvailabilityZonesOutput, bool) bool) error { - return c.DescribeCustomAvailabilityZonesPagesWithContext(aws.BackgroundContext(), input, fn) +// // Example iterating over at most 3 pages of a DescribeDBClusterAutomatedBackups operation. +// pageNum := 0 +// err := client.DescribeDBClusterAutomatedBackupsPages(params, +// func(page *rds.DescribeDBClusterAutomatedBackupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *RDS) DescribeDBClusterAutomatedBackupsPages(input *DescribeDBClusterAutomatedBackupsInput, fn func(*DescribeDBClusterAutomatedBackupsOutput, bool) bool) error { + return c.DescribeDBClusterAutomatedBackupsPagesWithContext(aws.BackgroundContext(), input, fn) } -// DescribeCustomAvailabilityZonesPagesWithContext same as DescribeCustomAvailabilityZonesPages except +// DescribeDBClusterAutomatedBackupsPagesWithContext same as DescribeDBClusterAutomatedBackupsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) DescribeCustomAvailabilityZonesPagesWithContext(ctx aws.Context, input *DescribeCustomAvailabilityZonesInput, fn func(*DescribeCustomAvailabilityZonesOutput, bool) bool, opts ...request.Option) error { +func (c *RDS) DescribeDBClusterAutomatedBackupsPagesWithContext(ctx aws.Context, input *DescribeDBClusterAutomatedBackupsInput, fn func(*DescribeDBClusterAutomatedBackupsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *DescribeCustomAvailabilityZonesInput + var inCpy *DescribeDBClusterAutomatedBackupsInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.DescribeCustomAvailabilityZonesRequest(inCpy) + req, _ := c.DescribeDBClusterAutomatedBackupsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -4719,7 +5970,7 @@ func (c *RDS) DescribeCustomAvailabilityZonesPagesWithContext(ctx aws.Context, i } for p.Next() { - if !fn(p.Page().(*DescribeCustomAvailabilityZonesOutput), !p.HasNextPage()) { + if !fn(p.Page().(*DescribeDBClusterAutomatedBackupsOutput), !p.HasNextPage()) { break } } @@ -4743,14 +5994,13 @@ const opDescribeDBClusterBacktracks = "DescribeDBClusterBacktracks" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClusterBacktracksRequest method. +// req, resp := client.DescribeDBClusterBacktracksRequest(params) // -// // Example sending a request using the DescribeDBClusterBacktracksRequest method. -// req, resp := client.DescribeDBClusterBacktracksRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterBacktracks func (c *RDS) DescribeDBClusterBacktracksRequest(input *DescribeDBClusterBacktracksInput) (req *request.Request, output *DescribeDBClusterBacktracksOutput) { @@ -4779,7 +6029,7 @@ func (c *RDS) DescribeDBClusterBacktracksRequest(input *DescribeDBClusterBacktra // // Returns information about backtracks for a DB cluster. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // // This action only applies to Aurora MySQL DB clusters. @@ -4792,11 +6042,12 @@ func (c *RDS) DescribeDBClusterBacktracksRequest(input *DescribeDBClusterBacktra // API operation DescribeDBClusterBacktracks for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBClusterBacktrackNotFoundFault "DBClusterBacktrackNotFoundFault" -// BacktrackIdentifier doesn't refer to an existing backtrack. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBClusterBacktrackNotFoundFault "DBClusterBacktrackNotFoundFault" +// BacktrackIdentifier doesn't refer to an existing backtrack. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterBacktracks func (c *RDS) DescribeDBClusterBacktracks(input *DescribeDBClusterBacktracksInput) (*DescribeDBClusterBacktracksOutput, error) { @@ -4828,15 +6079,14 @@ func (c *RDS) DescribeDBClusterBacktracksWithContext(ctx aws.Context, input *Des // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBClusterBacktracks operation. -// pageNum := 0 -// err := client.DescribeDBClusterBacktracksPages(params, -// func(page *rds.DescribeDBClusterBacktracksOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBClusterBacktracks operation. +// pageNum := 0 +// err := client.DescribeDBClusterBacktracksPages(params, +// func(page *rds.DescribeDBClusterBacktracksOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBClusterBacktracksPages(input *DescribeDBClusterBacktracksInput, fn func(*DescribeDBClusterBacktracksOutput, bool) bool) error { return c.DescribeDBClusterBacktracksPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -4888,14 +6138,13 @@ const opDescribeDBClusterEndpoints = "DescribeDBClusterEndpoints" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClusterEndpointsRequest method. +// req, resp := client.DescribeDBClusterEndpointsRequest(params) // -// // Example sending a request using the DescribeDBClusterEndpointsRequest method. -// req, resp := client.DescribeDBClusterEndpointsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterEndpoints func (c *RDS) DescribeDBClusterEndpointsRequest(input *DescribeDBClusterEndpointsInput) (req *request.Request, output *DescribeDBClusterEndpointsOutput) { @@ -4934,8 +6183,8 @@ func (c *RDS) DescribeDBClusterEndpointsRequest(input *DescribeDBClusterEndpoint // API operation DescribeDBClusterEndpoints for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterEndpoints func (c *RDS) DescribeDBClusterEndpoints(input *DescribeDBClusterEndpointsInput) (*DescribeDBClusterEndpointsOutput, error) { @@ -4967,15 +6216,14 @@ func (c *RDS) DescribeDBClusterEndpointsWithContext(ctx aws.Context, input *Desc // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBClusterEndpoints operation. -// pageNum := 0 -// err := client.DescribeDBClusterEndpointsPages(params, -// func(page *rds.DescribeDBClusterEndpointsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBClusterEndpoints operation. +// pageNum := 0 +// err := client.DescribeDBClusterEndpointsPages(params, +// func(page *rds.DescribeDBClusterEndpointsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBClusterEndpointsPages(input *DescribeDBClusterEndpointsInput, fn func(*DescribeDBClusterEndpointsOutput, bool) bool) error { return c.DescribeDBClusterEndpointsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -5027,14 +6275,13 @@ const opDescribeDBClusterParameterGroups = "DescribeDBClusterParameterGroups" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClusterParameterGroupsRequest method. +// req, resp := client.DescribeDBClusterParameterGroupsRequest(params) // -// // Example sending a request using the DescribeDBClusterParameterGroupsRequest method. -// req, resp := client.DescribeDBClusterParameterGroupsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterParameterGroups func (c *RDS) DescribeDBClusterParameterGroupsRequest(input *DescribeDBClusterParameterGroupsInput) (req *request.Request, output *DescribeDBClusterParameterGroupsOutput) { @@ -5065,10 +6312,12 @@ func (c *RDS) DescribeDBClusterParameterGroupsRequest(input *DescribeDBClusterPa // parameter is specified, the list will contain only the description of the // specified DB cluster parameter group. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5078,8 +6327,8 @@ func (c *RDS) DescribeDBClusterParameterGroupsRequest(input *DescribeDBClusterPa // API operation DescribeDBClusterParameterGroups for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterParameterGroups func (c *RDS) DescribeDBClusterParameterGroups(input *DescribeDBClusterParameterGroupsInput) (*DescribeDBClusterParameterGroupsOutput, error) { @@ -5111,15 +6360,14 @@ func (c *RDS) DescribeDBClusterParameterGroupsWithContext(ctx aws.Context, input // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBClusterParameterGroups operation. -// pageNum := 0 -// err := client.DescribeDBClusterParameterGroupsPages(params, -// func(page *rds.DescribeDBClusterParameterGroupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBClusterParameterGroups operation. +// pageNum := 0 +// err := client.DescribeDBClusterParameterGroupsPages(params, +// func(page *rds.DescribeDBClusterParameterGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBClusterParameterGroupsPages(input *DescribeDBClusterParameterGroupsInput, fn func(*DescribeDBClusterParameterGroupsOutput, bool) bool) error { return c.DescribeDBClusterParameterGroupsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -5171,14 +6419,13 @@ const opDescribeDBClusterParameters = "DescribeDBClusterParameters" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClusterParametersRequest method. +// req, resp := client.DescribeDBClusterParametersRequest(params) // -// // Example sending a request using the DescribeDBClusterParametersRequest method. -// req, resp := client.DescribeDBClusterParametersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterParameters func (c *RDS) DescribeDBClusterParametersRequest(input *DescribeDBClusterParametersInput) (req *request.Request, output *DescribeDBClusterParametersOutput) { @@ -5208,10 +6455,12 @@ func (c *RDS) DescribeDBClusterParametersRequest(input *DescribeDBClusterParamet // Returns the detailed parameter list for a particular DB cluster parameter // group. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5221,8 +6470,8 @@ func (c *RDS) DescribeDBClusterParametersRequest(input *DescribeDBClusterParamet // API operation DescribeDBClusterParameters for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterParameters func (c *RDS) DescribeDBClusterParameters(input *DescribeDBClusterParametersInput) (*DescribeDBClusterParametersOutput, error) { @@ -5254,15 +6503,14 @@ func (c *RDS) DescribeDBClusterParametersWithContext(ctx aws.Context, input *Des // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBClusterParameters operation. -// pageNum := 0 -// err := client.DescribeDBClusterParametersPages(params, -// func(page *rds.DescribeDBClusterParametersOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBClusterParameters operation. +// pageNum := 0 +// err := client.DescribeDBClusterParametersPages(params, +// func(page *rds.DescribeDBClusterParametersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBClusterParametersPages(input *DescribeDBClusterParametersInput, fn func(*DescribeDBClusterParametersOutput, bool) bool) error { return c.DescribeDBClusterParametersPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -5314,14 +6562,13 @@ const opDescribeDBClusterSnapshotAttributes = "DescribeDBClusterSnapshotAttribut // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClusterSnapshotAttributesRequest method. +// req, resp := client.DescribeDBClusterSnapshotAttributesRequest(params) // -// // Example sending a request using the DescribeDBClusterSnapshotAttributesRequest method. -// req, resp := client.DescribeDBClusterSnapshotAttributesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterSnapshotAttributes func (c *RDS) DescribeDBClusterSnapshotAttributesRequest(input *DescribeDBClusterSnapshotAttributesInput) (req *request.Request, output *DescribeDBClusterSnapshotAttributesOutput) { @@ -5345,17 +6592,16 @@ func (c *RDS) DescribeDBClusterSnapshotAttributesRequest(input *DescribeDBCluste // Returns a list of DB cluster snapshot attribute names and values for a manual // DB cluster snapshot. // -// When sharing snapshots with other AWS accounts, DescribeDBClusterSnapshotAttributes -// returns the restore attribute and a list of IDs for the AWS accounts that -// are authorized to copy or restore the manual DB cluster snapshot. If all -// is included in the list of values for the restore attribute, then the manual -// DB cluster snapshot is public and can be copied or restored by all AWS accounts. +// When sharing snapshots with other Amazon Web Services accounts, DescribeDBClusterSnapshotAttributes +// returns the restore attribute and a list of IDs for the Amazon Web Services +// accounts that are authorized to copy or restore the manual DB cluster snapshot. +// If all is included in the list of values for the restore attribute, then +// the manual DB cluster snapshot is public and can be copied or restored by +// all Amazon Web Services accounts. // -// To add or remove access for an AWS account to copy or restore a manual DB -// cluster snapshot, or to make the manual DB cluster snapshot public or private, -// use the ModifyDBClusterSnapshotAttribute API action. -// -// This action only applies to Aurora DB clusters. +// To add or remove access for an Amazon Web Services account to copy or restore +// a manual DB cluster snapshot, or to make the manual DB cluster snapshot public +// or private, use the ModifyDBClusterSnapshotAttribute API action. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5365,8 +6611,8 @@ func (c *RDS) DescribeDBClusterSnapshotAttributesRequest(input *DescribeDBCluste // API operation DescribeDBClusterSnapshotAttributes for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterSnapshotAttributes func (c *RDS) DescribeDBClusterSnapshotAttributes(input *DescribeDBClusterSnapshotAttributesInput) (*DescribeDBClusterSnapshotAttributesOutput, error) { @@ -5406,14 +6652,13 @@ const opDescribeDBClusterSnapshots = "DescribeDBClusterSnapshots" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClusterSnapshotsRequest method. +// req, resp := client.DescribeDBClusterSnapshotsRequest(params) // -// // Example sending a request using the DescribeDBClusterSnapshotsRequest method. -// req, resp := client.DescribeDBClusterSnapshotsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterSnapshots func (c *RDS) DescribeDBClusterSnapshotsRequest(input *DescribeDBClusterSnapshotsInput) (req *request.Request, output *DescribeDBClusterSnapshotsOutput) { @@ -5443,10 +6688,13 @@ func (c *RDS) DescribeDBClusterSnapshotsRequest(input *DescribeDBClusterSnapshot // Returns information about DB cluster snapshots. This API action supports // pagination. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5456,8 +6704,8 @@ func (c *RDS) DescribeDBClusterSnapshotsRequest(input *DescribeDBClusterSnapshot // API operation DescribeDBClusterSnapshots for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusterSnapshots func (c *RDS) DescribeDBClusterSnapshots(input *DescribeDBClusterSnapshotsInput) (*DescribeDBClusterSnapshotsOutput, error) { @@ -5489,15 +6737,14 @@ func (c *RDS) DescribeDBClusterSnapshotsWithContext(ctx aws.Context, input *Desc // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBClusterSnapshots operation. -// pageNum := 0 -// err := client.DescribeDBClusterSnapshotsPages(params, -// func(page *rds.DescribeDBClusterSnapshotsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBClusterSnapshots operation. +// pageNum := 0 +// err := client.DescribeDBClusterSnapshotsPages(params, +// func(page *rds.DescribeDBClusterSnapshotsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBClusterSnapshotsPages(input *DescribeDBClusterSnapshotsInput, fn func(*DescribeDBClusterSnapshotsOutput, bool) bool) error { return c.DescribeDBClusterSnapshotsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -5549,14 +6796,13 @@ const opDescribeDBClusters = "DescribeDBClusters" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBClustersRequest method. +// req, resp := client.DescribeDBClustersRequest(params) // -// // Example sending a request using the DescribeDBClustersRequest method. -// req, resp := client.DescribeDBClustersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusters func (c *RDS) DescribeDBClustersRequest(input *DescribeDBClustersInput) (req *request.Request, output *DescribeDBClustersOutput) { @@ -5583,12 +6829,17 @@ func (c *RDS) DescribeDBClustersRequest(input *DescribeDBClustersInput) (req *re // DescribeDBClusters API operation for Amazon Relational Database Service. // -// Returns information about provisioned Aurora DB clusters. This API supports -// pagination. +// Describes existing Amazon Aurora DB clusters and Multi-AZ DB clusters. This +// API supports pagination. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. +// // This operation can also return information for Amazon Neptune DB instances // and Amazon DocumentDB instances. // @@ -5600,8 +6851,8 @@ func (c *RDS) DescribeDBClustersRequest(input *DescribeDBClustersInput) (req *re // API operation DescribeDBClusters for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBClusters func (c *RDS) DescribeDBClusters(input *DescribeDBClustersInput) (*DescribeDBClustersOutput, error) { @@ -5633,15 +6884,14 @@ func (c *RDS) DescribeDBClustersWithContext(ctx aws.Context, input *DescribeDBCl // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBClusters operation. -// pageNum := 0 -// err := client.DescribeDBClustersPages(params, -// func(page *rds.DescribeDBClustersOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBClusters operation. +// pageNum := 0 +// err := client.DescribeDBClustersPages(params, +// func(page *rds.DescribeDBClustersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBClustersPages(input *DescribeDBClustersInput, fn func(*DescribeDBClustersOutput, bool) bool) error { return c.DescribeDBClustersPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -5693,14 +6943,13 @@ const opDescribeDBEngineVersions = "DescribeDBEngineVersions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBEngineVersionsRequest method. +// req, resp := client.DescribeDBEngineVersionsRequest(params) // -// // Example sending a request using the DescribeDBEngineVersionsRequest method. -// req, resp := client.DescribeDBEngineVersionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBEngineVersions func (c *RDS) DescribeDBEngineVersionsRequest(input *DescribeDBEngineVersionsInput) (req *request.Request, output *DescribeDBEngineVersionsOutput) { @@ -5727,7 +6976,7 @@ func (c *RDS) DescribeDBEngineVersionsRequest(input *DescribeDBEngineVersionsInp // DescribeDBEngineVersions API operation for Amazon Relational Database Service. // -// Returns a list of the available DB engines. +// Describes the properties of specific versions of DB engines. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5765,15 +7014,14 @@ func (c *RDS) DescribeDBEngineVersionsWithContext(ctx aws.Context, input *Descri // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBEngineVersions operation. -// pageNum := 0 -// err := client.DescribeDBEngineVersionsPages(params, -// func(page *rds.DescribeDBEngineVersionsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBEngineVersions operation. +// pageNum := 0 +// err := client.DescribeDBEngineVersionsPages(params, +// func(page *rds.DescribeDBEngineVersionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBEngineVersionsPages(input *DescribeDBEngineVersionsInput, fn func(*DescribeDBEngineVersionsOutput, bool) bool) error { return c.DescribeDBEngineVersionsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -5825,14 +7073,13 @@ const opDescribeDBInstanceAutomatedBackups = "DescribeDBInstanceAutomatedBackups // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBInstanceAutomatedBackupsRequest method. +// req, resp := client.DescribeDBInstanceAutomatedBackupsRequest(params) // -// // Example sending a request using the DescribeDBInstanceAutomatedBackupsRequest method. -// req, resp := client.DescribeDBInstanceAutomatedBackupsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBInstanceAutomatedBackups func (c *RDS) DescribeDBInstanceAutomatedBackupsRequest(input *DescribeDBInstanceAutomatedBackupsInput) (req *request.Request, output *DescribeDBInstanceAutomatedBackupsOutput) { @@ -5875,8 +7122,8 @@ func (c *RDS) DescribeDBInstanceAutomatedBackupsRequest(input *DescribeDBInstanc // API operation DescribeDBInstanceAutomatedBackups for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceAutomatedBackupNotFoundFault "DBInstanceAutomatedBackupNotFound" -// No automated backup for this DB instance was found. +// - ErrCodeDBInstanceAutomatedBackupNotFoundFault "DBInstanceAutomatedBackupNotFound" +// No automated backup for this DB instance was found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBInstanceAutomatedBackups func (c *RDS) DescribeDBInstanceAutomatedBackups(input *DescribeDBInstanceAutomatedBackupsInput) (*DescribeDBInstanceAutomatedBackupsOutput, error) { @@ -5908,15 +7155,14 @@ func (c *RDS) DescribeDBInstanceAutomatedBackupsWithContext(ctx aws.Context, inp // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBInstanceAutomatedBackups operation. -// pageNum := 0 -// err := client.DescribeDBInstanceAutomatedBackupsPages(params, -// func(page *rds.DescribeDBInstanceAutomatedBackupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBInstanceAutomatedBackups operation. +// pageNum := 0 +// err := client.DescribeDBInstanceAutomatedBackupsPages(params, +// func(page *rds.DescribeDBInstanceAutomatedBackupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBInstanceAutomatedBackupsPages(input *DescribeDBInstanceAutomatedBackupsInput, fn func(*DescribeDBInstanceAutomatedBackupsOutput, bool) bool) error { return c.DescribeDBInstanceAutomatedBackupsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -5968,14 +7214,13 @@ const opDescribeDBInstances = "DescribeDBInstances" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBInstancesRequest method. +// req, resp := client.DescribeDBInstancesRequest(params) // -// // Example sending a request using the DescribeDBInstancesRequest method. -// req, resp := client.DescribeDBInstancesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBInstances func (c *RDS) DescribeDBInstancesRequest(input *DescribeDBInstancesInput) (req *request.Request, output *DescribeDBInstancesOutput) { @@ -6002,7 +7247,7 @@ func (c *RDS) DescribeDBInstancesRequest(input *DescribeDBInstancesInput) (req * // DescribeDBInstances API operation for Amazon Relational Database Service. // -// Returns information about provisioned RDS instances. This API supports pagination. +// Describes provisioned RDS instances. This API supports pagination. // // This operation can also return information for Amazon Neptune DB instances // and Amazon DocumentDB instances. @@ -6015,8 +7260,8 @@ func (c *RDS) DescribeDBInstancesRequest(input *DescribeDBInstancesInput) (req * // API operation DescribeDBInstances for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBInstances func (c *RDS) DescribeDBInstances(input *DescribeDBInstancesInput) (*DescribeDBInstancesOutput, error) { @@ -6048,15 +7293,14 @@ func (c *RDS) DescribeDBInstancesWithContext(ctx aws.Context, input *DescribeDBI // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBInstances operation. -// pageNum := 0 -// err := client.DescribeDBInstancesPages(params, -// func(page *rds.DescribeDBInstancesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBInstances operation. +// pageNum := 0 +// err := client.DescribeDBInstancesPages(params, +// func(page *rds.DescribeDBInstancesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBInstancesPages(input *DescribeDBInstancesInput, fn func(*DescribeDBInstancesOutput, bool) bool) error { return c.DescribeDBInstancesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6108,14 +7352,13 @@ const opDescribeDBLogFiles = "DescribeDBLogFiles" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBLogFilesRequest method. +// req, resp := client.DescribeDBLogFilesRequest(params) // -// // Example sending a request using the DescribeDBLogFilesRequest method. -// req, resp := client.DescribeDBLogFilesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBLogFiles func (c *RDS) DescribeDBLogFilesRequest(input *DescribeDBLogFilesInput) (req *request.Request, output *DescribeDBLogFilesOutput) { @@ -6144,6 +7387,8 @@ func (c *RDS) DescribeDBLogFilesRequest(input *DescribeDBLogFilesInput) (req *re // // Returns a list of DB log files for the DB instance. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6152,8 +7397,8 @@ func (c *RDS) DescribeDBLogFilesRequest(input *DescribeDBLogFilesInput) (req *re // API operation DescribeDBLogFiles for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBLogFiles func (c *RDS) DescribeDBLogFiles(input *DescribeDBLogFilesInput) (*DescribeDBLogFilesOutput, error) { @@ -6185,15 +7430,14 @@ func (c *RDS) DescribeDBLogFilesWithContext(ctx aws.Context, input *DescribeDBLo // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBLogFiles operation. -// pageNum := 0 -// err := client.DescribeDBLogFilesPages(params, -// func(page *rds.DescribeDBLogFilesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBLogFiles operation. +// pageNum := 0 +// err := client.DescribeDBLogFilesPages(params, +// func(page *rds.DescribeDBLogFilesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBLogFilesPages(input *DescribeDBLogFilesInput, fn func(*DescribeDBLogFilesOutput, bool) bool) error { return c.DescribeDBLogFilesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6245,14 +7489,13 @@ const opDescribeDBParameterGroups = "DescribeDBParameterGroups" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBParameterGroupsRequest method. +// req, resp := client.DescribeDBParameterGroupsRequest(params) // -// // Example sending a request using the DescribeDBParameterGroupsRequest method. -// req, resp := client.DescribeDBParameterGroupsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBParameterGroups func (c *RDS) DescribeDBParameterGroupsRequest(input *DescribeDBParameterGroupsInput) (req *request.Request, output *DescribeDBParameterGroupsOutput) { @@ -6291,8 +7534,8 @@ func (c *RDS) DescribeDBParameterGroupsRequest(input *DescribeDBParameterGroupsI // API operation DescribeDBParameterGroups for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBParameterGroups func (c *RDS) DescribeDBParameterGroups(input *DescribeDBParameterGroupsInput) (*DescribeDBParameterGroupsOutput, error) { @@ -6324,15 +7567,14 @@ func (c *RDS) DescribeDBParameterGroupsWithContext(ctx aws.Context, input *Descr // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBParameterGroups operation. -// pageNum := 0 -// err := client.DescribeDBParameterGroupsPages(params, -// func(page *rds.DescribeDBParameterGroupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBParameterGroups operation. +// pageNum := 0 +// err := client.DescribeDBParameterGroupsPages(params, +// func(page *rds.DescribeDBParameterGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBParameterGroupsPages(input *DescribeDBParameterGroupsInput, fn func(*DescribeDBParameterGroupsOutput, bool) bool) error { return c.DescribeDBParameterGroupsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6384,14 +7626,13 @@ const opDescribeDBParameters = "DescribeDBParameters" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBParametersRequest method. +// req, resp := client.DescribeDBParametersRequest(params) // -// // Example sending a request using the DescribeDBParametersRequest method. -// req, resp := client.DescribeDBParametersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBParameters func (c *RDS) DescribeDBParametersRequest(input *DescribeDBParametersInput) (req *request.Request, output *DescribeDBParametersOutput) { @@ -6428,8 +7669,8 @@ func (c *RDS) DescribeDBParametersRequest(input *DescribeDBParametersInput) (req // API operation DescribeDBParameters for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBParameters func (c *RDS) DescribeDBParameters(input *DescribeDBParametersInput) (*DescribeDBParametersOutput, error) { @@ -6461,15 +7702,14 @@ func (c *RDS) DescribeDBParametersWithContext(ctx aws.Context, input *DescribeDB // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBParameters operation. -// pageNum := 0 -// err := client.DescribeDBParametersPages(params, -// func(page *rds.DescribeDBParametersOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBParameters operation. +// pageNum := 0 +// err := client.DescribeDBParametersPages(params, +// func(page *rds.DescribeDBParametersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBParametersPages(input *DescribeDBParametersInput, fn func(*DescribeDBParametersOutput, bool) bool) error { return c.DescribeDBParametersPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6521,14 +7761,13 @@ const opDescribeDBProxies = "DescribeDBProxies" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBProxiesRequest method. +// req, resp := client.DescribeDBProxiesRequest(params) // -// // Example sending a request using the DescribeDBProxiesRequest method. -// req, resp := client.DescribeDBProxiesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxies func (c *RDS) DescribeDBProxiesRequest(input *DescribeDBProxiesInput) (req *request.Request, output *DescribeDBProxiesOutput) { @@ -6565,9 +7804,9 @@ func (c *RDS) DescribeDBProxiesRequest(input *DescribeDBProxiesInput) (req *requ // API operation DescribeDBProxies for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxies func (c *RDS) DescribeDBProxies(input *DescribeDBProxiesInput) (*DescribeDBProxiesOutput, error) { @@ -6599,15 +7838,14 @@ func (c *RDS) DescribeDBProxiesWithContext(ctx aws.Context, input *DescribeDBPro // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBProxies operation. -// pageNum := 0 -// err := client.DescribeDBProxiesPages(params, -// func(page *rds.DescribeDBProxiesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBProxies operation. +// pageNum := 0 +// err := client.DescribeDBProxiesPages(params, +// func(page *rds.DescribeDBProxiesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBProxiesPages(input *DescribeDBProxiesInput, fn func(*DescribeDBProxiesOutput, bool) bool) error { return c.DescribeDBProxiesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6643,6 +7881,146 @@ func (c *RDS) DescribeDBProxiesPagesWithContext(ctx aws.Context, input *Describe return p.Err() } +const opDescribeDBProxyEndpoints = "DescribeDBProxyEndpoints" + +// DescribeDBProxyEndpointsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDBProxyEndpoints operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeDBProxyEndpoints for more information on using the DescribeDBProxyEndpoints +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeDBProxyEndpointsRequest method. +// req, resp := client.DescribeDBProxyEndpointsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxyEndpoints +func (c *RDS) DescribeDBProxyEndpointsRequest(input *DescribeDBProxyEndpointsInput) (req *request.Request, output *DescribeDBProxyEndpointsOutput) { + op := &request.Operation{ + Name: opDescribeDBProxyEndpoints, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeDBProxyEndpointsInput{} + } + + output = &DescribeDBProxyEndpointsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeDBProxyEndpoints API operation for Amazon Relational Database Service. +// +// Returns information about DB proxy endpoints. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DescribeDBProxyEndpoints for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyEndpointNotFoundFault "DBProxyEndpointNotFoundFault" +// The DB proxy endpoint doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxyEndpoints +func (c *RDS) DescribeDBProxyEndpoints(input *DescribeDBProxyEndpointsInput) (*DescribeDBProxyEndpointsOutput, error) { + req, out := c.DescribeDBProxyEndpointsRequest(input) + return out, req.Send() +} + +// DescribeDBProxyEndpointsWithContext is the same as DescribeDBProxyEndpoints with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeDBProxyEndpoints for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeDBProxyEndpointsWithContext(ctx aws.Context, input *DescribeDBProxyEndpointsInput, opts ...request.Option) (*DescribeDBProxyEndpointsOutput, error) { + req, out := c.DescribeDBProxyEndpointsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeDBProxyEndpointsPages iterates over the pages of a DescribeDBProxyEndpoints operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeDBProxyEndpoints method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeDBProxyEndpoints operation. +// pageNum := 0 +// err := client.DescribeDBProxyEndpointsPages(params, +// func(page *rds.DescribeDBProxyEndpointsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *RDS) DescribeDBProxyEndpointsPages(input *DescribeDBProxyEndpointsInput, fn func(*DescribeDBProxyEndpointsOutput, bool) bool) error { + return c.DescribeDBProxyEndpointsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeDBProxyEndpointsPagesWithContext same as DescribeDBProxyEndpointsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeDBProxyEndpointsPagesWithContext(ctx aws.Context, input *DescribeDBProxyEndpointsInput, fn func(*DescribeDBProxyEndpointsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeDBProxyEndpointsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDBProxyEndpointsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeDBProxyEndpointsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeDBProxyTargetGroups = "DescribeDBProxyTargetGroups" // DescribeDBProxyTargetGroupsRequest generates a "aws/request.Request" representing the @@ -6659,14 +8037,13 @@ const opDescribeDBProxyTargetGroups = "DescribeDBProxyTargetGroups" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBProxyTargetGroupsRequest method. +// req, resp := client.DescribeDBProxyTargetGroupsRequest(params) // -// // Example sending a request using the DescribeDBProxyTargetGroupsRequest method. -// req, resp := client.DescribeDBProxyTargetGroupsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxyTargetGroups func (c *RDS) DescribeDBProxyTargetGroupsRequest(input *DescribeDBProxyTargetGroupsInput) (req *request.Request, output *DescribeDBProxyTargetGroupsOutput) { @@ -6704,16 +8081,17 @@ func (c *RDS) DescribeDBProxyTargetGroupsRequest(input *DescribeDBProxyTargetGro // API operation DescribeDBProxyTargetGroups for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" -// The requested operation can't be performed while the proxy is in this state. +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxyTargetGroups func (c *RDS) DescribeDBProxyTargetGroups(input *DescribeDBProxyTargetGroupsInput) (*DescribeDBProxyTargetGroupsOutput, error) { @@ -6745,15 +8123,14 @@ func (c *RDS) DescribeDBProxyTargetGroupsWithContext(ctx aws.Context, input *Des // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBProxyTargetGroups operation. -// pageNum := 0 -// err := client.DescribeDBProxyTargetGroupsPages(params, -// func(page *rds.DescribeDBProxyTargetGroupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBProxyTargetGroups operation. +// pageNum := 0 +// err := client.DescribeDBProxyTargetGroupsPages(params, +// func(page *rds.DescribeDBProxyTargetGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBProxyTargetGroupsPages(input *DescribeDBProxyTargetGroupsInput, fn func(*DescribeDBProxyTargetGroupsOutput, bool) bool) error { return c.DescribeDBProxyTargetGroupsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6805,14 +8182,13 @@ const opDescribeDBProxyTargets = "DescribeDBProxyTargets" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBProxyTargetsRequest method. +// req, resp := client.DescribeDBProxyTargetsRequest(params) // -// // Example sending a request using the DescribeDBProxyTargetsRequest method. -// req, resp := client.DescribeDBProxyTargetsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxyTargets func (c *RDS) DescribeDBProxyTargetsRequest(input *DescribeDBProxyTargetsInput) (req *request.Request, output *DescribeDBProxyTargetsOutput) { @@ -6849,20 +8225,22 @@ func (c *RDS) DescribeDBProxyTargetsRequest(input *DescribeDBProxyTargetsInput) // API operation DescribeDBProxyTargets for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. // -// * ErrCodeDBProxyTargetNotFoundFault "DBProxyTargetNotFoundFault" -// The specified RDS DB instance or Aurora DB cluster isn't available for a -// proxy owned by your AWS account in the specified AWS Region. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyTargetNotFoundFault "DBProxyTargetNotFoundFault" +// The specified RDS DB instance or Aurora DB cluster isn't available for a +// proxy owned by your Amazon Web Services account in the specified Amazon Web +// Services Region. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" -// The requested operation can't be performed while the proxy is in this state. +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBProxyTargets func (c *RDS) DescribeDBProxyTargets(input *DescribeDBProxyTargetsInput) (*DescribeDBProxyTargetsOutput, error) { @@ -6894,15 +8272,14 @@ func (c *RDS) DescribeDBProxyTargetsWithContext(ctx aws.Context, input *Describe // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBProxyTargets operation. -// pageNum := 0 -// err := client.DescribeDBProxyTargetsPages(params, -// func(page *rds.DescribeDBProxyTargetsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBProxyTargets operation. +// pageNum := 0 +// err := client.DescribeDBProxyTargetsPages(params, +// func(page *rds.DescribeDBProxyTargetsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBProxyTargetsPages(input *DescribeDBProxyTargetsInput, fn func(*DescribeDBProxyTargetsOutput, bool) bool) error { return c.DescribeDBProxyTargetsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6938,6 +8315,137 @@ func (c *RDS) DescribeDBProxyTargetsPagesWithContext(ctx aws.Context, input *Des return p.Err() } +const opDescribeDBRecommendations = "DescribeDBRecommendations" + +// DescribeDBRecommendationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDBRecommendations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeDBRecommendations for more information on using the DescribeDBRecommendations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeDBRecommendationsRequest method. +// req, resp := client.DescribeDBRecommendationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBRecommendations +func (c *RDS) DescribeDBRecommendationsRequest(input *DescribeDBRecommendationsInput) (req *request.Request, output *DescribeDBRecommendationsOutput) { + op := &request.Operation{ + Name: opDescribeDBRecommendations, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeDBRecommendationsInput{} + } + + output = &DescribeDBRecommendationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeDBRecommendations API operation for Amazon Relational Database Service. +// +// Describes the recommendations to resolve the issues for your DB instances, +// DB clusters, and DB parameter groups. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DescribeDBRecommendations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBRecommendations +func (c *RDS) DescribeDBRecommendations(input *DescribeDBRecommendationsInput) (*DescribeDBRecommendationsOutput, error) { + req, out := c.DescribeDBRecommendationsRequest(input) + return out, req.Send() +} + +// DescribeDBRecommendationsWithContext is the same as DescribeDBRecommendations with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeDBRecommendations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeDBRecommendationsWithContext(ctx aws.Context, input *DescribeDBRecommendationsInput, opts ...request.Option) (*DescribeDBRecommendationsOutput, error) { + req, out := c.DescribeDBRecommendationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeDBRecommendationsPages iterates over the pages of a DescribeDBRecommendations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeDBRecommendations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeDBRecommendations operation. +// pageNum := 0 +// err := client.DescribeDBRecommendationsPages(params, +// func(page *rds.DescribeDBRecommendationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *RDS) DescribeDBRecommendationsPages(input *DescribeDBRecommendationsInput, fn func(*DescribeDBRecommendationsOutput, bool) bool) error { + return c.DescribeDBRecommendationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeDBRecommendationsPagesWithContext same as DescribeDBRecommendationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeDBRecommendationsPagesWithContext(ctx aws.Context, input *DescribeDBRecommendationsInput, fn func(*DescribeDBRecommendationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeDBRecommendationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDBRecommendationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeDBRecommendationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeDBSecurityGroups = "DescribeDBSecurityGroups" // DescribeDBSecurityGroupsRequest generates a "aws/request.Request" representing the @@ -6954,14 +8462,13 @@ const opDescribeDBSecurityGroups = "DescribeDBSecurityGroups" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBSecurityGroupsRequest method. +// req, resp := client.DescribeDBSecurityGroupsRequest(params) // -// // Example sending a request using the DescribeDBSecurityGroupsRequest method. -// req, resp := client.DescribeDBSecurityGroupsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSecurityGroups func (c *RDS) DescribeDBSecurityGroupsRequest(input *DescribeDBSecurityGroupsInput) (req *request.Request, output *DescribeDBSecurityGroupsOutput) { @@ -6992,6 +8499,14 @@ func (c *RDS) DescribeDBSecurityGroupsRequest(input *DescribeDBSecurityGroupsInp // is specified, the list will contain only the descriptions of the specified // DB security group. // +// EC2-Classic was retired on August 15, 2022. If you haven't migrated from +// EC2-Classic to a VPC, we recommend that you migrate as soon as possible. +// For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) +// in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring +// – Here’s How to Prepare (http://aws.amazon.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/), +// and Moving a DB instance not in a VPC into a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html) +// in the Amazon RDS User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7000,8 +8515,8 @@ func (c *RDS) DescribeDBSecurityGroupsRequest(input *DescribeDBSecurityGroupsInp // API operation DescribeDBSecurityGroups for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSecurityGroups func (c *RDS) DescribeDBSecurityGroups(input *DescribeDBSecurityGroupsInput) (*DescribeDBSecurityGroupsOutput, error) { @@ -7033,15 +8548,14 @@ func (c *RDS) DescribeDBSecurityGroupsWithContext(ctx aws.Context, input *Descri // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBSecurityGroups operation. -// pageNum := 0 -// err := client.DescribeDBSecurityGroupsPages(params, -// func(page *rds.DescribeDBSecurityGroupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBSecurityGroups operation. +// pageNum := 0 +// err := client.DescribeDBSecurityGroupsPages(params, +// func(page *rds.DescribeDBSecurityGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBSecurityGroupsPages(input *DescribeDBSecurityGroupsInput, fn func(*DescribeDBSecurityGroupsOutput, bool) bool) error { return c.DescribeDBSecurityGroupsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -7077,6 +8591,88 @@ func (c *RDS) DescribeDBSecurityGroupsPagesWithContext(ctx aws.Context, input *D return p.Err() } +const opDescribeDBShardGroups = "DescribeDBShardGroups" + +// DescribeDBShardGroupsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDBShardGroups operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeDBShardGroups for more information on using the DescribeDBShardGroups +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeDBShardGroupsRequest method. +// req, resp := client.DescribeDBShardGroupsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBShardGroups +func (c *RDS) DescribeDBShardGroupsRequest(input *DescribeDBShardGroupsInput) (req *request.Request, output *DescribeDBShardGroupsOutput) { + op := &request.Operation{ + Name: opDescribeDBShardGroups, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeDBShardGroupsInput{} + } + + output = &DescribeDBShardGroupsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeDBShardGroups API operation for Amazon Relational Database Service. +// +// Describes existing Aurora Limitless Database DB shard groups. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DescribeDBShardGroups for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBShardGroupNotFoundFault "DBShardGroupNotFound" +// The specified DB shard group name wasn't found. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBShardGroups +func (c *RDS) DescribeDBShardGroups(input *DescribeDBShardGroupsInput) (*DescribeDBShardGroupsOutput, error) { + req, out := c.DescribeDBShardGroupsRequest(input) + return out, req.Send() +} + +// DescribeDBShardGroupsWithContext is the same as DescribeDBShardGroups with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeDBShardGroups for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeDBShardGroupsWithContext(ctx aws.Context, input *DescribeDBShardGroupsInput, opts ...request.Option) (*DescribeDBShardGroupsOutput, error) { + req, out := c.DescribeDBShardGroupsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeDBSnapshotAttributes = "DescribeDBSnapshotAttributes" // DescribeDBSnapshotAttributesRequest generates a "aws/request.Request" representing the @@ -7093,14 +8689,13 @@ const opDescribeDBSnapshotAttributes = "DescribeDBSnapshotAttributes" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBSnapshotAttributesRequest method. +// req, resp := client.DescribeDBSnapshotAttributesRequest(params) // -// // Example sending a request using the DescribeDBSnapshotAttributesRequest method. -// req, resp := client.DescribeDBSnapshotAttributesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSnapshotAttributes func (c *RDS) DescribeDBSnapshotAttributesRequest(input *DescribeDBSnapshotAttributesInput) (req *request.Request, output *DescribeDBSnapshotAttributesOutput) { @@ -7124,15 +8719,16 @@ func (c *RDS) DescribeDBSnapshotAttributesRequest(input *DescribeDBSnapshotAttri // Returns a list of DB snapshot attribute names and values for a manual DB // snapshot. // -// When sharing snapshots with other AWS accounts, DescribeDBSnapshotAttributes -// returns the restore attribute and a list of IDs for the AWS accounts that -// are authorized to copy or restore the manual DB snapshot. If all is included -// in the list of values for the restore attribute, then the manual DB snapshot -// is public and can be copied or restored by all AWS accounts. +// When sharing snapshots with other Amazon Web Services accounts, DescribeDBSnapshotAttributes +// returns the restore attribute and a list of IDs for the Amazon Web Services +// accounts that are authorized to copy or restore the manual DB snapshot. If +// all is included in the list of values for the restore attribute, then the +// manual DB snapshot is public and can be copied or restored by all Amazon +// Web Services accounts. // -// To add or remove access for an AWS account to copy or restore a manual DB -// snapshot, or to make the manual DB snapshot public or private, use the ModifyDBSnapshotAttribute -// API action. +// To add or remove access for an Amazon Web Services account to copy or restore +// a manual DB snapshot, or to make the manual DB snapshot public or private, +// use the ModifyDBSnapshotAttribute API action. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7142,8 +8738,8 @@ func (c *RDS) DescribeDBSnapshotAttributesRequest(input *DescribeDBSnapshotAttri // API operation DescribeDBSnapshotAttributes for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSnapshotAttributes func (c *RDS) DescribeDBSnapshotAttributes(input *DescribeDBSnapshotAttributesInput) (*DescribeDBSnapshotAttributesOutput, error) { @@ -7167,6 +8763,147 @@ func (c *RDS) DescribeDBSnapshotAttributesWithContext(ctx aws.Context, input *De return out, req.Send() } +const opDescribeDBSnapshotTenantDatabases = "DescribeDBSnapshotTenantDatabases" + +// DescribeDBSnapshotTenantDatabasesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeDBSnapshotTenantDatabases operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeDBSnapshotTenantDatabases for more information on using the DescribeDBSnapshotTenantDatabases +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeDBSnapshotTenantDatabasesRequest method. +// req, resp := client.DescribeDBSnapshotTenantDatabasesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSnapshotTenantDatabases +func (c *RDS) DescribeDBSnapshotTenantDatabasesRequest(input *DescribeDBSnapshotTenantDatabasesInput) (req *request.Request, output *DescribeDBSnapshotTenantDatabasesOutput) { + op := &request.Operation{ + Name: opDescribeDBSnapshotTenantDatabases, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeDBSnapshotTenantDatabasesInput{} + } + + output = &DescribeDBSnapshotTenantDatabasesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeDBSnapshotTenantDatabases API operation for Amazon Relational Database Service. +// +// Describes the tenant databases that exist in a DB snapshot. This command +// only applies to RDS for Oracle DB instances in the multi-tenant configuration. +// +// You can use this command to inspect the tenant databases within a snapshot +// before restoring it. You can't directly interact with the tenant databases +// in a DB snapshot. If you restore a snapshot that was taken from DB instance +// using the multi-tenant configuration, you restore all its tenant databases. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DescribeDBSnapshotTenantDatabases for usage and error information. +// +// Returned Error Codes: +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSnapshotTenantDatabases +func (c *RDS) DescribeDBSnapshotTenantDatabases(input *DescribeDBSnapshotTenantDatabasesInput) (*DescribeDBSnapshotTenantDatabasesOutput, error) { + req, out := c.DescribeDBSnapshotTenantDatabasesRequest(input) + return out, req.Send() +} + +// DescribeDBSnapshotTenantDatabasesWithContext is the same as DescribeDBSnapshotTenantDatabases with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeDBSnapshotTenantDatabases for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeDBSnapshotTenantDatabasesWithContext(ctx aws.Context, input *DescribeDBSnapshotTenantDatabasesInput, opts ...request.Option) (*DescribeDBSnapshotTenantDatabasesOutput, error) { + req, out := c.DescribeDBSnapshotTenantDatabasesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeDBSnapshotTenantDatabasesPages iterates over the pages of a DescribeDBSnapshotTenantDatabases operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeDBSnapshotTenantDatabases method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeDBSnapshotTenantDatabases operation. +// pageNum := 0 +// err := client.DescribeDBSnapshotTenantDatabasesPages(params, +// func(page *rds.DescribeDBSnapshotTenantDatabasesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *RDS) DescribeDBSnapshotTenantDatabasesPages(input *DescribeDBSnapshotTenantDatabasesInput, fn func(*DescribeDBSnapshotTenantDatabasesOutput, bool) bool) error { + return c.DescribeDBSnapshotTenantDatabasesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeDBSnapshotTenantDatabasesPagesWithContext same as DescribeDBSnapshotTenantDatabasesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeDBSnapshotTenantDatabasesPagesWithContext(ctx aws.Context, input *DescribeDBSnapshotTenantDatabasesInput, fn func(*DescribeDBSnapshotTenantDatabasesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeDBSnapshotTenantDatabasesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDBSnapshotTenantDatabasesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeDBSnapshotTenantDatabasesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeDBSnapshots = "DescribeDBSnapshots" // DescribeDBSnapshotsRequest generates a "aws/request.Request" representing the @@ -7183,14 +8920,13 @@ const opDescribeDBSnapshots = "DescribeDBSnapshots" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBSnapshotsRequest method. +// req, resp := client.DescribeDBSnapshotsRequest(params) // -// // Example sending a request using the DescribeDBSnapshotsRequest method. -// req, resp := client.DescribeDBSnapshotsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSnapshots func (c *RDS) DescribeDBSnapshotsRequest(input *DescribeDBSnapshotsInput) (req *request.Request, output *DescribeDBSnapshotsOutput) { @@ -7227,8 +8963,8 @@ func (c *RDS) DescribeDBSnapshotsRequest(input *DescribeDBSnapshotsInput) (req * // API operation DescribeDBSnapshots for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSnapshots func (c *RDS) DescribeDBSnapshots(input *DescribeDBSnapshotsInput) (*DescribeDBSnapshotsOutput, error) { @@ -7260,15 +8996,14 @@ func (c *RDS) DescribeDBSnapshotsWithContext(ctx aws.Context, input *DescribeDBS // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBSnapshots operation. -// pageNum := 0 -// err := client.DescribeDBSnapshotsPages(params, -// func(page *rds.DescribeDBSnapshotsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBSnapshots operation. +// pageNum := 0 +// err := client.DescribeDBSnapshotsPages(params, +// func(page *rds.DescribeDBSnapshotsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBSnapshotsPages(input *DescribeDBSnapshotsInput, fn func(*DescribeDBSnapshotsOutput, bool) bool) error { return c.DescribeDBSnapshotsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -7320,14 +9055,13 @@ const opDescribeDBSubnetGroups = "DescribeDBSubnetGroups" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeDBSubnetGroupsRequest method. +// req, resp := client.DescribeDBSubnetGroupsRequest(params) // -// // Example sending a request using the DescribeDBSubnetGroupsRequest method. -// req, resp := client.DescribeDBSubnetGroupsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSubnetGroups func (c *RDS) DescribeDBSubnetGroupsRequest(input *DescribeDBSubnetGroupsInput) (req *request.Request, output *DescribeDBSubnetGroupsOutput) { @@ -7367,8 +9101,8 @@ func (c *RDS) DescribeDBSubnetGroupsRequest(input *DescribeDBSubnetGroupsInput) // API operation DescribeDBSubnetGroups for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBSubnetGroups func (c *RDS) DescribeDBSubnetGroups(input *DescribeDBSubnetGroupsInput) (*DescribeDBSubnetGroupsOutput, error) { @@ -7400,15 +9134,14 @@ func (c *RDS) DescribeDBSubnetGroupsWithContext(ctx aws.Context, input *Describe // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeDBSubnetGroups operation. -// pageNum := 0 -// err := client.DescribeDBSubnetGroupsPages(params, -// func(page *rds.DescribeDBSubnetGroupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeDBSubnetGroups operation. +// pageNum := 0 +// err := client.DescribeDBSubnetGroupsPages(params, +// func(page *rds.DescribeDBSubnetGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeDBSubnetGroupsPages(input *DescribeDBSubnetGroupsInput, fn func(*DescribeDBSubnetGroupsOutput, bool) bool) error { return c.DescribeDBSubnetGroupsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -7460,14 +9193,13 @@ const opDescribeEngineDefaultClusterParameters = "DescribeEngineDefaultClusterPa // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeEngineDefaultClusterParametersRequest method. +// req, resp := client.DescribeEngineDefaultClusterParametersRequest(params) // -// // Example sending a request using the DescribeEngineDefaultClusterParametersRequest method. -// req, resp := client.DescribeEngineDefaultClusterParametersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeEngineDefaultClusterParameters func (c *RDS) DescribeEngineDefaultClusterParametersRequest(input *DescribeEngineDefaultClusterParametersInput) (req *request.Request, output *DescribeEngineDefaultClusterParametersOutput) { @@ -7491,7 +9223,7 @@ func (c *RDS) DescribeEngineDefaultClusterParametersRequest(input *DescribeEngin // Returns the default engine and system parameter information for the cluster // database engine. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -7538,14 +9270,13 @@ const opDescribeEngineDefaultParameters = "DescribeEngineDefaultParameters" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeEngineDefaultParametersRequest method. +// req, resp := client.DescribeEngineDefaultParametersRequest(params) // -// // Example sending a request using the DescribeEngineDefaultParametersRequest method. -// req, resp := client.DescribeEngineDefaultParametersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeEngineDefaultParameters func (c *RDS) DescribeEngineDefaultParametersRequest(input *DescribeEngineDefaultParametersInput) (req *request.Request, output *DescribeEngineDefaultParametersOutput) { @@ -7611,15 +9342,14 @@ func (c *RDS) DescribeEngineDefaultParametersWithContext(ctx aws.Context, input // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeEngineDefaultParameters operation. -// pageNum := 0 -// err := client.DescribeEngineDefaultParametersPages(params, -// func(page *rds.DescribeEngineDefaultParametersOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeEngineDefaultParameters operation. +// pageNum := 0 +// err := client.DescribeEngineDefaultParametersPages(params, +// func(page *rds.DescribeEngineDefaultParametersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeEngineDefaultParametersPages(input *DescribeEngineDefaultParametersInput, fn func(*DescribeEngineDefaultParametersOutput, bool) bool) error { return c.DescribeEngineDefaultParametersPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -7671,14 +9401,13 @@ const opDescribeEventCategories = "DescribeEventCategories" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeEventCategoriesRequest method. +// req, resp := client.DescribeEventCategoriesRequest(params) // -// // Example sending a request using the DescribeEventCategoriesRequest method. -// req, resp := client.DescribeEventCategoriesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeEventCategories func (c *RDS) DescribeEventCategoriesRequest(input *DescribeEventCategoriesInput) (req *request.Request, output *DescribeEventCategoriesOutput) { @@ -7700,9 +9429,10 @@ func (c *RDS) DescribeEventCategoriesRequest(input *DescribeEventCategoriesInput // DescribeEventCategories API operation for Amazon Relational Database Service. // // Displays a list of categories for all event source types, or, if specified, -// for a specified source type. You can see a list of the event categories and -// source types in Events (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) -// in the Amazon RDS User Guide. +// for a specified source type. You can also see this list in the "Amazon RDS +// event categories and event messages" section of the Amazon RDS User Guide +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) +// or the Amazon Aurora User Guide (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7748,14 +9478,13 @@ const opDescribeEventSubscriptions = "DescribeEventSubscriptions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeEventSubscriptionsRequest method. +// req, resp := client.DescribeEventSubscriptionsRequest(params) // -// // Example sending a request using the DescribeEventSubscriptionsRequest method. -// req, resp := client.DescribeEventSubscriptionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeEventSubscriptions func (c *RDS) DescribeEventSubscriptionsRequest(input *DescribeEventSubscriptionsInput) (req *request.Request, output *DescribeEventSubscriptionsOutput) { @@ -7796,8 +9525,8 @@ func (c *RDS) DescribeEventSubscriptionsRequest(input *DescribeEventSubscription // API operation DescribeEventSubscriptions for usage and error information. // // Returned Error Codes: -// * ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" -// The subscription name does not exist. +// - ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" +// The subscription name does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeEventSubscriptions func (c *RDS) DescribeEventSubscriptions(input *DescribeEventSubscriptionsInput) (*DescribeEventSubscriptionsOutput, error) { @@ -7829,15 +9558,14 @@ func (c *RDS) DescribeEventSubscriptionsWithContext(ctx aws.Context, input *Desc // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeEventSubscriptions operation. -// pageNum := 0 -// err := client.DescribeEventSubscriptionsPages(params, -// func(page *rds.DescribeEventSubscriptionsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeEventSubscriptions operation. +// pageNum := 0 +// err := client.DescribeEventSubscriptionsPages(params, +// func(page *rds.DescribeEventSubscriptionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeEventSubscriptionsPages(input *DescribeEventSubscriptionsInput, fn func(*DescribeEventSubscriptionsOutput, bool) bool) error { return c.DescribeEventSubscriptionsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -7889,14 +9617,13 @@ const opDescribeEvents = "DescribeEvents" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeEventsRequest method. +// req, resp := client.DescribeEventsRequest(params) // -// // Example sending a request using the DescribeEventsRequest method. -// req, resp := client.DescribeEventsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeEvents func (c *RDS) DescribeEventsRequest(input *DescribeEventsInput) (req *request.Request, output *DescribeEventsOutput) { @@ -7924,12 +9651,17 @@ func (c *RDS) DescribeEventsRequest(input *DescribeEventsInput) (req *request.Re // DescribeEvents API operation for Amazon Relational Database Service. // // Returns events related to DB instances, DB clusters, DB parameter groups, -// DB security groups, DB snapshots, and DB cluster snapshots for the past 14 -// days. Events specific to a particular DB instances, DB clusters, DB parameter -// groups, DB security groups, DB snapshots, and DB cluster snapshots group -// can be obtained by providing the name as a parameter. +// DB security groups, DB snapshots, DB cluster snapshots, and RDS Proxies for +// the past 14 days. Events specific to a particular DB instance, DB cluster, +// DB parameter group, DB security group, DB snapshot, DB cluster snapshot group, +// or RDS Proxy can be obtained by providing the name as a parameter. +// +// For more information on working with events, see Monitoring Amazon RDS events +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/working-with-events.html) +// in the Amazon RDS User Guide and Monitoring Amazon Aurora events (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/working-with-events.html) +// in the Amazon Aurora User Guide. // -// By default, the past hour of events are returned. +// By default, RDS returns events that were generated in the past hour. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7967,15 +9699,14 @@ func (c *RDS) DescribeEventsWithContext(ctx aws.Context, input *DescribeEventsIn // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeEvents operation. -// pageNum := 0 -// err := client.DescribeEventsPages(params, -// func(page *rds.DescribeEventsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeEvents operation. +// pageNum := 0 +// err := client.DescribeEventsPages(params, +// func(page *rds.DescribeEventsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeEventsPages(input *DescribeEventsInput, fn func(*DescribeEventsOutput, bool) bool) error { return c.DescribeEventsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -8027,14 +9758,13 @@ const opDescribeExportTasks = "DescribeExportTasks" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeExportTasksRequest method. +// req, resp := client.DescribeExportTasksRequest(params) // -// // Example sending a request using the DescribeExportTasksRequest method. -// req, resp := client.DescribeExportTasksRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeExportTasks func (c *RDS) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req *request.Request, output *DescribeExportTasksOutput) { @@ -8061,8 +9791,8 @@ func (c *RDS) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req * // DescribeExportTasks API operation for Amazon Relational Database Service. // -// Returns information about a snapshot export to Amazon S3. This API operation -// supports pagination. +// Returns information about a snapshot or cluster export to Amazon S3. This +// API operation supports pagination. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8072,8 +9802,8 @@ func (c *RDS) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req * // API operation DescribeExportTasks for usage and error information. // // Returned Error Codes: -// * ErrCodeExportTaskNotFoundFault "ExportTaskNotFound" -// The export task doesn't exist. +// - ErrCodeExportTaskNotFoundFault "ExportTaskNotFound" +// The export task doesn't exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeExportTasks func (c *RDS) DescribeExportTasks(input *DescribeExportTasksInput) (*DescribeExportTasksOutput, error) { @@ -8105,15 +9835,14 @@ func (c *RDS) DescribeExportTasksWithContext(ctx aws.Context, input *DescribeExp // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeExportTasks operation. -// pageNum := 0 -// err := client.DescribeExportTasksPages(params, -// func(page *rds.DescribeExportTasksOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeExportTasks operation. +// pageNum := 0 +// err := client.DescribeExportTasksPages(params, +// func(page *rds.DescribeExportTasksOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeExportTasksPages(input *DescribeExportTasksInput, fn func(*DescribeExportTasksOutput, bool) bool) error { return c.DescribeExportTasksPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -8165,14 +9894,13 @@ const opDescribeGlobalClusters = "DescribeGlobalClusters" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeGlobalClustersRequest method. +// req, resp := client.DescribeGlobalClustersRequest(params) // -// // Example sending a request using the DescribeGlobalClustersRequest method. -// req, resp := client.DescribeGlobalClustersRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeGlobalClusters func (c *RDS) DescribeGlobalClustersRequest(input *DescribeGlobalClustersInput) (req *request.Request, output *DescribeGlobalClustersOutput) { @@ -8202,7 +9930,7 @@ func (c *RDS) DescribeGlobalClustersRequest(input *DescribeGlobalClustersInput) // Returns information about Aurora global database clusters. This API supports // pagination. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // // This action only applies to Aurora DB clusters. @@ -8215,7 +9943,9 @@ func (c *RDS) DescribeGlobalClustersRequest(input *DescribeGlobalClustersInput) // API operation DescribeGlobalClusters for usage and error information. // // Returned Error Codes: -// * ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// - ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// The GlobalClusterIdentifier doesn't refer to an existing global database +// cluster. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeGlobalClusters func (c *RDS) DescribeGlobalClusters(input *DescribeGlobalClustersInput) (*DescribeGlobalClustersOutput, error) { @@ -8247,15 +9977,14 @@ func (c *RDS) DescribeGlobalClustersWithContext(ctx aws.Context, input *Describe // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeGlobalClusters operation. -// pageNum := 0 -// err := client.DescribeGlobalClustersPages(params, -// func(page *rds.DescribeGlobalClustersOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeGlobalClusters operation. +// pageNum := 0 +// err := client.DescribeGlobalClustersPages(params, +// func(page *rds.DescribeGlobalClustersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeGlobalClustersPages(input *DescribeGlobalClustersInput, fn func(*DescribeGlobalClustersOutput, bool) bool) error { return c.DescribeGlobalClustersPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -8291,35 +10020,34 @@ func (c *RDS) DescribeGlobalClustersPagesWithContext(ctx aws.Context, input *Des return p.Err() } -const opDescribeInstallationMedia = "DescribeInstallationMedia" +const opDescribeIntegrations = "DescribeIntegrations" -// DescribeInstallationMediaRequest generates a "aws/request.Request" representing the -// client's request for the DescribeInstallationMedia operation. The "output" return +// DescribeIntegrationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeIntegrations operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See DescribeInstallationMedia for more information on using the DescribeInstallationMedia +// See DescribeIntegrations for more information on using the DescribeIntegrations // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeIntegrationsRequest method. +// req, resp := client.DescribeIntegrationsRequest(params) // -// // Example sending a request using the DescribeInstallationMediaRequest method. -// req, resp := client.DescribeInstallationMediaRequest(params) +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } -// -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeInstallationMedia -func (c *RDS) DescribeInstallationMediaRequest(input *DescribeInstallationMediaInput) (req *request.Request, output *DescribeInstallationMediaOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeIntegrations +func (c *RDS) DescribeIntegrationsRequest(input *DescribeIntegrationsInput) (req *request.Request, output *DescribeIntegrationsOutput) { op := &request.Operation{ - Name: opDescribeInstallationMedia, + Name: opDescribeIntegrations, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ @@ -8331,89 +10059,87 @@ func (c *RDS) DescribeInstallationMediaRequest(input *DescribeInstallationMediaI } if input == nil { - input = &DescribeInstallationMediaInput{} + input = &DescribeIntegrationsInput{} } - output = &DescribeInstallationMediaOutput{} + output = &DescribeIntegrationsOutput{} req = c.newRequest(op, input, output) return } -// DescribeInstallationMedia API operation for Amazon Relational Database Service. +// DescribeIntegrations API operation for Amazon Relational Database Service. // -// Describes the available installation media for a DB engine that requires -// an on-premises customer provided license, such as Microsoft SQL Server. +// Describe one or more zero-ETL integrations with Amazon Redshift. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon Relational Database Service's -// API operation DescribeInstallationMedia for usage and error information. +// API operation DescribeIntegrations for usage and error information. // // Returned Error Codes: -// * ErrCodeInstallationMediaNotFoundFault "InstallationMediaNotFound" -// InstallationMediaID doesn't refer to an existing installation medium. +// - ErrCodeIntegrationNotFoundFault "IntegrationNotFoundFault" +// The specified integration could not be found. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeInstallationMedia -func (c *RDS) DescribeInstallationMedia(input *DescribeInstallationMediaInput) (*DescribeInstallationMediaOutput, error) { - req, out := c.DescribeInstallationMediaRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeIntegrations +func (c *RDS) DescribeIntegrations(input *DescribeIntegrationsInput) (*DescribeIntegrationsOutput, error) { + req, out := c.DescribeIntegrationsRequest(input) return out, req.Send() } -// DescribeInstallationMediaWithContext is the same as DescribeInstallationMedia with the addition of +// DescribeIntegrationsWithContext is the same as DescribeIntegrations with the addition of // the ability to pass a context and additional request options. // -// See DescribeInstallationMedia for details on how to use this API operation. +// See DescribeIntegrations for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) DescribeInstallationMediaWithContext(ctx aws.Context, input *DescribeInstallationMediaInput, opts ...request.Option) (*DescribeInstallationMediaOutput, error) { - req, out := c.DescribeInstallationMediaRequest(input) +func (c *RDS) DescribeIntegrationsWithContext(ctx aws.Context, input *DescribeIntegrationsInput, opts ...request.Option) (*DescribeIntegrationsOutput, error) { + req, out := c.DescribeIntegrationsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// DescribeInstallationMediaPages iterates over the pages of a DescribeInstallationMedia operation, +// DescribeIntegrationsPages iterates over the pages of a DescribeIntegrations operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See DescribeInstallationMedia method for more information on how to use this operation. +// See DescribeIntegrations method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeInstallationMedia operation. -// pageNum := 0 -// err := client.DescribeInstallationMediaPages(params, -// func(page *rds.DescribeInstallationMediaOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// -func (c *RDS) DescribeInstallationMediaPages(input *DescribeInstallationMediaInput, fn func(*DescribeInstallationMediaOutput, bool) bool) error { - return c.DescribeInstallationMediaPagesWithContext(aws.BackgroundContext(), input, fn) +// // Example iterating over at most 3 pages of a DescribeIntegrations operation. +// pageNum := 0 +// err := client.DescribeIntegrationsPages(params, +// func(page *rds.DescribeIntegrationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *RDS) DescribeIntegrationsPages(input *DescribeIntegrationsInput, fn func(*DescribeIntegrationsOutput, bool) bool) error { + return c.DescribeIntegrationsPagesWithContext(aws.BackgroundContext(), input, fn) } -// DescribeInstallationMediaPagesWithContext same as DescribeInstallationMediaPages except +// DescribeIntegrationsPagesWithContext same as DescribeIntegrationsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) DescribeInstallationMediaPagesWithContext(ctx aws.Context, input *DescribeInstallationMediaInput, fn func(*DescribeInstallationMediaOutput, bool) bool, opts ...request.Option) error { +func (c *RDS) DescribeIntegrationsPagesWithContext(ctx aws.Context, input *DescribeIntegrationsInput, fn func(*DescribeIntegrationsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *DescribeInstallationMediaInput + var inCpy *DescribeIntegrationsInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.DescribeInstallationMediaRequest(inCpy) + req, _ := c.DescribeIntegrationsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -8421,7 +10147,7 @@ func (c *RDS) DescribeInstallationMediaPagesWithContext(ctx aws.Context, input * } for p.Next() { - if !fn(p.Page().(*DescribeInstallationMediaOutput), !p.HasNextPage()) { + if !fn(p.Page().(*DescribeIntegrationsOutput), !p.HasNextPage()) { break } } @@ -8445,14 +10171,13 @@ const opDescribeOptionGroupOptions = "DescribeOptionGroupOptions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeOptionGroupOptionsRequest method. +// req, resp := client.DescribeOptionGroupOptionsRequest(params) // -// // Example sending a request using the DescribeOptionGroupOptionsRequest method. -// req, resp := client.DescribeOptionGroupOptionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeOptionGroupOptions func (c *RDS) DescribeOptionGroupOptionsRequest(input *DescribeOptionGroupOptionsInput) (req *request.Request, output *DescribeOptionGroupOptionsOutput) { @@ -8479,7 +10204,7 @@ func (c *RDS) DescribeOptionGroupOptionsRequest(input *DescribeOptionGroupOption // DescribeOptionGroupOptions API operation for Amazon Relational Database Service. // -// Describes all available options. +// Describes all available options for the specified engine. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8517,15 +10242,14 @@ func (c *RDS) DescribeOptionGroupOptionsWithContext(ctx aws.Context, input *Desc // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeOptionGroupOptions operation. -// pageNum := 0 -// err := client.DescribeOptionGroupOptionsPages(params, -// func(page *rds.DescribeOptionGroupOptionsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeOptionGroupOptions operation. +// pageNum := 0 +// err := client.DescribeOptionGroupOptionsPages(params, +// func(page *rds.DescribeOptionGroupOptionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeOptionGroupOptionsPages(input *DescribeOptionGroupOptionsInput, fn func(*DescribeOptionGroupOptionsOutput, bool) bool) error { return c.DescribeOptionGroupOptionsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -8577,14 +10301,13 @@ const opDescribeOptionGroups = "DescribeOptionGroups" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeOptionGroupsRequest method. +// req, resp := client.DescribeOptionGroupsRequest(params) // -// // Example sending a request using the DescribeOptionGroupsRequest method. -// req, resp := client.DescribeOptionGroupsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeOptionGroups func (c *RDS) DescribeOptionGroupsRequest(input *DescribeOptionGroupsInput) (req *request.Request, output *DescribeOptionGroupsOutput) { @@ -8621,8 +10344,8 @@ func (c *RDS) DescribeOptionGroupsRequest(input *DescribeOptionGroupsInput) (req // API operation DescribeOptionGroups for usage and error information. // // Returned Error Codes: -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeOptionGroups func (c *RDS) DescribeOptionGroups(input *DescribeOptionGroupsInput) (*DescribeOptionGroupsOutput, error) { @@ -8654,15 +10377,14 @@ func (c *RDS) DescribeOptionGroupsWithContext(ctx aws.Context, input *DescribeOp // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeOptionGroups operation. -// pageNum := 0 -// err := client.DescribeOptionGroupsPages(params, -// func(page *rds.DescribeOptionGroupsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeOptionGroups operation. +// pageNum := 0 +// err := client.DescribeOptionGroupsPages(params, +// func(page *rds.DescribeOptionGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeOptionGroupsPages(input *DescribeOptionGroupsInput, fn func(*DescribeOptionGroupsOutput, bool) bool) error { return c.DescribeOptionGroupsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -8714,14 +10436,13 @@ const opDescribeOrderableDBInstanceOptions = "DescribeOrderableDBInstanceOptions // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeOrderableDBInstanceOptionsRequest method. +// req, resp := client.DescribeOrderableDBInstanceOptionsRequest(params) // -// // Example sending a request using the DescribeOrderableDBInstanceOptionsRequest method. -// req, resp := client.DescribeOrderableDBInstanceOptionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeOrderableDBInstanceOptions func (c *RDS) DescribeOrderableDBInstanceOptionsRequest(input *DescribeOrderableDBInstanceOptionsInput) (req *request.Request, output *DescribeOrderableDBInstanceOptionsOutput) { @@ -8748,7 +10469,7 @@ func (c *RDS) DescribeOrderableDBInstanceOptionsRequest(input *DescribeOrderable // DescribeOrderableDBInstanceOptions API operation for Amazon Relational Database Service. // -// Returns a list of orderable DB instance options for the specified engine. +// Describes the orderable DB instance options for a specified DB engine. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8786,15 +10507,14 @@ func (c *RDS) DescribeOrderableDBInstanceOptionsWithContext(ctx aws.Context, inp // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeOrderableDBInstanceOptions operation. -// pageNum := 0 -// err := client.DescribeOrderableDBInstanceOptionsPages(params, -// func(page *rds.DescribeOrderableDBInstanceOptionsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeOrderableDBInstanceOptions operation. +// pageNum := 0 +// err := client.DescribeOrderableDBInstanceOptionsPages(params, +// func(page *rds.DescribeOrderableDBInstanceOptionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeOrderableDBInstanceOptionsPages(input *DescribeOrderableDBInstanceOptionsInput, fn func(*DescribeOrderableDBInstanceOptionsOutput, bool) bool) error { return c.DescribeOrderableDBInstanceOptionsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -8846,14 +10566,13 @@ const opDescribePendingMaintenanceActions = "DescribePendingMaintenanceActions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribePendingMaintenanceActionsRequest method. +// req, resp := client.DescribePendingMaintenanceActionsRequest(params) // -// // Example sending a request using the DescribePendingMaintenanceActionsRequest method. -// req, resp := client.DescribePendingMaintenanceActionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribePendingMaintenanceActions func (c *RDS) DescribePendingMaintenanceActionsRequest(input *DescribePendingMaintenanceActionsInput) (req *request.Request, output *DescribePendingMaintenanceActionsOutput) { @@ -8883,6 +10602,11 @@ func (c *RDS) DescribePendingMaintenanceActionsRequest(input *DescribePendingMai // Returns a list of resources (for example, DB instances) that have at least // one pending maintenance action. // +// This API follows an eventual consistency model. This means that the result +// of the DescribePendingMaintenanceActions command might not be immediately +// visible to all subsequent RDS commands. Keep this in mind when you use DescribePendingMaintenanceActions +// immediately after using a previous API command such as ApplyPendingMaintenanceActions. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8891,8 +10615,8 @@ func (c *RDS) DescribePendingMaintenanceActionsRequest(input *DescribePendingMai // API operation DescribePendingMaintenanceActions for usage and error information. // // Returned Error Codes: -// * ErrCodeResourceNotFoundFault "ResourceNotFoundFault" -// The specified resource ID was not found. +// - ErrCodeResourceNotFoundFault "ResourceNotFoundFault" +// The specified resource ID was not found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribePendingMaintenanceActions func (c *RDS) DescribePendingMaintenanceActions(input *DescribePendingMaintenanceActionsInput) (*DescribePendingMaintenanceActionsOutput, error) { @@ -8924,15 +10648,14 @@ func (c *RDS) DescribePendingMaintenanceActionsWithContext(ctx aws.Context, inpu // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribePendingMaintenanceActions operation. -// pageNum := 0 -// err := client.DescribePendingMaintenanceActionsPages(params, -// func(page *rds.DescribePendingMaintenanceActionsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribePendingMaintenanceActions operation. +// pageNum := 0 +// err := client.DescribePendingMaintenanceActionsPages(params, +// func(page *rds.DescribePendingMaintenanceActionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribePendingMaintenanceActionsPages(input *DescribePendingMaintenanceActionsInput, fn func(*DescribePendingMaintenanceActionsOutput, bool) bool) error { return c.DescribePendingMaintenanceActionsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -8984,14 +10707,13 @@ const opDescribeReservedDBInstances = "DescribeReservedDBInstances" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeReservedDBInstancesRequest method. +// req, resp := client.DescribeReservedDBInstancesRequest(params) // -// // Example sending a request using the DescribeReservedDBInstancesRequest method. -// req, resp := client.DescribeReservedDBInstancesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeReservedDBInstances func (c *RDS) DescribeReservedDBInstancesRequest(input *DescribeReservedDBInstancesInput) (req *request.Request, output *DescribeReservedDBInstancesOutput) { @@ -9029,8 +10751,8 @@ func (c *RDS) DescribeReservedDBInstancesRequest(input *DescribeReservedDBInstan // API operation DescribeReservedDBInstances for usage and error information. // // Returned Error Codes: -// * ErrCodeReservedDBInstanceNotFoundFault "ReservedDBInstanceNotFound" -// The specified reserved DB Instance not found. +// - ErrCodeReservedDBInstanceNotFoundFault "ReservedDBInstanceNotFound" +// The specified reserved DB Instance not found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeReservedDBInstances func (c *RDS) DescribeReservedDBInstances(input *DescribeReservedDBInstancesInput) (*DescribeReservedDBInstancesOutput, error) { @@ -9062,15 +10784,14 @@ func (c *RDS) DescribeReservedDBInstancesWithContext(ctx aws.Context, input *Des // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeReservedDBInstances operation. -// pageNum := 0 -// err := client.DescribeReservedDBInstancesPages(params, -// func(page *rds.DescribeReservedDBInstancesOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeReservedDBInstances operation. +// pageNum := 0 +// err := client.DescribeReservedDBInstancesPages(params, +// func(page *rds.DescribeReservedDBInstancesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeReservedDBInstancesPages(input *DescribeReservedDBInstancesInput, fn func(*DescribeReservedDBInstancesOutput, bool) bool) error { return c.DescribeReservedDBInstancesPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -9122,14 +10843,13 @@ const opDescribeReservedDBInstancesOfferings = "DescribeReservedDBInstancesOffer // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeReservedDBInstancesOfferingsRequest method. +// req, resp := client.DescribeReservedDBInstancesOfferingsRequest(params) // -// // Example sending a request using the DescribeReservedDBInstancesOfferingsRequest method. -// req, resp := client.DescribeReservedDBInstancesOfferingsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeReservedDBInstancesOfferings func (c *RDS) DescribeReservedDBInstancesOfferingsRequest(input *DescribeReservedDBInstancesOfferingsInput) (req *request.Request, output *DescribeReservedDBInstancesOfferingsOutput) { @@ -9166,8 +10886,8 @@ func (c *RDS) DescribeReservedDBInstancesOfferingsRequest(input *DescribeReserve // API operation DescribeReservedDBInstancesOfferings for usage and error information. // // Returned Error Codes: -// * ErrCodeReservedDBInstancesOfferingNotFoundFault "ReservedDBInstancesOfferingNotFound" -// Specified offering does not exist. +// - ErrCodeReservedDBInstancesOfferingNotFoundFault "ReservedDBInstancesOfferingNotFound" +// Specified offering does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeReservedDBInstancesOfferings func (c *RDS) DescribeReservedDBInstancesOfferings(input *DescribeReservedDBInstancesOfferingsInput) (*DescribeReservedDBInstancesOfferingsOutput, error) { @@ -9199,15 +10919,14 @@ func (c *RDS) DescribeReservedDBInstancesOfferingsWithContext(ctx aws.Context, i // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeReservedDBInstancesOfferings operation. -// pageNum := 0 -// err := client.DescribeReservedDBInstancesOfferingsPages(params, -// func(page *rds.DescribeReservedDBInstancesOfferingsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeReservedDBInstancesOfferings operation. +// pageNum := 0 +// err := client.DescribeReservedDBInstancesOfferingsPages(params, +// func(page *rds.DescribeReservedDBInstancesOfferingsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeReservedDBInstancesOfferingsPages(input *DescribeReservedDBInstancesOfferingsInput, fn func(*DescribeReservedDBInstancesOfferingsOutput, bool) bool) error { return c.DescribeReservedDBInstancesOfferingsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -9259,14 +10978,13 @@ const opDescribeSourceRegions = "DescribeSourceRegions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeSourceRegionsRequest method. +// req, resp := client.DescribeSourceRegionsRequest(params) // -// // Example sending a request using the DescribeSourceRegionsRequest method. -// req, resp := client.DescribeSourceRegionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeSourceRegions func (c *RDS) DescribeSourceRegionsRequest(input *DescribeSourceRegionsInput) (req *request.Request, output *DescribeSourceRegionsOutput) { @@ -9293,9 +11011,17 @@ func (c *RDS) DescribeSourceRegionsRequest(input *DescribeSourceRegionsInput) (r // DescribeSourceRegions API operation for Amazon Relational Database Service. // -// Returns a list of the source AWS Regions where the current AWS Region can -// create a read replica or copy a DB snapshot from. This API action supports -// pagination. +// Returns a list of the source Amazon Web Services Regions where the current +// Amazon Web Services Region can create a read replica, copy a DB snapshot +// from, or replicate automated backups from. +// +// Use this operation to determine whether cross-Region features are supported +// between other Regions and your current Region. This operation supports pagination. +// +// To return information about the Regions that are enabled for your account, +// or all Regions, use the EC2 operation DescribeRegions. For more information, +// see DescribeRegions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html) +// in the Amazon EC2 API Reference. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9333,15 +11059,14 @@ func (c *RDS) DescribeSourceRegionsWithContext(ctx aws.Context, input *DescribeS // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DescribeSourceRegions operation. -// pageNum := 0 -// err := client.DescribeSourceRegionsPages(params, -// func(page *rds.DescribeSourceRegionsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DescribeSourceRegions operation. +// pageNum := 0 +// err := client.DescribeSourceRegionsPages(params, +// func(page *rds.DescribeSourceRegionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DescribeSourceRegionsPages(input *DescribeSourceRegionsInput, fn func(*DescribeSourceRegionsOutput, bool) bool) error { return c.DescribeSourceRegionsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -9377,6 +11102,142 @@ func (c *RDS) DescribeSourceRegionsPagesWithContext(ctx aws.Context, input *Desc return p.Err() } +const opDescribeTenantDatabases = "DescribeTenantDatabases" + +// DescribeTenantDatabasesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTenantDatabases operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTenantDatabases for more information on using the DescribeTenantDatabases +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeTenantDatabasesRequest method. +// req, resp := client.DescribeTenantDatabasesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeTenantDatabases +func (c *RDS) DescribeTenantDatabasesRequest(input *DescribeTenantDatabasesInput) (req *request.Request, output *DescribeTenantDatabasesOutput) { + op := &request.Operation{ + Name: opDescribeTenantDatabases, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxRecords", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTenantDatabasesInput{} + } + + output = &DescribeTenantDatabasesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTenantDatabases API operation for Amazon Relational Database Service. +// +// Describes the tenant databases in a DB instance that uses the multi-tenant +// configuration. Only RDS for Oracle CDB instances are supported. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DescribeTenantDatabases for usage and error information. +// +// Returned Error Codes: +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeTenantDatabases +func (c *RDS) DescribeTenantDatabases(input *DescribeTenantDatabasesInput) (*DescribeTenantDatabasesOutput, error) { + req, out := c.DescribeTenantDatabasesRequest(input) + return out, req.Send() +} + +// DescribeTenantDatabasesWithContext is the same as DescribeTenantDatabases with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTenantDatabases for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeTenantDatabasesWithContext(ctx aws.Context, input *DescribeTenantDatabasesInput, opts ...request.Option) (*DescribeTenantDatabasesOutput, error) { + req, out := c.DescribeTenantDatabasesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTenantDatabasesPages iterates over the pages of a DescribeTenantDatabases operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTenantDatabases method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTenantDatabases operation. +// pageNum := 0 +// err := client.DescribeTenantDatabasesPages(params, +// func(page *rds.DescribeTenantDatabasesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *RDS) DescribeTenantDatabasesPages(input *DescribeTenantDatabasesInput, fn func(*DescribeTenantDatabasesOutput, bool) bool) error { + return c.DescribeTenantDatabasesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTenantDatabasesPagesWithContext same as DescribeTenantDatabasesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DescribeTenantDatabasesPagesWithContext(ctx aws.Context, input *DescribeTenantDatabasesInput, fn func(*DescribeTenantDatabasesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTenantDatabasesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTenantDatabasesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTenantDatabasesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeValidDBInstanceModifications = "DescribeValidDBInstanceModifications" // DescribeValidDBInstanceModificationsRequest generates a "aws/request.Request" representing the @@ -9393,14 +11254,13 @@ const opDescribeValidDBInstanceModifications = "DescribeValidDBInstanceModificat // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DescribeValidDBInstanceModificationsRequest method. +// req, resp := client.DescribeValidDBInstanceModificationsRequest(params) // -// // Example sending a request using the DescribeValidDBInstanceModificationsRequest method. -// req, resp := client.DescribeValidDBInstanceModificationsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeValidDBInstanceModifications func (c *RDS) DescribeValidDBInstanceModificationsRequest(input *DescribeValidDBInstanceModificationsInput) (req *request.Request, output *DescribeValidDBInstanceModificationsOutput) { @@ -9425,6 +11285,8 @@ func (c *RDS) DescribeValidDBInstanceModificationsRequest(input *DescribeValidDB // you can make to your DB instance. You can use this information when you call // ModifyDBInstance. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9433,11 +11295,12 @@ func (c *RDS) DescribeValidDBInstanceModificationsRequest(input *DescribeValidDB // API operation DescribeValidDBInstanceModifications for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeValidDBInstanceModifications func (c *RDS) DescribeValidDBInstanceModifications(input *DescribeValidDBInstanceModificationsInput) (*DescribeValidDBInstanceModificationsOutput, error) { @@ -9461,6 +11324,96 @@ func (c *RDS) DescribeValidDBInstanceModificationsWithContext(ctx aws.Context, i return out, req.Send() } +const opDisableHttpEndpoint = "DisableHttpEndpoint" + +// DisableHttpEndpointRequest generates a "aws/request.Request" representing the +// client's request for the DisableHttpEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableHttpEndpoint for more information on using the DisableHttpEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableHttpEndpointRequest method. +// req, resp := client.DisableHttpEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DisableHttpEndpoint +func (c *RDS) DisableHttpEndpointRequest(input *DisableHttpEndpointInput) (req *request.Request, output *DisableHttpEndpointOutput) { + op := &request.Operation{ + Name: opDisableHttpEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableHttpEndpointInput{} + } + + output = &DisableHttpEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableHttpEndpoint API operation for Amazon Relational Database Service. +// +// Disables the HTTP endpoint for the specified DB cluster. Disabling this endpoint +// disables RDS Data API. +// +// For more information, see Using RDS Data API (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) +// in the Amazon Aurora User Guide. +// +// This operation applies only to Aurora PostgreSQL Serverless v2 and provisioned +// DB clusters. To disable the HTTP endpoint for Aurora Serverless v1 DB clusters, +// use the EnableHttpEndpoint parameter of the ModifyDBCluster operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation DisableHttpEndpoint for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeResourceNotFoundFault "ResourceNotFoundFault" +// The specified resource ID was not found. +// +// - ErrCodeInvalidResourceStateFault "InvalidResourceStateFault" +// The operation can't be performed because another operation is in progress. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DisableHttpEndpoint +func (c *RDS) DisableHttpEndpoint(input *DisableHttpEndpointInput) (*DisableHttpEndpointOutput, error) { + req, out := c.DisableHttpEndpointRequest(input) + return out, req.Send() +} + +// DisableHttpEndpointWithContext is the same as DisableHttpEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See DisableHttpEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) DisableHttpEndpointWithContext(ctx aws.Context, input *DisableHttpEndpointInput, opts ...request.Option) (*DisableHttpEndpointOutput, error) { + req, out := c.DisableHttpEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDownloadDBLogFilePortion = "DownloadDBLogFilePortion" // DownloadDBLogFilePortionRequest generates a "aws/request.Request" representing the @@ -9477,14 +11430,13 @@ const opDownloadDBLogFilePortion = "DownloadDBLogFilePortion" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DownloadDBLogFilePortionRequest method. +// req, resp := client.DownloadDBLogFilePortionRequest(params) // -// // Example sending a request using the DownloadDBLogFilePortionRequest method. -// req, resp := client.DownloadDBLogFilePortionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DownloadDBLogFilePortion func (c *RDS) DownloadDBLogFilePortionRequest(input *DownloadDBLogFilePortionInput) (req *request.Request, output *DownloadDBLogFilePortionOutput) { @@ -9513,6 +11465,8 @@ func (c *RDS) DownloadDBLogFilePortionRequest(input *DownloadDBLogFilePortionInp // // Downloads all or a portion of the specified log file, up to 1 MB in size. // +// This command doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9521,11 +11475,12 @@ func (c *RDS) DownloadDBLogFilePortionRequest(input *DownloadDBLogFilePortionInp // API operation DownloadDBLogFilePortion for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBLogFileNotFoundFault "DBLogFileNotFoundFault" -// LogFileName doesn't refer to an existing DB log file. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeDBLogFileNotFoundFault "DBLogFileNotFoundFault" +// LogFileName doesn't refer to an existing DB log file. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DownloadDBLogFilePortion func (c *RDS) DownloadDBLogFilePortion(input *DownloadDBLogFilePortionInput) (*DownloadDBLogFilePortionOutput, error) { @@ -9557,15 +11512,14 @@ func (c *RDS) DownloadDBLogFilePortionWithContext(ctx aws.Context, input *Downlo // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a DownloadDBLogFilePortion operation. -// pageNum := 0 -// err := client.DownloadDBLogFilePortionPages(params, -// func(page *rds.DownloadDBLogFilePortionOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a DownloadDBLogFilePortion operation. +// pageNum := 0 +// err := client.DownloadDBLogFilePortionPages(params, +// func(page *rds.DownloadDBLogFilePortionOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *RDS) DownloadDBLogFilePortionPages(input *DownloadDBLogFilePortionInput, fn func(*DownloadDBLogFilePortionOutput, bool) bool) error { return c.DownloadDBLogFilePortionPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -9601,6 +11555,100 @@ func (c *RDS) DownloadDBLogFilePortionPagesWithContext(ctx aws.Context, input *D return p.Err() } +const opEnableHttpEndpoint = "EnableHttpEndpoint" + +// EnableHttpEndpointRequest generates a "aws/request.Request" representing the +// client's request for the EnableHttpEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableHttpEndpoint for more information on using the EnableHttpEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableHttpEndpointRequest method. +// req, resp := client.EnableHttpEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/EnableHttpEndpoint +func (c *RDS) EnableHttpEndpointRequest(input *EnableHttpEndpointInput) (req *request.Request, output *EnableHttpEndpointOutput) { + op := &request.Operation{ + Name: opEnableHttpEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableHttpEndpointInput{} + } + + output = &EnableHttpEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableHttpEndpoint API operation for Amazon Relational Database Service. +// +// Enables the HTTP endpoint for the DB cluster. By default, the HTTP endpoint +// isn't enabled. +// +// When enabled, this endpoint provides a connectionless web service API (RDS +// Data API) for running SQL queries on the Aurora DB cluster. You can also +// query your database from inside the RDS console with the RDS query editor. +// +// For more information, see Using RDS Data API (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) +// in the Amazon Aurora User Guide. +// +// This operation applies only to Aurora PostgreSQL Serverless v2 and provisioned +// DB clusters. To enable the HTTP endpoint for Aurora Serverless v1 DB clusters, +// use the EnableHttpEndpoint parameter of the ModifyDBCluster operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation EnableHttpEndpoint for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeResourceNotFoundFault "ResourceNotFoundFault" +// The specified resource ID was not found. +// +// - ErrCodeInvalidResourceStateFault "InvalidResourceStateFault" +// The operation can't be performed because another operation is in progress. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/EnableHttpEndpoint +func (c *RDS) EnableHttpEndpoint(input *EnableHttpEndpointInput) (*EnableHttpEndpointOutput, error) { + req, out := c.EnableHttpEndpointRequest(input) + return out, req.Send() +} + +// EnableHttpEndpointWithContext is the same as EnableHttpEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See EnableHttpEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) EnableHttpEndpointWithContext(ctx aws.Context, input *EnableHttpEndpointInput, opts ...request.Option) (*EnableHttpEndpointOutput, error) { + req, out := c.EnableHttpEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opFailoverDBCluster = "FailoverDBCluster" // FailoverDBClusterRequest generates a "aws/request.Request" representing the @@ -9617,14 +11665,13 @@ const opFailoverDBCluster = "FailoverDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the FailoverDBClusterRequest method. +// req, resp := client.FailoverDBClusterRequest(params) // -// // Example sending a request using the FailoverDBClusterRequest method. -// req, resp := client.FailoverDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/FailoverDBCluster func (c *RDS) FailoverDBClusterRequest(input *FailoverDBClusterInput) (req *request.Request, output *FailoverDBClusterOutput) { @@ -9647,20 +11694,33 @@ func (c *RDS) FailoverDBClusterRequest(input *FailoverDBClusterInput) (req *requ // // Forces a failover for a DB cluster. // -// A failover for a DB cluster promotes one of the Aurora Replicas (read-only -// instances) in the DB cluster to be the primary instance (the cluster writer). +// For an Aurora DB cluster, failover for a DB cluster promotes one of the Aurora +// Replicas (read-only instances) in the DB cluster to be the primary DB instance +// (the cluster writer). +// +// For a Multi-AZ DB cluster, after RDS terminates the primary DB instance, +// the internal monitoring system detects that the primary DB instance is unhealthy +// and promotes a readable standby (read-only instances) in the DB cluster to +// be the primary DB instance (the cluster writer). Failover times are typically +// less than 35 seconds. // -// Amazon Aurora will automatically fail over to an Aurora Replica, if one exists, -// when the primary instance fails. You can force a failover when you want to -// simulate a failure of a primary instance for testing. Because each instance -// in a DB cluster has its own endpoint address, you will need to clean up and -// re-establish any existing connections that use those endpoint addresses when -// the failover is complete. +// An Amazon Aurora DB cluster automatically fails over to an Aurora Replica, +// if one exists, when the primary DB instance fails. A Multi-AZ DB cluster +// automatically fails over to a readable standby DB instance when the primary +// DB instance fails. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// To simulate a failure of a primary instance for testing, you can force a +// failover. Because each instance in a DB cluster has its own endpoint address, +// make sure to clean up and re-establish any existing connections that use +// those endpoint addresses when the failover is complete. +// +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9670,14 +11730,15 @@ func (c *RDS) FailoverDBClusterRequest(input *FailoverDBClusterInput) (req *requ // API operation FailoverDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/FailoverDBCluster func (c *RDS) FailoverDBCluster(input *FailoverDBClusterInput) (*FailoverDBClusterOutput, error) { @@ -9701,85 +11762,131 @@ func (c *RDS) FailoverDBClusterWithContext(ctx aws.Context, input *FailoverDBClu return out, req.Send() } -const opImportInstallationMedia = "ImportInstallationMedia" +const opFailoverGlobalCluster = "FailoverGlobalCluster" -// ImportInstallationMediaRequest generates a "aws/request.Request" representing the -// client's request for the ImportInstallationMedia operation. The "output" return +// FailoverGlobalClusterRequest generates a "aws/request.Request" representing the +// client's request for the FailoverGlobalCluster operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ImportInstallationMedia for more information on using the ImportInstallationMedia +// See FailoverGlobalCluster for more information on using the FailoverGlobalCluster // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the FailoverGlobalClusterRequest method. +// req, resp := client.FailoverGlobalClusterRequest(params) // -// // Example sending a request using the ImportInstallationMediaRequest method. -// req, resp := client.ImportInstallationMediaRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ImportInstallationMedia -func (c *RDS) ImportInstallationMediaRequest(input *ImportInstallationMediaInput) (req *request.Request, output *ImportInstallationMediaOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/FailoverGlobalCluster +func (c *RDS) FailoverGlobalClusterRequest(input *FailoverGlobalClusterInput) (req *request.Request, output *FailoverGlobalClusterOutput) { op := &request.Operation{ - Name: opImportInstallationMedia, + Name: opFailoverGlobalCluster, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { - input = &ImportInstallationMediaInput{} + input = &FailoverGlobalClusterInput{} } - output = &ImportInstallationMediaOutput{} + output = &FailoverGlobalClusterOutput{} req = c.newRequest(op, input, output) return } -// ImportInstallationMedia API operation for Amazon Relational Database Service. +// FailoverGlobalCluster API operation for Amazon Relational Database Service. +// +// Promotes the specified secondary DB cluster to be the primary DB cluster +// in the global database cluster to fail over or switch over a global database. +// Switchover operations were previously called "managed planned failovers." +// +// Although this operation can be used either to fail over or to switch over +// a global database cluster, its intended use is for global database failover. +// To switch over a global database cluster, we recommend that you use the SwitchoverGlobalCluster +// operation instead. +// +// How you use this operation depends on whether you are failing over or switching +// over your global database cluster: +// +// - Failing over - Specify the AllowDataLoss parameter and don't specify +// the Switchover parameter. +// +// - Switching over - Specify the Switchover parameter or omit it, but don't +// specify the AllowDataLoss parameter. +// +// # About failing over and switching over // -// Imports the installation media for a DB engine that requires an on-premises -// customer provided license, such as SQL Server. +// While failing over and switching over a global database cluster both change +// the primary DB cluster, you use these operations for different reasons: +// +// - Failing over - Use this operation to respond to an unplanned event, +// such as a Regional disaster in the primary Region. Failing over can result +// in a loss of write transaction data that wasn't replicated to the chosen +// secondary before the failover event occurred. However, the recovery process +// that promotes a DB instance on the chosen seconday DB cluster to be the +// primary writer DB instance guarantees that the data is in a transactionally +// consistent state. For more information about failing over an Amazon Aurora +// global database, see Performing managed failovers for Aurora global databases +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.html#aurora-global-database-failover.managed-unplanned) +// in the Amazon Aurora User Guide. +// +// - Switching over - Use this operation on a healthy global database cluster +// for planned events, such as Regional rotation or to fail back to the original +// primary DB cluster after a failover operation. With this operation, there +// is no data loss. For more information about switching over an Amazon Aurora +// global database, see Performing switchovers for Aurora global databases +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.html#aurora-global-database-disaster-recovery.managed-failover) +// in the Amazon Aurora User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon Relational Database Service's -// API operation ImportInstallationMedia for usage and error information. +// API operation FailoverGlobalCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeCustomAvailabilityZoneNotFoundFault "CustomAvailabilityZoneNotFound" -// CustomAvailabilityZoneId doesn't refer to an existing custom Availability -// Zone identifier. // -// * ErrCodeInstallationMediaAlreadyExistsFault "InstallationMediaAlreadyExists" -// The specified installation medium has already been imported. +// - ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// The GlobalClusterIdentifier doesn't refer to an existing global database +// cluster. +// +// - ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// The global cluster is in an invalid state and can't perform the requested +// operation. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ImportInstallationMedia -func (c *RDS) ImportInstallationMedia(input *ImportInstallationMediaInput) (*ImportInstallationMediaOutput, error) { - req, out := c.ImportInstallationMediaRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/FailoverGlobalCluster +func (c *RDS) FailoverGlobalCluster(input *FailoverGlobalClusterInput) (*FailoverGlobalClusterOutput, error) { + req, out := c.FailoverGlobalClusterRequest(input) return out, req.Send() } -// ImportInstallationMediaWithContext is the same as ImportInstallationMedia with the addition of +// FailoverGlobalClusterWithContext is the same as FailoverGlobalCluster with the addition of // the ability to pass a context and additional request options. // -// See ImportInstallationMedia for details on how to use this API operation. +// See FailoverGlobalCluster for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *RDS) ImportInstallationMediaWithContext(ctx aws.Context, input *ImportInstallationMediaInput, opts ...request.Option) (*ImportInstallationMediaOutput, error) { - req, out := c.ImportInstallationMediaRequest(input) +func (c *RDS) FailoverGlobalClusterWithContext(ctx aws.Context, input *FailoverGlobalClusterInput, opts ...request.Option) (*FailoverGlobalClusterOutput, error) { + req, out := c.FailoverGlobalClusterRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() @@ -9801,14 +11908,13 @@ const opListTagsForResource = "ListTagsForResource" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) // -// // Example sending a request using the ListTagsForResourceRequest method. -// req, resp := client.ListTagsForResourceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ListTagsForResource func (c *RDS) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { @@ -9843,22 +11949,35 @@ func (c *RDS) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req * // API operation ListTagsForResource for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeBlueGreenDeploymentNotFoundFault "BlueGreenDeploymentNotFoundFault" +// BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment. // -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeIntegrationNotFoundFault "IntegrationNotFoundFault" +// The specified integration could not be found. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeTenantDatabaseNotFoundFault "TenantDatabaseNotFound" +// The specified tenant database wasn't found in the DB instance. +// +// - ErrCodeDBSnapshotTenantDatabaseNotFoundFault "DBSnapshotTenantDatabaseNotFoundFault" +// The specified snapshot tenant database wasn't found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ListTagsForResource func (c *RDS) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { @@ -9882,6 +12001,99 @@ func (c *RDS) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsFor return out, req.Send() } +const opModifyActivityStream = "ModifyActivityStream" + +// ModifyActivityStreamRequest generates a "aws/request.Request" representing the +// client's request for the ModifyActivityStream operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyActivityStream for more information on using the ModifyActivityStream +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyActivityStreamRequest method. +// req, resp := client.ModifyActivityStreamRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyActivityStream +func (c *RDS) ModifyActivityStreamRequest(input *ModifyActivityStreamInput) (req *request.Request, output *ModifyActivityStreamOutput) { + op := &request.Operation{ + Name: opModifyActivityStream, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyActivityStreamInput{} + } + + output = &ModifyActivityStreamOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyActivityStream API operation for Amazon Relational Database Service. +// +// Changes the audit policy state of a database activity stream to either locked +// (default) or unlocked. A locked policy is read-only, whereas an unlocked +// policy is read/write. If your activity stream is started and locked, you +// can unlock it, customize your audit policy, and then lock your activity stream. +// Restarting the activity stream isn't required. For more information, see +// Modifying a database activity stream (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/DBActivityStreams.Modifying.html) +// in the Amazon RDS User Guide. +// +// This operation is supported for RDS for Oracle and Microsoft SQL Server. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyActivityStream for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeResourceNotFoundFault "ResourceNotFoundFault" +// The specified resource ID was not found. +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyActivityStream +func (c *RDS) ModifyActivityStream(input *ModifyActivityStreamInput) (*ModifyActivityStreamOutput, error) { + req, out := c.ModifyActivityStreamRequest(input) + return out, req.Send() +} + +// ModifyActivityStreamWithContext is the same as ModifyActivityStream with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyActivityStream for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyActivityStreamWithContext(ctx aws.Context, input *ModifyActivityStreamInput, opts ...request.Option) (*ModifyActivityStreamOutput, error) { + req, out := c.ModifyActivityStreamRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyCertificates = "ModifyCertificates" // ModifyCertificatesRequest generates a "aws/request.Request" representing the @@ -9898,14 +12110,13 @@ const opModifyCertificates = "ModifyCertificates" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyCertificatesRequest method. +// req, resp := client.ModifyCertificatesRequest(params) // -// // Example sending a request using the ModifyCertificatesRequest method. -// req, resp := client.ModifyCertificatesRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCertificates func (c *RDS) ModifyCertificatesRequest(input *ModifyCertificatesInput) (req *request.Request, output *ModifyCertificatesOutput) { @@ -9927,8 +12138,8 @@ func (c *RDS) ModifyCertificatesRequest(input *ModifyCertificatesInput) (req *re // ModifyCertificates API operation for Amazon Relational Database Service. // // Override the system-default Secure Sockets Layer/Transport Layer Security -// (SSL/TLS) certificate for Amazon RDS for new DB instances temporarily, or -// remove the override. +// (SSL/TLS) certificate for Amazon RDS for new DB instances, or remove the +// override. // // By using this operation, you can specify an RDS-approved SSL/TLS certificate // for new DB instances that is different from the default certificate provided @@ -9937,14 +12148,14 @@ func (c *RDS) ModifyCertificatesRequest(input *ModifyCertificatesInput) (req *re // // You might need to override the default certificate in the following situations: // -// * You already migrated your applications to support the latest certificate -// authority (CA) certificate, but the new CA certificate is not yet the -// RDS default CA certificate for the specified AWS Region. +// - You already migrated your applications to support the latest certificate +// authority (CA) certificate, but the new CA certificate is not yet the +// RDS default CA certificate for the specified Amazon Web Services Region. // -// * RDS has already moved to a new default CA certificate for the specified -// AWS Region, but you are still in the process of supporting the new CA -// certificate. In this case, you temporarily need additional time to finish -// your application changes. +// - RDS has already moved to a new default CA certificate for the specified +// Amazon Web Services Region, but you are still in the process of supporting +// the new CA certificate. In this case, you temporarily need additional +// time to finish your application changes. // // For more information about rotating your SSL/TLS certificate for RDS DB engines, // see Rotating Your SSL/TLS Certificate (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) @@ -9962,8 +12173,8 @@ func (c *RDS) ModifyCertificatesRequest(input *ModifyCertificatesInput) (req *re // API operation ModifyCertificates for usage and error information. // // Returned Error Codes: -// * ErrCodeCertificateNotFoundFault "CertificateNotFound" -// CertificateIdentifier doesn't refer to an existing certificate. +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCertificates func (c *RDS) ModifyCertificates(input *ModifyCertificatesInput) (*ModifyCertificatesOutput, error) { @@ -10003,14 +12214,13 @@ const opModifyCurrentDBClusterCapacity = "ModifyCurrentDBClusterCapacity" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyCurrentDBClusterCapacityRequest method. +// req, resp := client.ModifyCurrentDBClusterCapacityRequest(params) // -// // Example sending a request using the ModifyCurrentDBClusterCapacityRequest method. -// req, resp := client.ModifyCurrentDBClusterCapacityRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCurrentDBClusterCapacity func (c *RDS) ModifyCurrentDBClusterCapacityRequest(input *ModifyCurrentDBClusterCapacityInput) (req *request.Request, output *ModifyCurrentDBClusterCapacityOutput) { @@ -10031,28 +12241,28 @@ func (c *RDS) ModifyCurrentDBClusterCapacityRequest(input *ModifyCurrentDBCluste // ModifyCurrentDBClusterCapacity API operation for Amazon Relational Database Service. // -// Set the capacity of an Aurora Serverless DB cluster to a specific value. +// Set the capacity of an Aurora Serverless v1 DB cluster to a specific value. // -// Aurora Serverless scales seamlessly based on the workload on the DB cluster. +// Aurora Serverless v1 scales seamlessly based on the workload on the DB cluster. // In some cases, the capacity might not scale fast enough to meet a sudden // change in workload, such as a large number of new transactions. Call ModifyCurrentDBClusterCapacity // to set the capacity explicitly. // -// After this call sets the DB cluster capacity, Aurora Serverless can automatically +// After this call sets the DB cluster capacity, Aurora Serverless v1 can automatically // scale the DB cluster based on the cooldown period for scaling up and the // cooldown period for scaling down. // -// For more information about Aurora Serverless, see Using Amazon Aurora Serverless -// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) +// For more information about Aurora Serverless v1, see Using Amazon Aurora +// Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) // in the Amazon Aurora User Guide. // // If you call ModifyCurrentDBClusterCapacity with the default TimeoutAction, -// connections that prevent Aurora Serverless from finding a scaling point might -// be dropped. For more information about scaling points, see Autoscaling for -// Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.how-it-works.html#aurora-serverless.how-it-works.auto-scaling) +// connections that prevent Aurora Serverless v1 from finding a scaling point +// might be dropped. For more information about scaling points, see Autoscaling +// for Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.how-it-works.html#aurora-serverless.how-it-works.auto-scaling) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// This operation only applies to Aurora Serverless v1 DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10062,15 +12272,16 @@ func (c *RDS) ModifyCurrentDBClusterCapacityRequest(input *ModifyCurrentDBCluste // API operation ModifyCurrentDBClusterCapacity for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBClusterCapacityFault "InvalidDBClusterCapacityFault" -// Capacity isn't a valid Aurora Serverless DB cluster capacity. Valid capacity -// values are 2, 4, 8, 16, 32, 64, 128, and 256. +// - ErrCodeInvalidDBClusterCapacityFault "InvalidDBClusterCapacityFault" +// Capacity isn't a valid Aurora Serverless DB cluster capacity. Valid capacity +// values are 2, 4, 8, 16, 32, 64, 128, and 256. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCurrentDBClusterCapacity func (c *RDS) ModifyCurrentDBClusterCapacity(input *ModifyCurrentDBClusterCapacityInput) (*ModifyCurrentDBClusterCapacityOutput, error) { @@ -10094,6 +12305,99 @@ func (c *RDS) ModifyCurrentDBClusterCapacityWithContext(ctx aws.Context, input * return out, req.Send() } +const opModifyCustomDBEngineVersion = "ModifyCustomDBEngineVersion" + +// ModifyCustomDBEngineVersionRequest generates a "aws/request.Request" representing the +// client's request for the ModifyCustomDBEngineVersion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyCustomDBEngineVersion for more information on using the ModifyCustomDBEngineVersion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyCustomDBEngineVersionRequest method. +// req, resp := client.ModifyCustomDBEngineVersionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCustomDBEngineVersion +func (c *RDS) ModifyCustomDBEngineVersionRequest(input *ModifyCustomDBEngineVersionInput) (req *request.Request, output *ModifyCustomDBEngineVersionOutput) { + op := &request.Operation{ + Name: opModifyCustomDBEngineVersion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyCustomDBEngineVersionInput{} + } + + output = &ModifyCustomDBEngineVersionOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyCustomDBEngineVersion API operation for Amazon Relational Database Service. +// +// Modifies the status of a custom engine version (CEV). You can find CEVs to +// modify by calling DescribeDBEngineVersions. +// +// The MediaImport service that imports files from Amazon S3 to create CEVs +// isn't integrated with Amazon Web Services CloudTrail. If you turn on data +// logging for Amazon RDS in CloudTrail, calls to the ModifyCustomDbEngineVersion +// event aren't logged. However, you might see calls from the API gateway that +// accesses your Amazon S3 bucket. These calls originate from the MediaImport +// service for the ModifyCustomDbEngineVersion event. +// +// For more information, see Modifying CEV status (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.modify) +// in the Amazon RDS User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyCustomDBEngineVersion for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeCustomDBEngineVersionNotFoundFault "CustomDBEngineVersionNotFoundFault" +// The specified CEV was not found. +// +// - ErrCodeInvalidCustomDBEngineVersionStateFault "InvalidCustomDBEngineVersionStateFault" +// You can't delete the CEV. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyCustomDBEngineVersion +func (c *RDS) ModifyCustomDBEngineVersion(input *ModifyCustomDBEngineVersionInput) (*ModifyCustomDBEngineVersionOutput, error) { + req, out := c.ModifyCustomDBEngineVersionRequest(input) + return out, req.Send() +} + +// ModifyCustomDBEngineVersionWithContext is the same as ModifyCustomDBEngineVersion with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyCustomDBEngineVersion for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyCustomDBEngineVersionWithContext(ctx aws.Context, input *ModifyCustomDBEngineVersionInput, opts ...request.Option) (*ModifyCustomDBEngineVersionOutput, error) { + req, out := c.ModifyCustomDBEngineVersionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyDBCluster = "ModifyDBCluster" // ModifyDBClusterRequest generates a "aws/request.Request" representing the @@ -10110,14 +12414,13 @@ const opModifyDBCluster = "ModifyDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBClusterRequest method. +// req, resp := client.ModifyDBClusterRequest(params) // -// // Example sending a request using the ModifyDBClusterRequest method. -// req, resp := client.ModifyDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBCluster func (c *RDS) ModifyDBClusterRequest(input *ModifyDBClusterInput) (req *request.Request, output *ModifyDBClusterOutput) { @@ -10138,13 +12441,17 @@ func (c *RDS) ModifyDBClusterRequest(input *ModifyDBClusterInput) (req *request. // ModifyDBCluster API operation for Amazon Relational Database Service. // -// Modify a setting for an Amazon Aurora DB cluster. You can change one or more -// database configuration parameters by specifying these parameters and the -// new values in the request. For more information on Amazon Aurora, see What -// Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// Modifies the settings of an Amazon Aurora DB cluster or a Multi-AZ DB cluster. +// You can change one or more settings by specifying these parameters and the +// new values in the request. +// +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10154,45 +12461,56 @@ func (c *RDS) ModifyDBClusterRequest(input *ModifyDBClusterInput) (req *request. // API operation ModifyDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" +// The DB subnet group cannot be deleted because it's in use. // -// * ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" -// The DB subnet group cannot be deleted because it's in use. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" +// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter +// group. // -// * ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" -// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter -// group. +// - ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" +// The state of the DB security group doesn't allow deletion. // -// * ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" -// The state of the DB security group doesn't allow deletion. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" +// The user already has a DB cluster with the given identifier. // -// * ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" -// The user already has a DB cluster with the given identifier. +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. +// +// - ErrCodeStorageTypeNotAvailableFault "StorageTypeNotAvailableFault" +// The aurora-iopt1 storage type isn't available, because you modified the DB +// cluster to use this storage type less than one month ago. +// +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBCluster func (c *RDS) ModifyDBCluster(input *ModifyDBClusterInput) (*ModifyDBClusterOutput, error) { @@ -10232,14 +12550,13 @@ const opModifyDBClusterEndpoint = "ModifyDBClusterEndpoint" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBClusterEndpointRequest method. +// req, resp := client.ModifyDBClusterEndpointRequest(params) // -// // Example sending a request using the ModifyDBClusterEndpointRequest method. -// req, resp := client.ModifyDBClusterEndpointRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBClusterEndpoint func (c *RDS) ModifyDBClusterEndpointRequest(input *ModifyDBClusterEndpointInput) (req *request.Request, output *ModifyDBClusterEndpointOutput) { @@ -10262,7 +12579,7 @@ func (c *RDS) ModifyDBClusterEndpointRequest(input *ModifyDBClusterEndpointInput // // Modifies the properties of an endpoint in an Amazon Aurora DB cluster. // -// This action only applies to Aurora DB clusters. +// This operation only applies to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10272,21 +12589,22 @@ func (c *RDS) ModifyDBClusterEndpointRequest(input *ModifyDBClusterEndpointInput // API operation ModifyDBClusterEndpoint for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBClusterEndpointStateFault "InvalidDBClusterEndpointStateFault" -// The requested operation can't be performed on the endpoint while the endpoint -// is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeDBClusterEndpointNotFoundFault "DBClusterEndpointNotFoundFault" -// The specified custom endpoint doesn't exist. +// - ErrCodeInvalidDBClusterEndpointStateFault "InvalidDBClusterEndpointStateFault" +// The requested operation can't be performed on the endpoint while the endpoint +// is in this state. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBClusterEndpointNotFoundFault "DBClusterEndpointNotFoundFault" +// The specified custom endpoint doesn't exist. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBClusterEndpoint func (c *RDS) ModifyDBClusterEndpoint(input *ModifyDBClusterEndpointInput) (*ModifyDBClusterEndpointOutput, error) { @@ -10326,14 +12644,13 @@ const opModifyDBClusterParameterGroup = "ModifyDBClusterParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBClusterParameterGroupRequest method. +// req, resp := client.ModifyDBClusterParameterGroupRequest(params) // -// // Example sending a request using the ModifyDBClusterParameterGroupRequest method. -// req, resp := client.ModifyDBClusterParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBClusterParameterGroup func (c *RDS) ModifyDBClusterParameterGroupRequest(input *ModifyDBClusterParameterGroupInput) (req *request.Request, output *DBClusterParameterGroupNameMessage) { @@ -10358,31 +12675,30 @@ func (c *RDS) ModifyDBClusterParameterGroupRequest(input *ModifyDBClusterParamet // one parameter, submit a list of the following: ParameterName, ParameterValue, // and ApplyMethod. A maximum of 20 parameters can be modified in a single request. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) -// in the Amazon Aurora User Guide. -// -// Changes to dynamic parameters are applied immediately. Changes to static -// parameters require a reboot without failover to the DB cluster associated -// with the parameter group before the change can take effect. -// // After you create a DB cluster parameter group, you should wait at least 5 // minutes before creating your first DB cluster that uses that DB cluster parameter // group as the default parameter group. This allows Amazon RDS to fully complete -// the create action before the parameter group is used as the default for a -// new DB cluster. This is especially important for parameters that are critical +// the create operation before the parameter group is used as the default for +// a new DB cluster. This is especially important for parameters that are critical // when creating the default database for a DB cluster, such as the character // set for the default database defined by the character_set_database parameter. // You can use the Parameter Groups option of the Amazon RDS console (https://console.aws.amazon.com/rds/) -// or the DescribeDBClusterParameters action to verify that your DB cluster +// or the DescribeDBClusterParameters operation to verify that your DB cluster // parameter group has been created or modified. // // If the modified DB cluster parameter group is used by an Aurora Serverless -// cluster, Aurora applies the update immediately. The cluster restart might +// v1 cluster, Aurora applies the update immediately. The cluster restart might // interrupt your workload. In that case, your application must reopen any connections // and retry any transactions that were active when the parameter changes took // effect. // -// This action only applies to Aurora DB clusters. +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// in the Amazon Aurora User Guide. +// +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10392,13 +12708,14 @@ func (c *RDS) ModifyDBClusterParameterGroupRequest(input *ModifyDBClusterParamet // API operation ModifyDBClusterParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" -// The DB parameter group is in use or is in an invalid state. If you are attempting -// to delete the parameter group, you can't delete it when the parameter group -// is in this state. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. +// +// - ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" +// The DB parameter group is in use or is in an invalid state. If you are attempting +// to delete the parameter group, you can't delete it when the parameter group +// is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBClusterParameterGroup func (c *RDS) ModifyDBClusterParameterGroup(input *ModifyDBClusterParameterGroupInput) (*DBClusterParameterGroupNameMessage, error) { @@ -10438,14 +12755,13 @@ const opModifyDBClusterSnapshotAttribute = "ModifyDBClusterSnapshotAttribute" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBClusterSnapshotAttributeRequest method. +// req, resp := client.ModifyDBClusterSnapshotAttributeRequest(params) // -// // Example sending a request using the ModifyDBClusterSnapshotAttributeRequest method. -// req, resp := client.ModifyDBClusterSnapshotAttributeRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBClusterSnapshotAttribute func (c *RDS) ModifyDBClusterSnapshotAttributeRequest(input *ModifyDBClusterSnapshotAttributeInput) (req *request.Request, output *ModifyDBClusterSnapshotAttributeOutput) { @@ -10469,25 +12785,26 @@ func (c *RDS) ModifyDBClusterSnapshotAttributeRequest(input *ModifyDBClusterSnap // Adds an attribute and values to, or removes an attribute and values from, // a manual DB cluster snapshot. // -// To share a manual DB cluster snapshot with other AWS accounts, specify restore -// as the AttributeName and use the ValuesToAdd parameter to add a list of IDs -// of the AWS accounts that are authorized to restore the manual DB cluster -// snapshot. Use the value all to make the manual DB cluster snapshot public, -// which means that it can be copied or restored by all AWS accounts. +// To share a manual DB cluster snapshot with other Amazon Web Services accounts, +// specify restore as the AttributeName and use the ValuesToAdd parameter to +// add a list of IDs of the Amazon Web Services accounts that are authorized +// to restore the manual DB cluster snapshot. Use the value all to make the +// manual DB cluster snapshot public, which means that it can be copied or restored +// by all Amazon Web Services accounts. // // Don't add the all value for any manual DB cluster snapshots that contain -// private information that you don't want available to all AWS accounts. +// private information that you don't want available to all Amazon Web Services +// accounts. // // If a manual DB cluster snapshot is encrypted, it can be shared, but only -// by specifying a list of authorized AWS account IDs for the ValuesToAdd parameter. -// You can't use all as a value for that parameter in this case. -// -// To view which AWS accounts have access to copy or restore a manual DB cluster -// snapshot, or whether a manual DB cluster snapshot is public or private, use -// the DescribeDBClusterSnapshotAttributes API action. The accounts are returned -// as values for the restore attribute. +// by specifying a list of authorized Amazon Web Services account IDs for the +// ValuesToAdd parameter. You can't use all as a value for that parameter in +// this case. // -// This action only applies to Aurora DB clusters. +// To view which Amazon Web Services accounts have access to copy or restore +// a manual DB cluster snapshot, or whether a manual DB cluster snapshot is +// public or private, use the DescribeDBClusterSnapshotAttributes API operation. +// The accounts are returned as values for the restore attribute. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10497,15 +12814,16 @@ func (c *RDS) ModifyDBClusterSnapshotAttributeRequest(input *ModifyDBClusterSnap // API operation ModifyDBClusterSnapshotAttribute for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // -// * ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" -// The supplied value isn't a valid DB cluster snapshot state. +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// +// - ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" +// The supplied value isn't a valid DB cluster snapshot state. // -// * ErrCodeSharedSnapshotQuotaExceededFault "SharedSnapshotQuotaExceeded" -// You have exceeded the maximum number of accounts that you can share a manual -// DB snapshot with. +// - ErrCodeSharedSnapshotQuotaExceededFault "SharedSnapshotQuotaExceeded" +// You have exceeded the maximum number of accounts that you can share a manual +// DB snapshot with. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBClusterSnapshotAttribute func (c *RDS) ModifyDBClusterSnapshotAttribute(input *ModifyDBClusterSnapshotAttributeInput) (*ModifyDBClusterSnapshotAttributeOutput, error) { @@ -10545,14 +12863,13 @@ const opModifyDBInstance = "ModifyDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBInstanceRequest method. +// req, resp := client.ModifyDBInstanceRequest(params) // -// // Example sending a request using the ModifyDBInstanceRequest method. -// req, resp := client.ModifyDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBInstance func (c *RDS) ModifyDBInstanceRequest(input *ModifyDBInstanceInput) (req *request.Request, output *ModifyDBInstanceOutput) { @@ -10586,68 +12903,77 @@ func (c *RDS) ModifyDBInstanceRequest(input *ModifyDBInstanceInput) (req *reques // API operation ModifyDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. // -// * ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" -// The state of the DB security group doesn't allow deletion. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" +// The state of the DB security group doesn't allow deletion. +// +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. // -// * ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" -// The user already has a DB instance with the given identifier. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // -// * ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" -// The specified DB instance class isn't available in the specified Availability -// Zone. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" +// Provisioned IOPS not available in the specified Availability Zone. // -// * ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" -// Provisioned IOPS not available in the specified Availability Zone. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeDBUpgradeDependencyFailureFault "DBUpgradeDependencyFailure" +// The DB upgrade failed because a resource the DB depends on can't be modified. // -// * ErrCodeDBUpgradeDependencyFailureFault "DBUpgradeDependencyFailure" -// The DB upgrade failed because a resource the DB depends on can't be modified. +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. // -// * ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" +// The specified CIDR IP range or Amazon EC2 security group might not be authorized +// for the specified DB security group. // -// * ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" -// The specified CIDR IP range or Amazon EC2 security group might not be authorized -// for the specified DB security group. +// Or, RDS might not be authorized to perform necessary actions using IAM on +// your behalf. // -// Or, RDS might not be authorized to perform necessary actions using IAM on -// your behalf. +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. // -// * ErrCodeCertificateNotFoundFault "CertificateNotFound" -// CertificateIdentifier doesn't refer to an existing certificate. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" // -// * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// +// - ErrCodeTenantDatabaseQuotaExceededFault "TenantDatabaseQuotaExceeded" +// You attempted to create more tenant databases than are permitted in your +// Amazon Web Services account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBInstance func (c *RDS) ModifyDBInstance(input *ModifyDBInstanceInput) (*ModifyDBInstanceOutput, error) { @@ -10687,14 +13013,13 @@ const opModifyDBParameterGroup = "ModifyDBParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBParameterGroupRequest method. +// req, resp := client.ModifyDBParameterGroupRequest(params) // -// // Example sending a request using the ModifyDBParameterGroupRequest method. -// req, resp := client.ModifyDBParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBParameterGroup func (c *RDS) ModifyDBParameterGroupRequest(input *ModifyDBParameterGroupInput) (req *request.Request, output *DBParameterGroupNameMessage) { @@ -10719,15 +13044,11 @@ func (c *RDS) ModifyDBParameterGroupRequest(input *ModifyDBParameterGroupInput) // parameter, submit a list of the following: ParameterName, ParameterValue, // and ApplyMethod. A maximum of 20 parameters can be modified in a single request. // -// Changes to dynamic parameters are applied immediately. Changes to static -// parameters require a reboot without failover to the DB instance associated -// with the parameter group before the change can take effect. -// // After you modify a DB parameter group, you should wait at least 5 minutes // before creating your first DB instance that uses that DB parameter group // as the default parameter group. This allows Amazon RDS to fully complete -// the modify action before the parameter group is used as the default for a -// new DB instance. This is especially important for parameters that are critical +// the modify operation before the parameter group is used as the default for +// a new DB instance. This is especially important for parameters that are critical // when creating the default database for a DB instance, such as the character // set for the default database defined by the character_set_database parameter. // You can use the Parameter Groups option of the Amazon RDS console (https://console.aws.amazon.com/rds/) @@ -10742,13 +13063,14 @@ func (c *RDS) ModifyDBParameterGroupRequest(input *ModifyDBParameterGroupInput) // API operation ModifyDBParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" -// The DB parameter group is in use or is in an invalid state. If you are attempting -// to delete the parameter group, you can't delete it when the parameter group -// is in this state. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. +// +// - ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" +// The DB parameter group is in use or is in an invalid state. If you are attempting +// to delete the parameter group, you can't delete it when the parameter group +// is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBParameterGroup func (c *RDS) ModifyDBParameterGroup(input *ModifyDBParameterGroupInput) (*DBParameterGroupNameMessage, error) { @@ -10788,14 +13110,13 @@ const opModifyDBProxy = "ModifyDBProxy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBProxyRequest method. +// req, resp := client.ModifyDBProxyRequest(params) // -// // Example sending a request using the ModifyDBProxyRequest method. -// req, resp := client.ModifyDBProxyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBProxy func (c *RDS) ModifyDBProxyRequest(input *ModifyDBProxyInput) (req *request.Request, output *ModifyDBProxyOutput) { @@ -10826,16 +13147,17 @@ func (c *RDS) ModifyDBProxyRequest(input *ModifyDBProxyInput) (req *request.Requ // API operation ModifyDBProxy for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. // -// * ErrCodeDBProxyAlreadyExistsFault "DBProxyTargetExistsFault" -// The specified proxy name must be unique for all proxies owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyAlreadyExistsFault "DBProxyAlreadyExistsFault" +// The specified proxy name must be unique for all proxies owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" -// The requested operation can't be performed while the proxy is in this state. +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBProxy func (c *RDS) ModifyDBProxy(input *ModifyDBProxyInput) (*ModifyDBProxyOutput, error) { @@ -10859,6 +13181,97 @@ func (c *RDS) ModifyDBProxyWithContext(ctx aws.Context, input *ModifyDBProxyInpu return out, req.Send() } +const opModifyDBProxyEndpoint = "ModifyDBProxyEndpoint" + +// ModifyDBProxyEndpointRequest generates a "aws/request.Request" representing the +// client's request for the ModifyDBProxyEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyDBProxyEndpoint for more information on using the ModifyDBProxyEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyDBProxyEndpointRequest method. +// req, resp := client.ModifyDBProxyEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBProxyEndpoint +func (c *RDS) ModifyDBProxyEndpointRequest(input *ModifyDBProxyEndpointInput) (req *request.Request, output *ModifyDBProxyEndpointOutput) { + op := &request.Operation{ + Name: opModifyDBProxyEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyDBProxyEndpointInput{} + } + + output = &ModifyDBProxyEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyDBProxyEndpoint API operation for Amazon Relational Database Service. +// +// Changes the settings for an existing DB proxy endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyDBProxyEndpoint for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBProxyEndpointNotFoundFault "DBProxyEndpointNotFoundFault" +// The DB proxy endpoint doesn't exist. +// +// - ErrCodeDBProxyEndpointAlreadyExistsFault "DBProxyEndpointAlreadyExistsFault" +// The specified DB proxy endpoint name must be unique for all DB proxy endpoints +// owned by your Amazon Web Services account in the specified Amazon Web Services +// Region. +// +// - ErrCodeInvalidDBProxyEndpointStateFault "InvalidDBProxyEndpointStateFault" +// You can't perform this operation while the DB proxy endpoint is in a particular +// state. +// +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBProxyEndpoint +func (c *RDS) ModifyDBProxyEndpoint(input *ModifyDBProxyEndpointInput) (*ModifyDBProxyEndpointOutput, error) { + req, out := c.ModifyDBProxyEndpointRequest(input) + return out, req.Send() +} + +// ModifyDBProxyEndpointWithContext is the same as ModifyDBProxyEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyDBProxyEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyDBProxyEndpointWithContext(ctx aws.Context, input *ModifyDBProxyEndpointInput, opts ...request.Option) (*ModifyDBProxyEndpointOutput, error) { + req, out := c.ModifyDBProxyEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyDBProxyTargetGroup = "ModifyDBProxyTargetGroup" // ModifyDBProxyTargetGroupRequest generates a "aws/request.Request" representing the @@ -10875,14 +13288,13 @@ const opModifyDBProxyTargetGroup = "ModifyDBProxyTargetGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBProxyTargetGroupRequest method. +// req, resp := client.ModifyDBProxyTargetGroupRequest(params) // -// // Example sending a request using the ModifyDBProxyTargetGroupRequest method. -// req, resp := client.ModifyDBProxyTargetGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBProxyTargetGroup func (c *RDS) ModifyDBProxyTargetGroupRequest(input *ModifyDBProxyTargetGroupInput) (req *request.Request, output *ModifyDBProxyTargetGroupOutput) { @@ -10913,16 +13325,17 @@ func (c *RDS) ModifyDBProxyTargetGroupRequest(input *ModifyDBProxyTargetGroupInp // API operation ModifyDBProxyTargetGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" -// The requested operation can't be performed while the proxy is in this state. +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBProxyTargetGroup func (c *RDS) ModifyDBProxyTargetGroup(input *ModifyDBProxyTargetGroupInput) (*ModifyDBProxyTargetGroupOutput, error) { @@ -10946,6 +13359,172 @@ func (c *RDS) ModifyDBProxyTargetGroupWithContext(ctx aws.Context, input *Modify return out, req.Send() } +const opModifyDBRecommendation = "ModifyDBRecommendation" + +// ModifyDBRecommendationRequest generates a "aws/request.Request" representing the +// client's request for the ModifyDBRecommendation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyDBRecommendation for more information on using the ModifyDBRecommendation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyDBRecommendationRequest method. +// req, resp := client.ModifyDBRecommendationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBRecommendation +func (c *RDS) ModifyDBRecommendationRequest(input *ModifyDBRecommendationInput) (req *request.Request, output *ModifyDBRecommendationOutput) { + op := &request.Operation{ + Name: opModifyDBRecommendation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyDBRecommendationInput{} + } + + output = &ModifyDBRecommendationOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyDBRecommendation API operation for Amazon Relational Database Service. +// +// Updates the recommendation status and recommended action status for the specified +// recommendation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyDBRecommendation for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBRecommendation +func (c *RDS) ModifyDBRecommendation(input *ModifyDBRecommendationInput) (*ModifyDBRecommendationOutput, error) { + req, out := c.ModifyDBRecommendationRequest(input) + return out, req.Send() +} + +// ModifyDBRecommendationWithContext is the same as ModifyDBRecommendation with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyDBRecommendation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyDBRecommendationWithContext(ctx aws.Context, input *ModifyDBRecommendationInput, opts ...request.Option) (*ModifyDBRecommendationOutput, error) { + req, out := c.ModifyDBRecommendationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyDBShardGroup = "ModifyDBShardGroup" + +// ModifyDBShardGroupRequest generates a "aws/request.Request" representing the +// client's request for the ModifyDBShardGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyDBShardGroup for more information on using the ModifyDBShardGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyDBShardGroupRequest method. +// req, resp := client.ModifyDBShardGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBShardGroup +func (c *RDS) ModifyDBShardGroupRequest(input *ModifyDBShardGroupInput) (req *request.Request, output *ModifyDBShardGroupOutput) { + op := &request.Operation{ + Name: opModifyDBShardGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyDBShardGroupInput{} + } + + output = &ModifyDBShardGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyDBShardGroup API operation for Amazon Relational Database Service. +// +// Modifies the settings of an Aurora Limitless Database DB shard group. You +// can change one or more settings by specifying these parameters and the new +// values in the request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyDBShardGroup for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeDBShardGroupAlreadyExistsFault "DBShardGroupAlreadyExists" +// The specified DB shard group name must be unique in your Amazon Web Services +// account in the specified Amazon Web Services Region. +// +// - ErrCodeDBShardGroupNotFoundFault "DBShardGroupNotFound" +// The specified DB shard group name wasn't found. +// +// - ErrCodeInvalidMaxAcuFault "InvalidMaxAcu" +// The maximum capacity of the DB shard group must be 48-7168 Aurora capacity +// units (ACUs). +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBShardGroup +func (c *RDS) ModifyDBShardGroup(input *ModifyDBShardGroupInput) (*ModifyDBShardGroupOutput, error) { + req, out := c.ModifyDBShardGroupRequest(input) + return out, req.Send() +} + +// ModifyDBShardGroupWithContext is the same as ModifyDBShardGroup with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyDBShardGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyDBShardGroupWithContext(ctx aws.Context, input *ModifyDBShardGroupInput, opts ...request.Option) (*ModifyDBShardGroupOutput, error) { + req, out := c.ModifyDBShardGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyDBSnapshot = "ModifyDBSnapshot" // ModifyDBSnapshotRequest generates a "aws/request.Request" representing the @@ -10962,14 +13541,13 @@ const opModifyDBSnapshot = "ModifyDBSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBSnapshotRequest method. +// req, resp := client.ModifyDBSnapshotRequest(params) // -// // Example sending a request using the ModifyDBSnapshotRequest method. -// req, resp := client.ModifyDBSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBSnapshot func (c *RDS) ModifyDBSnapshotRequest(input *ModifyDBSnapshotInput) (req *request.Request, output *ModifyDBSnapshotOutput) { @@ -10993,7 +13571,8 @@ func (c *RDS) ModifyDBSnapshotRequest(input *ModifyDBSnapshotInput) (req *reques // Updates a manual DB snapshot with a new engine version. The snapshot can // be encrypted or unencrypted, but not shared or public. // -// Amazon RDS supports upgrading DB snapshots for MySQL, Oracle, and PostgreSQL. +// Amazon RDS supports upgrading DB snapshots for MySQL, PostgreSQL, and Oracle. +// This operation doesn't apply to RDS Custom or RDS for Db2. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11003,8 +13582,8 @@ func (c *RDS) ModifyDBSnapshotRequest(input *ModifyDBSnapshotInput) (req *reques // API operation ModifyDBSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBSnapshot func (c *RDS) ModifyDBSnapshot(input *ModifyDBSnapshotInput) (*ModifyDBSnapshotOutput, error) { @@ -11044,14 +13623,13 @@ const opModifyDBSnapshotAttribute = "ModifyDBSnapshotAttribute" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBSnapshotAttributeRequest method. +// req, resp := client.ModifyDBSnapshotAttributeRequest(params) // -// // Example sending a request using the ModifyDBSnapshotAttributeRequest method. -// req, resp := client.ModifyDBSnapshotAttributeRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBSnapshotAttribute func (c *RDS) ModifyDBSnapshotAttributeRequest(input *ModifyDBSnapshotAttributeInput) (req *request.Request, output *ModifyDBSnapshotAttributeOutput) { @@ -11075,22 +13653,24 @@ func (c *RDS) ModifyDBSnapshotAttributeRequest(input *ModifyDBSnapshotAttributeI // Adds an attribute and values to, or removes an attribute and values from, // a manual DB snapshot. // -// To share a manual DB snapshot with other AWS accounts, specify restore as -// the AttributeName and use the ValuesToAdd parameter to add a list of IDs -// of the AWS accounts that are authorized to restore the manual DB snapshot. -// Uses the value all to make the manual DB snapshot public, which means it -// can be copied or restored by all AWS accounts. +// To share a manual DB snapshot with other Amazon Web Services accounts, specify +// restore as the AttributeName and use the ValuesToAdd parameter to add a list +// of IDs of the Amazon Web Services accounts that are authorized to restore +// the manual DB snapshot. Uses the value all to make the manual DB snapshot +// public, which means it can be copied or restored by all Amazon Web Services +// accounts. // // Don't add the all value for any manual DB snapshots that contain private -// information that you don't want available to all AWS accounts. +// information that you don't want available to all Amazon Web Services accounts. // // If the manual DB snapshot is encrypted, it can be shared, but only by specifying -// a list of authorized AWS account IDs for the ValuesToAdd parameter. You can't -// use all as a value for that parameter in this case. +// a list of authorized Amazon Web Services account IDs for the ValuesToAdd +// parameter. You can't use all as a value for that parameter in this case. // -// To view which AWS accounts have access to copy or restore a manual DB snapshot, -// or whether a manual DB snapshot public or private, use the DescribeDBSnapshotAttributes -// API action. The accounts are returned as values for the restore attribute. +// To view which Amazon Web Services accounts have access to copy or restore +// a manual DB snapshot, or whether a manual DB snapshot public or private, +// use the DescribeDBSnapshotAttributes API operation. The accounts are returned +// as values for the restore attribute. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11100,15 +13680,16 @@ func (c *RDS) ModifyDBSnapshotAttributeRequest(input *ModifyDBSnapshotAttributeI // API operation ModifyDBSnapshotAttribute for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // -// * ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" -// The state of the DB snapshot doesn't allow deletion. +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// +// - ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" +// The state of the DB snapshot doesn't allow deletion. // -// * ErrCodeSharedSnapshotQuotaExceededFault "SharedSnapshotQuotaExceeded" -// You have exceeded the maximum number of accounts that you can share a manual -// DB snapshot with. +// - ErrCodeSharedSnapshotQuotaExceededFault "SharedSnapshotQuotaExceeded" +// You have exceeded the maximum number of accounts that you can share a manual +// DB snapshot with. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBSnapshotAttribute func (c *RDS) ModifyDBSnapshotAttribute(input *ModifyDBSnapshotAttributeInput) (*ModifyDBSnapshotAttributeOutput, error) { @@ -11148,14 +13729,13 @@ const opModifyDBSubnetGroup = "ModifyDBSubnetGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyDBSubnetGroupRequest method. +// req, resp := client.ModifyDBSubnetGroupRequest(params) // -// // Example sending a request using the ModifyDBSubnetGroupRequest method. -// req, resp := client.ModifyDBSubnetGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBSubnetGroup func (c *RDS) ModifyDBSubnetGroupRequest(input *ModifyDBSubnetGroupInput) (req *request.Request, output *ModifyDBSubnetGroupOutput) { @@ -11177,7 +13757,7 @@ func (c *RDS) ModifyDBSubnetGroupRequest(input *ModifyDBSubnetGroupInput) (req * // ModifyDBSubnetGroup API operation for Amazon Relational Database Service. // // Modifies an existing DB subnet group. DB subnet groups must contain at least -// one subnet in at least two AZs in the AWS Region. +// one subnet in at least two AZs in the Amazon Web Services Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11187,23 +13767,24 @@ func (c *RDS) ModifyDBSubnetGroupRequest(input *ModifyDBSubnetGroupInput) (req * // API operation ModifyDBSubnetGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeDBSubnetQuotaExceededFault "DBSubnetQuotaExceededFault" -// The request would result in the user exceeding the allowed number of subnets -// in a DB subnet groups. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// +// - ErrCodeDBSubnetQuotaExceededFault "DBSubnetQuotaExceededFault" +// The request would result in the user exceeding the allowed number of subnets +// in a DB subnet groups. // -// * ErrCodeSubnetAlreadyInUse "SubnetAlreadyInUse" -// The DB subnet is already in use in the Availability Zone. +// - ErrCodeSubnetAlreadyInUse "SubnetAlreadyInUse" +// The DB subnet is already in use in the Availability Zone. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBSubnetGroup func (c *RDS) ModifyDBSubnetGroup(input *ModifyDBSubnetGroupInput) (*ModifyDBSubnetGroupOutput, error) { @@ -11243,14 +13824,13 @@ const opModifyEventSubscription = "ModifyEventSubscription" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyEventSubscriptionRequest method. +// req, resp := client.ModifyEventSubscriptionRequest(params) // -// // Example sending a request using the ModifyEventSubscriptionRequest method. -// req, resp := client.ModifyEventSubscriptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyEventSubscription func (c *RDS) ModifyEventSubscriptionRequest(input *ModifyEventSubscriptionInput) (req *request.Request, output *ModifyEventSubscriptionOutput) { @@ -11288,23 +13868,24 @@ func (c *RDS) ModifyEventSubscriptionRequest(input *ModifyEventSubscriptionInput // API operation ModifyEventSubscription for usage and error information. // // Returned Error Codes: -// * ErrCodeEventSubscriptionQuotaExceededFault "EventSubscriptionQuotaExceeded" -// You have reached the maximum number of event subscriptions. // -// * ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" -// The subscription name does not exist. +// - ErrCodeEventSubscriptionQuotaExceededFault "EventSubscriptionQuotaExceeded" +// You have reached the maximum number of event subscriptions. +// +// - ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" +// The subscription name does not exist. // -// * ErrCodeSNSInvalidTopicFault "SNSInvalidTopic" -// SNS has responded that there is a problem with the SND topic specified. +// - ErrCodeSNSInvalidTopicFault "SNSInvalidTopic" +// SNS has responded that there is a problem with the SNS topic specified. // -// * ErrCodeSNSNoAuthorizationFault "SNSNoAuthorization" -// You do not have permission to publish to the SNS topic ARN. +// - ErrCodeSNSNoAuthorizationFault "SNSNoAuthorization" +// You do not have permission to publish to the SNS topic ARN. // -// * ErrCodeSNSTopicArnNotFoundFault "SNSTopicArnNotFound" -// The SNS topic ARN does not exist. +// - ErrCodeSNSTopicArnNotFoundFault "SNSTopicArnNotFound" +// The SNS topic ARN does not exist. // -// * ErrCodeSubscriptionCategoryNotFoundFault "SubscriptionCategoryNotFound" -// The supplied category does not exist. +// - ErrCodeSubscriptionCategoryNotFoundFault "SubscriptionCategoryNotFound" +// The supplied category does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyEventSubscription func (c *RDS) ModifyEventSubscription(input *ModifyEventSubscriptionInput) (*ModifyEventSubscriptionOutput, error) { @@ -11344,14 +13925,13 @@ const opModifyGlobalCluster = "ModifyGlobalCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyGlobalClusterRequest method. +// req, resp := client.ModifyGlobalClusterRequest(params) // -// // Example sending a request using the ModifyGlobalClusterRequest method. -// req, resp := client.ModifyGlobalClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyGlobalCluster func (c *RDS) ModifyGlobalClusterRequest(input *ModifyGlobalClusterInput) (req *request.Request, output *ModifyGlobalClusterOutput) { @@ -11372,13 +13952,13 @@ func (c *RDS) ModifyGlobalClusterRequest(input *ModifyGlobalClusterInput) (req * // ModifyGlobalCluster API operation for Amazon Relational Database Service. // -// Modify a setting for an Amazon Aurora global cluster. You can change one -// or more database configuration parameters by specifying these parameters -// and the new values in the request. For more information on Amazon Aurora, -// see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// Modifies a setting for an Amazon Aurora global database cluster. You can +// change one or more database configuration parameters by specifying these +// parameters and the new values in the request. For more information on Amazon +// Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// This operation only applies to Aurora global database clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11388,9 +13968,20 @@ func (c *RDS) ModifyGlobalClusterRequest(input *ModifyGlobalClusterInput) (req * // API operation ModifyGlobalCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" // -// * ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// - ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// The GlobalClusterIdentifier doesn't refer to an existing global database +// cluster. +// +// - ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// The global cluster is in an invalid state and can't perform the requested +// operation. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyGlobalCluster func (c *RDS) ModifyGlobalCluster(input *ModifyGlobalClusterInput) (*ModifyGlobalClusterOutput, error) { @@ -11414,6 +14005,98 @@ func (c *RDS) ModifyGlobalClusterWithContext(ctx aws.Context, input *ModifyGloba return out, req.Send() } +const opModifyIntegration = "ModifyIntegration" + +// ModifyIntegrationRequest generates a "aws/request.Request" representing the +// client's request for the ModifyIntegration operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyIntegration for more information on using the ModifyIntegration +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyIntegrationRequest method. +// req, resp := client.ModifyIntegrationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyIntegration +func (c *RDS) ModifyIntegrationRequest(input *ModifyIntegrationInput) (req *request.Request, output *ModifyIntegrationOutput) { + op := &request.Operation{ + Name: opModifyIntegration, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyIntegrationInput{} + } + + output = &ModifyIntegrationOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyIntegration API operation for Amazon Relational Database Service. +// +// Modifies a zero-ETL integration with Amazon Redshift. +// +// Currently, you can only modify integrations that have Aurora MySQL source +// DB clusters. Integrations with Aurora PostgreSQL and RDS sources currently +// don't support modifying the integration. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyIntegration for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeIntegrationNotFoundFault "IntegrationNotFoundFault" +// The specified integration could not be found. +// +// - ErrCodeInvalidIntegrationStateFault "InvalidIntegrationStateFault" +// The integration is in an invalid state and can't perform the requested operation. +// +// - ErrCodeIntegrationConflictOperationFault "IntegrationConflictOperationFault" +// A conflicting conditional operation is currently in progress against this +// resource. Typically occurs when there are multiple requests being made to +// the same resource at the same time, and these requests conflict with each +// other. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyIntegration +func (c *RDS) ModifyIntegration(input *ModifyIntegrationInput) (*ModifyIntegrationOutput, error) { + req, out := c.ModifyIntegrationRequest(input) + return out, req.Send() +} + +// ModifyIntegrationWithContext is the same as ModifyIntegration with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyIntegration for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyIntegrationWithContext(ctx aws.Context, input *ModifyIntegrationInput, opts ...request.Option) (*ModifyIntegrationOutput, error) { + req, out := c.ModifyIntegrationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyOptionGroup = "ModifyOptionGroup" // ModifyOptionGroupRequest generates a "aws/request.Request" representing the @@ -11430,14 +14113,13 @@ const opModifyOptionGroup = "ModifyOptionGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ModifyOptionGroupRequest method. +// req, resp := client.ModifyOptionGroupRequest(params) // -// // Example sending a request using the ModifyOptionGroupRequest method. -// req, resp := client.ModifyOptionGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyOptionGroup func (c *RDS) ModifyOptionGroupRequest(input *ModifyOptionGroupInput) (req *request.Request, output *ModifyOptionGroupOutput) { @@ -11468,11 +14150,12 @@ func (c *RDS) ModifyOptionGroupRequest(input *ModifyOptionGroupInput) (req *requ // API operation ModifyOptionGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidOptionGroupStateFault "InvalidOptionGroupStateFault" -// The option group isn't in the available state. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeInvalidOptionGroupStateFault "InvalidOptionGroupStateFault" +// The option group isn't in the available state. +// +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyOptionGroup func (c *RDS) ModifyOptionGroup(input *ModifyOptionGroupInput) (*ModifyOptionGroupOutput, error) { @@ -11496,6 +14179,97 @@ func (c *RDS) ModifyOptionGroupWithContext(ctx aws.Context, input *ModifyOptionG return out, req.Send() } +const opModifyTenantDatabase = "ModifyTenantDatabase" + +// ModifyTenantDatabaseRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTenantDatabase operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyTenantDatabase for more information on using the ModifyTenantDatabase +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyTenantDatabaseRequest method. +// req, resp := client.ModifyTenantDatabaseRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyTenantDatabase +func (c *RDS) ModifyTenantDatabaseRequest(input *ModifyTenantDatabaseInput) (req *request.Request, output *ModifyTenantDatabaseOutput) { + op := &request.Operation{ + Name: opModifyTenantDatabase, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyTenantDatabaseInput{} + } + + output = &ModifyTenantDatabaseOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyTenantDatabase API operation for Amazon Relational Database Service. +// +// Modifies an existing tenant database in a DB instance. You can change the +// tenant database name or the master user password. This operation is supported +// only for RDS for Oracle CDB instances using the multi-tenant configuration. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation ModifyTenantDatabase for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeTenantDatabaseNotFoundFault "TenantDatabaseNotFound" +// The specified tenant database wasn't found in the DB instance. +// +// - ErrCodeTenantDatabaseAlreadyExistsFault "TenantDatabaseAlreadyExists" +// You attempted to either create a tenant database that already exists or modify +// a tenant database to use the name of an existing tenant database. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyTenantDatabase +func (c *RDS) ModifyTenantDatabase(input *ModifyTenantDatabaseInput) (*ModifyTenantDatabaseOutput, error) { + req, out := c.ModifyTenantDatabaseRequest(input) + return out, req.Send() +} + +// ModifyTenantDatabaseWithContext is the same as ModifyTenantDatabase with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyTenantDatabase for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) ModifyTenantDatabaseWithContext(ctx aws.Context, input *ModifyTenantDatabaseInput, opts ...request.Option) (*ModifyTenantDatabaseOutput, error) { + req, out := c.ModifyTenantDatabaseRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opPromoteReadReplica = "PromoteReadReplica" // PromoteReadReplicaRequest generates a "aws/request.Request" representing the @@ -11512,14 +14286,13 @@ const opPromoteReadReplica = "PromoteReadReplica" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PromoteReadReplicaRequest method. +// req, resp := client.PromoteReadReplicaRequest(params) // -// // Example sending a request using the PromoteReadReplicaRequest method. -// req, resp := client.PromoteReadReplicaRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PromoteReadReplica func (c *RDS) PromoteReadReplicaRequest(input *PromoteReadReplicaInput) (req *request.Request, output *PromoteReadReplicaOutput) { @@ -11542,16 +14315,17 @@ func (c *RDS) PromoteReadReplicaRequest(input *PromoteReadReplicaInput) (req *re // // Promotes a read replica DB instance to a standalone DB instance. // -// * Backup duration is a function of the amount of changes to the database -// since the previous backup. If you plan to promote a read replica to a -// standalone instance, we recommend that you enable backups and complete -// at least one backup prior to promotion. In addition, a read replica cannot -// be promoted to a standalone instance when it is in the backing-up status. -// If you have enabled backups on your read replica, configure the automated -// backup window so that daily backups do not interfere with read replica -// promotion. +// - Backup duration is a function of the amount of changes to the database +// since the previous backup. If you plan to promote a read replica to a +// standalone instance, we recommend that you enable backups and complete +// at least one backup prior to promotion. In addition, a read replica cannot +// be promoted to a standalone instance when it is in the backing-up status. +// If you have enabled backups on your read replica, configure the automated +// backup window so that daily backups do not interfere with read replica +// promotion. // -// * This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. +// - This command doesn't apply to Aurora MySQL, Aurora PostgreSQL, or RDS +// Custom. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11561,11 +14335,12 @@ func (c *RDS) PromoteReadReplicaRequest(input *PromoteReadReplicaInput) (req *re // API operation PromoteReadReplica for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PromoteReadReplica func (c *RDS) PromoteReadReplica(input *PromoteReadReplicaInput) (*PromoteReadReplicaOutput, error) { @@ -11605,14 +14380,13 @@ const opPromoteReadReplicaDBCluster = "PromoteReadReplicaDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PromoteReadReplicaDBClusterRequest method. +// req, resp := client.PromoteReadReplicaDBClusterRequest(params) // -// // Example sending a request using the PromoteReadReplicaDBClusterRequest method. -// req, resp := client.PromoteReadReplicaDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PromoteReadReplicaDBCluster func (c *RDS) PromoteReadReplicaDBClusterRequest(input *PromoteReadReplicaDBClusterInput) (req *request.Request, output *PromoteReadReplicaDBClusterOutput) { @@ -11635,8 +14409,6 @@ func (c *RDS) PromoteReadReplicaDBClusterRequest(input *PromoteReadReplicaDBClus // // Promotes a read replica DB cluster to a standalone DB cluster. // -// This action only applies to Aurora DB clusters. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -11645,11 +14417,12 @@ func (c *RDS) PromoteReadReplicaDBClusterRequest(input *PromoteReadReplicaDBClus // API operation PromoteReadReplicaDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PromoteReadReplicaDBCluster func (c *RDS) PromoteReadReplicaDBCluster(input *PromoteReadReplicaDBClusterInput) (*PromoteReadReplicaDBClusterOutput, error) { @@ -11689,14 +14462,13 @@ const opPurchaseReservedDBInstancesOffering = "PurchaseReservedDBInstancesOfferi // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PurchaseReservedDBInstancesOfferingRequest method. +// req, resp := client.PurchaseReservedDBInstancesOfferingRequest(params) // -// // Example sending a request using the PurchaseReservedDBInstancesOfferingRequest method. -// req, resp := client.PurchaseReservedDBInstancesOfferingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PurchaseReservedDBInstancesOffering func (c *RDS) PurchaseReservedDBInstancesOfferingRequest(input *PurchaseReservedDBInstancesOfferingInput) (req *request.Request, output *PurchaseReservedDBInstancesOfferingOutput) { @@ -11727,14 +14499,15 @@ func (c *RDS) PurchaseReservedDBInstancesOfferingRequest(input *PurchaseReserved // API operation PurchaseReservedDBInstancesOffering for usage and error information. // // Returned Error Codes: -// * ErrCodeReservedDBInstancesOfferingNotFoundFault "ReservedDBInstancesOfferingNotFound" -// Specified offering does not exist. // -// * ErrCodeReservedDBInstanceAlreadyExistsFault "ReservedDBInstanceAlreadyExists" -// User already has a reservation with the given identifier. +// - ErrCodeReservedDBInstancesOfferingNotFoundFault "ReservedDBInstancesOfferingNotFound" +// Specified offering does not exist. // -// * ErrCodeReservedDBInstanceQuotaExceededFault "ReservedDBInstanceQuotaExceeded" -// Request would exceed the user's DB Instance quota. +// - ErrCodeReservedDBInstanceAlreadyExistsFault "ReservedDBInstanceAlreadyExists" +// User already has a reservation with the given identifier. +// +// - ErrCodeReservedDBInstanceQuotaExceededFault "ReservedDBInstanceQuotaExceeded" +// Request would exceed the user's DB Instance quota. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PurchaseReservedDBInstancesOffering func (c *RDS) PurchaseReservedDBInstancesOffering(input *PurchaseReservedDBInstancesOfferingInput) (*PurchaseReservedDBInstancesOfferingOutput, error) { @@ -11758,6 +14531,104 @@ func (c *RDS) PurchaseReservedDBInstancesOfferingWithContext(ctx aws.Context, in return out, req.Send() } +const opRebootDBCluster = "RebootDBCluster" + +// RebootDBClusterRequest generates a "aws/request.Request" representing the +// client's request for the RebootDBCluster operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RebootDBCluster for more information on using the RebootDBCluster +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RebootDBClusterRequest method. +// req, resp := client.RebootDBClusterRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBCluster +func (c *RDS) RebootDBClusterRequest(input *RebootDBClusterInput) (req *request.Request, output *RebootDBClusterOutput) { + op := &request.Operation{ + Name: opRebootDBCluster, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RebootDBClusterInput{} + } + + output = &RebootDBClusterOutput{} + req = c.newRequest(op, input, output) + return +} + +// RebootDBCluster API operation for Amazon Relational Database Service. +// +// You might need to reboot your DB cluster, usually for maintenance reasons. +// For example, if you make certain modifications, or if you change the DB cluster +// parameter group associated with the DB cluster, reboot the DB cluster for +// the changes to take effect. +// +// Rebooting a DB cluster restarts the database engine service. Rebooting a +// DB cluster results in a momentary outage, during which the DB cluster status +// is set to rebooting. +// +// Use this operation only for a non-Aurora Multi-AZ DB cluster. +// +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation RebootDBCluster for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBCluster +func (c *RDS) RebootDBCluster(input *RebootDBClusterInput) (*RebootDBClusterOutput, error) { + req, out := c.RebootDBClusterRequest(input) + return out, req.Send() +} + +// RebootDBClusterWithContext is the same as RebootDBCluster with the addition of +// the ability to pass a context and additional request options. +// +// See RebootDBCluster for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) RebootDBClusterWithContext(ctx aws.Context, input *RebootDBClusterInput, opts ...request.Option) (*RebootDBClusterOutput, error) { + req, out := c.RebootDBClusterRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRebootDBInstance = "RebootDBInstance" // RebootDBInstanceRequest generates a "aws/request.Request" representing the @@ -11774,14 +14645,13 @@ const opRebootDBInstance = "RebootDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RebootDBInstanceRequest method. +// req, resp := client.RebootDBInstanceRequest(params) // -// // Example sending a request using the RebootDBInstanceRequest method. -// req, resp := client.RebootDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBInstance func (c *RDS) RebootDBInstanceRequest(input *RebootDBInstanceInput) (req *request.Request, output *RebootDBInstanceOutput) { @@ -11814,6 +14684,11 @@ func (c *RDS) RebootDBInstanceRequest(input *RebootDBInstanceInput) (req *reques // For more information about rebooting, see Rebooting a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RebootInstance.html) // in the Amazon RDS User Guide. // +// This command doesn't apply to RDS Custom. +// +// If your DB instance is part of a Multi-AZ DB cluster, you can reboot the +// DB cluster with the RebootDBCluster operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -11822,11 +14697,12 @@ func (c *RDS) RebootDBInstanceRequest(input *RebootDBInstanceInput) (req *reques // API operation RebootDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBInstance func (c *RDS) RebootDBInstance(input *RebootDBInstanceInput) (*RebootDBInstanceOutput, error) { @@ -11850,6 +14726,92 @@ func (c *RDS) RebootDBInstanceWithContext(ctx aws.Context, input *RebootDBInstan return out, req.Send() } +const opRebootDBShardGroup = "RebootDBShardGroup" + +// RebootDBShardGroupRequest generates a "aws/request.Request" representing the +// client's request for the RebootDBShardGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RebootDBShardGroup for more information on using the RebootDBShardGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RebootDBShardGroupRequest method. +// req, resp := client.RebootDBShardGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBShardGroup +func (c *RDS) RebootDBShardGroupRequest(input *RebootDBShardGroupInput) (req *request.Request, output *RebootDBShardGroupOutput) { + op := &request.Operation{ + Name: opRebootDBShardGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RebootDBShardGroupInput{} + } + + output = &RebootDBShardGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// RebootDBShardGroup API operation for Amazon Relational Database Service. +// +// You might need to reboot your DB shard group, usually for maintenance reasons. +// For example, if you make certain modifications, reboot the DB shard group +// for the changes to take effect. +// +// This operation applies only to Aurora Limitless Database DBb shard groups. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation RebootDBShardGroup for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBShardGroupNotFoundFault "DBShardGroupNotFound" +// The specified DB shard group name wasn't found. +// +// - ErrCodeInvalidDBShardGroupStateFault "InvalidDBShardGroupState" +// The DB shard group must be in the available state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBShardGroup +func (c *RDS) RebootDBShardGroup(input *RebootDBShardGroupInput) (*RebootDBShardGroupOutput, error) { + req, out := c.RebootDBShardGroupRequest(input) + return out, req.Send() +} + +// RebootDBShardGroupWithContext is the same as RebootDBShardGroup with the addition of +// the ability to pass a context and additional request options. +// +// See RebootDBShardGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) RebootDBShardGroupWithContext(ctx aws.Context, input *RebootDBShardGroupInput, opts ...request.Option) (*RebootDBShardGroupOutput, error) { + req, out := c.RebootDBShardGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRegisterDBProxyTargets = "RegisterDBProxyTargets" // RegisterDBProxyTargetsRequest generates a "aws/request.Request" representing the @@ -11866,14 +14828,13 @@ const opRegisterDBProxyTargets = "RegisterDBProxyTargets" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RegisterDBProxyTargetsRequest method. +// req, resp := client.RegisterDBProxyTargetsRequest(params) // -// // Example sending a request using the RegisterDBProxyTargetsRequest method. -// req, resp := client.RegisterDBProxyTargetsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RegisterDBProxyTargets func (c *RDS) RegisterDBProxyTargetsRequest(input *RegisterDBProxyTargetsInput) (req *request.Request, output *RegisterDBProxyTargetsOutput) { @@ -11904,37 +14865,38 @@ func (c *RDS) RegisterDBProxyTargetsRequest(input *RegisterDBProxyTargetsInput) // API operation RegisterDBProxyTargets for usage and error information. // // Returned Error Codes: -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBProxyTargetAlreadyRegisteredFault "DBProxyTargetAlreadyRegisteredFault" -// The proxy is already associated with the specified RDS DB instance or Aurora -// DB cluster. +// - ErrCodeDBProxyTargetAlreadyRegisteredFault "DBProxyTargetAlreadyRegisteredFault" +// The proxy is already associated with the specified RDS DB instance or Aurora +// DB cluster. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" -// The requested operation can't be performed while the proxy is in this state. +// - ErrCodeInvalidDBProxyStateFault "InvalidDBProxyStateFault" +// The requested operation can't be performed while the proxy is in this state. // -// * ErrCodeInsufficientAvailableIPsInSubnetFault "InsufficientAvailableIPsInSubnetFault" -// The requested operation can't be performed because there aren't enough available -// IP addresses in the proxy's subnets. Add more CIDR blocks to the VPC or remove -// IP address that aren't required from the subnets. +// - ErrCodeInsufficientAvailableIPsInSubnetFault "InsufficientAvailableIPsInSubnetFault" +// The requested operation can't be performed because there aren't enough available +// IP addresses in the proxy's subnets. Add more CIDR blocks to the VPC or remove +// IP address that aren't required from the subnets. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RegisterDBProxyTargets func (c *RDS) RegisterDBProxyTargets(input *RegisterDBProxyTargetsInput) (*RegisterDBProxyTargetsOutput, error) { @@ -11974,14 +14936,13 @@ const opRemoveFromGlobalCluster = "RemoveFromGlobalCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RemoveFromGlobalClusterRequest method. +// req, resp := client.RemoveFromGlobalClusterRequest(params) // -// // Example sending a request using the RemoveFromGlobalClusterRequest method. -// req, resp := client.RemoveFromGlobalClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveFromGlobalCluster func (c *RDS) RemoveFromGlobalClusterRequest(input *RemoveFromGlobalClusterInput) (req *request.Request, output *RemoveFromGlobalClusterOutput) { @@ -12005,9 +14966,9 @@ func (c *RDS) RemoveFromGlobalClusterRequest(input *RemoveFromGlobalClusterInput // Detaches an Aurora secondary cluster from an Aurora global database cluster. // The cluster becomes a standalone cluster with read-write capability instead // of being read-only and receiving data from a primary cluster in a different -// region. +// Region. // -// This action only applies to Aurora DB clusters. +// This operation only applies to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12017,12 +14978,17 @@ func (c *RDS) RemoveFromGlobalClusterRequest(input *RemoveFromGlobalClusterInput // API operation RemoveFromGlobalCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" // -// * ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// - ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// The GlobalClusterIdentifier doesn't refer to an existing global database +// cluster. +// +// - ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// The global cluster is in an invalid state and can't perform the requested +// operation. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveFromGlobalCluster func (c *RDS) RemoveFromGlobalCluster(input *RemoveFromGlobalClusterInput) (*RemoveFromGlobalClusterOutput, error) { @@ -12062,14 +15028,13 @@ const opRemoveRoleFromDBCluster = "RemoveRoleFromDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RemoveRoleFromDBClusterRequest method. +// req, resp := client.RemoveRoleFromDBClusterRequest(params) // -// // Example sending a request using the RemoveRoleFromDBClusterRequest method. -// req, resp := client.RemoveRoleFromDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveRoleFromDBCluster func (c *RDS) RemoveRoleFromDBClusterRequest(input *RemoveRoleFromDBClusterInput) (req *request.Request, output *RemoveRoleFromDBClusterOutput) { @@ -12091,12 +15056,16 @@ func (c *RDS) RemoveRoleFromDBClusterRequest(input *RemoveRoleFromDBClusterInput // RemoveRoleFromDBCluster API operation for Amazon Relational Database Service. // -// Disassociates an AWS Identity and Access Management (IAM) role from an Amazon -// Aurora DB cluster. For more information, see Authorizing Amazon Aurora MySQL -// to Access Other AWS Services on Your Behalf (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.html) +// Removes the asssociation of an Amazon Web Services Identity and Access Management +// (IAM) role from a DB cluster. +// +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12106,15 +15075,16 @@ func (c *RDS) RemoveRoleFromDBClusterRequest(input *RemoveRoleFromDBClusterInput // API operation RemoveRoleFromDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBClusterRoleNotFoundFault "DBClusterRoleNotFound" -// The specified IAM role Amazon Resource Name (ARN) isn't associated with the -// specified DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBClusterRoleNotFoundFault "DBClusterRoleNotFound" +// The specified IAM role Amazon Resource Name (ARN) isn't associated with the +// specified DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveRoleFromDBCluster func (c *RDS) RemoveRoleFromDBCluster(input *RemoveRoleFromDBClusterInput) (*RemoveRoleFromDBClusterOutput, error) { @@ -12154,14 +15124,13 @@ const opRemoveRoleFromDBInstance = "RemoveRoleFromDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RemoveRoleFromDBInstanceRequest method. +// req, resp := client.RemoveRoleFromDBInstanceRequest(params) // -// // Example sending a request using the RemoveRoleFromDBInstanceRequest method. -// req, resp := client.RemoveRoleFromDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveRoleFromDBInstance func (c *RDS) RemoveRoleFromDBInstanceRequest(input *RemoveRoleFromDBInstanceInput) (req *request.Request, output *RemoveRoleFromDBInstanceOutput) { @@ -12183,8 +15152,8 @@ func (c *RDS) RemoveRoleFromDBInstanceRequest(input *RemoveRoleFromDBInstanceInp // RemoveRoleFromDBInstance API operation for Amazon Relational Database Service. // -// Disassociates an AWS Identity and Access Management (IAM) role from a DB -// instance. +// Disassociates an Amazon Web Services Identity and Access Management (IAM) +// role from a DB instance. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12194,15 +15163,16 @@ func (c *RDS) RemoveRoleFromDBInstanceRequest(input *RemoveRoleFromDBInstanceInp // API operation RemoveRoleFromDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBInstanceRoleNotFoundFault "DBInstanceRoleNotFound" -// The specified RoleArn value doesn't match the specified feature for the DB -// instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeDBInstanceRoleNotFoundFault "DBInstanceRoleNotFound" +// The specified RoleArn value doesn't match the specified feature for the DB +// instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveRoleFromDBInstance func (c *RDS) RemoveRoleFromDBInstance(input *RemoveRoleFromDBInstanceInput) (*RemoveRoleFromDBInstanceOutput, error) { @@ -12242,14 +15212,13 @@ const opRemoveSourceIdentifierFromSubscription = "RemoveSourceIdentifierFromSubs // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RemoveSourceIdentifierFromSubscriptionRequest method. +// req, resp := client.RemoveSourceIdentifierFromSubscriptionRequest(params) // -// // Example sending a request using the RemoveSourceIdentifierFromSubscriptionRequest method. -// req, resp := client.RemoveSourceIdentifierFromSubscriptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveSourceIdentifierFromSubscription func (c *RDS) RemoveSourceIdentifierFromSubscriptionRequest(input *RemoveSourceIdentifierFromSubscriptionInput) (req *request.Request, output *RemoveSourceIdentifierFromSubscriptionOutput) { @@ -12280,11 +15249,12 @@ func (c *RDS) RemoveSourceIdentifierFromSubscriptionRequest(input *RemoveSourceI // API operation RemoveSourceIdentifierFromSubscription for usage and error information. // // Returned Error Codes: -// * ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" -// The subscription name does not exist. // -// * ErrCodeSourceNotFoundFault "SourceNotFound" -// The requested source could not be found. +// - ErrCodeSubscriptionNotFoundFault "SubscriptionNotFound" +// The subscription name does not exist. +// +// - ErrCodeSourceNotFoundFault "SourceNotFound" +// The requested source could not be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveSourceIdentifierFromSubscription func (c *RDS) RemoveSourceIdentifierFromSubscription(input *RemoveSourceIdentifierFromSubscriptionInput) (*RemoveSourceIdentifierFromSubscriptionOutput, error) { @@ -12324,14 +15294,13 @@ const opRemoveTagsFromResource = "RemoveTagsFromResource" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RemoveTagsFromResourceRequest method. +// req, resp := client.RemoveTagsFromResourceRequest(params) // -// // Example sending a request using the RemoveTagsFromResourceRequest method. -// req, resp := client.RemoveTagsFromResourceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveTagsFromResource func (c *RDS) RemoveTagsFromResourceRequest(input *RemoveTagsFromResourceInput) (req *request.Request, output *RemoveTagsFromResourceOutput) { @@ -12367,22 +15336,35 @@ func (c *RDS) RemoveTagsFromResourceRequest(input *RemoveTagsFromResourceInput) // API operation RemoveTagsFromResource for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" +// The specified proxy name doesn't correspond to a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. +// +// - ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" +// The specified target group isn't available for a proxy owned by your Amazon +// Web Services account in the specified Amazon Web Services Region. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeBlueGreenDeploymentNotFoundFault "BlueGreenDeploymentNotFoundFault" +// BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment. // -// * ErrCodeDBProxyNotFoundFault "DBProxyNotFoundFault" -// The specified proxy name doesn't correspond to a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeIntegrationNotFoundFault "IntegrationNotFoundFault" +// The specified integration could not be found. // -// * ErrCodeDBProxyTargetGroupNotFoundFault "DBProxyTargetGroupNotFoundFault" -// The specified target group isn't available for a proxy owned by your AWS -// account in the specified AWS Region. +// - ErrCodeTenantDatabaseNotFoundFault "TenantDatabaseNotFound" +// The specified tenant database wasn't found in the DB instance. +// +// - ErrCodeDBSnapshotTenantDatabaseNotFoundFault "DBSnapshotTenantDatabaseNotFoundFault" +// The specified snapshot tenant database wasn't found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RemoveTagsFromResource func (c *RDS) RemoveTagsFromResource(input *RemoveTagsFromResourceInput) (*RemoveTagsFromResourceOutput, error) { @@ -12422,14 +15404,13 @@ const opResetDBClusterParameterGroup = "ResetDBClusterParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ResetDBClusterParameterGroupRequest method. +// req, resp := client.ResetDBClusterParameterGroupRequest(params) // -// // Example sending a request using the ResetDBClusterParameterGroupRequest method. -// req, resp := client.ResetDBClusterParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ResetDBClusterParameterGroup func (c *RDS) ResetDBClusterParameterGroupRequest(input *ResetDBClusterParameterGroupInput) (req *request.Request, output *DBClusterParameterGroupNameMessage) { @@ -12461,10 +15442,13 @@ func (c *RDS) ResetDBClusterParameterGroupRequest(input *ResetDBClusterParameter // for every DB instance in your DB cluster that you want the updated static // parameter to apply to. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12474,13 +15458,14 @@ func (c *RDS) ResetDBClusterParameterGroupRequest(input *ResetDBClusterParameter // API operation ResetDBClusterParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" -// The DB parameter group is in use or is in an invalid state. If you are attempting -// to delete the parameter group, you can't delete it when the parameter group -// is in this state. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" +// The DB parameter group is in use or is in an invalid state. If you are attempting +// to delete the parameter group, you can't delete it when the parameter group +// is in this state. +// +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ResetDBClusterParameterGroup func (c *RDS) ResetDBClusterParameterGroup(input *ResetDBClusterParameterGroupInput) (*DBClusterParameterGroupNameMessage, error) { @@ -12520,14 +15505,13 @@ const opResetDBParameterGroup = "ResetDBParameterGroup" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ResetDBParameterGroupRequest method. +// req, resp := client.ResetDBParameterGroupRequest(params) // -// // Example sending a request using the ResetDBParameterGroupRequest method. -// req, resp := client.ResetDBParameterGroupRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ResetDBParameterGroup func (c *RDS) ResetDBParameterGroupRequest(input *ResetDBParameterGroupInput) (req *request.Request, output *DBParameterGroupNameMessage) { @@ -12564,13 +15548,14 @@ func (c *RDS) ResetDBParameterGroupRequest(input *ResetDBParameterGroupInput) (r // API operation ResetDBParameterGroup for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" -// The DB parameter group is in use or is in an invalid state. If you are attempting -// to delete the parameter group, you can't delete it when the parameter group -// is in this state. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeInvalidDBParameterGroupStateFault "InvalidDBParameterGroupState" +// The DB parameter group is in use or is in an invalid state. If you are attempting +// to delete the parameter group, you can't delete it when the parameter group +// is in this state. +// +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ResetDBParameterGroup func (c *RDS) ResetDBParameterGroup(input *ResetDBParameterGroupInput) (*DBParameterGroupNameMessage, error) { @@ -12610,14 +15595,13 @@ const opRestoreDBClusterFromS3 = "RestoreDBClusterFromS3" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RestoreDBClusterFromS3Request method. +// req, resp := client.RestoreDBClusterFromS3Request(params) // -// // Example sending a request using the RestoreDBClusterFromS3Request method. -// req, resp := client.RestoreDBClusterFromS3Request(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromS3 func (c *RDS) RestoreDBClusterFromS3Request(input *RestoreDBClusterFromS3Input) (req *request.Request, output *RestoreDBClusterFromS3Output) { @@ -12644,16 +15628,16 @@ func (c *RDS) RestoreDBClusterFromS3Request(input *RestoreDBClusterFromS3Input) // in Migrating Data from MySQL by Using an Amazon S3 Bucket (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Migrating.ExtMySQL.html#AuroraMySQL.Migrating.ExtMySQL.S3) // in the Amazon Aurora User Guide. // -// This action only restores the DB cluster, not the DB instances for that DB -// cluster. You must invoke the CreateDBInstance action to create DB instances +// This operation only restores the DB cluster, not the DB instances for that +// DB cluster. You must invoke the CreateDBInstance operation to create DB instances // for the restored DB cluster, specifying the identifier of the restored DB // cluster in DBClusterIdentifier. You can create DB instances only after the -// RestoreDBClusterFromS3 action has completed and the DB cluster is available. +// RestoreDBClusterFromS3 operation has completed and the DB cluster is available. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. The source DB engine must +// This operation only applies to Aurora DB clusters. The source DB engine must // be MySQL. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -12664,56 +15648,60 @@ func (c *RDS) RestoreDBClusterFromS3Request(input *RestoreDBClusterFromS3Input) // API operation RestoreDBClusterFromS3 for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" -// The user already has a DB cluster with the given identifier. // -// * ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" -// The user attempted to create a new DB cluster and the user has already reached -// the maximum allowed DB cluster quota. +// - ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" +// The user already has a DB cluster with the given identifier. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" +// The user attempted to create a new DB cluster and the user has already reached +// the maximum allowed DB cluster quota. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" -// The DB subnet group cannot be deleted because it's in use. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidDBSubnetGroupStateFault "InvalidDBSubnetGroupStateFault" +// The DB subnet group cannot be deleted because it's in use. // -// * ErrCodeInvalidS3BucketFault "InvalidS3BucketFault" -// The specified Amazon S3 bucket name can't be found or Amazon RDS isn't authorized -// to access the specified Amazon S3 bucket. Verify the SourceS3BucketName and -// S3IngestionRoleArn values and try again. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" -// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter -// group. +// - ErrCodeInvalidS3BucketFault "InvalidS3BucketFault" +// The specified Amazon S3 bucket name can't be found or Amazon RDS isn't authorized +// to access the specified Amazon S3 bucket. Verify the SourceS3BucketName and +// S3IngestionRoleArn values and try again. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" +// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter +// group. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" -// There is insufficient storage available for the current action. You might -// be able to resolve this error by updating your subnet group to use different -// Availability Zones that have more storage available. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. +// +// - ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" +// There is insufficient storage available for the current action. You might +// be able to resolve this error by updating your subnet group to use different +// Availability Zones that have more storage available. +// +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromS3 func (c *RDS) RestoreDBClusterFromS3(input *RestoreDBClusterFromS3Input) (*RestoreDBClusterFromS3Output, error) { @@ -12753,14 +15741,13 @@ const opRestoreDBClusterFromSnapshot = "RestoreDBClusterFromSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RestoreDBClusterFromSnapshotRequest method. +// req, resp := client.RestoreDBClusterFromSnapshotRequest(params) // -// // Example sending a request using the RestoreDBClusterFromSnapshotRequest method. -// req, resp := client.RestoreDBClusterFromSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromSnapshot func (c *RDS) RestoreDBClusterFromSnapshotRequest(input *RestoreDBClusterFromSnapshotInput) (req *request.Request, output *RestoreDBClusterFromSnapshotOutput) { @@ -12781,23 +15768,26 @@ func (c *RDS) RestoreDBClusterFromSnapshotRequest(input *RestoreDBClusterFromSna // RestoreDBClusterFromSnapshot API operation for Amazon Relational Database Service. // -// Creates a new DB cluster from a DB snapshot or DB cluster snapshot. This -// action only applies to Aurora DB clusters. +// Creates a new DB cluster from a DB snapshot or DB cluster snapshot. // // The target DB cluster is created from the source snapshot with a default // configuration. If you don't specify a security group, the new DB cluster // is associated with the default security group. // -// This action only restores the DB cluster, not the DB instances for that DB -// cluster. You must invoke the CreateDBInstance action to create DB instances +// This operation only restores the DB cluster, not the DB instances for that +// DB cluster. You must invoke the CreateDBInstance operation to create DB instances // for the restored DB cluster, specifying the identifier of the restored DB // cluster in DBClusterIdentifier. You can create DB instances only after the -// RestoreDBClusterFromSnapshot action has completed and the DB cluster is available. +// RestoreDBClusterFromSnapshot operation has completed and the DB cluster is +// available. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12807,70 +15797,82 @@ func (c *RDS) RestoreDBClusterFromSnapshotRequest(input *RestoreDBClusterFromSna // API operation RestoreDBClusterFromSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" -// The user already has a DB cluster with the given identifier. // -// * ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" -// The user attempted to create a new DB cluster and the user has already reached -// the maximum allowed DB cluster quota. +// - ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" +// The user already has a DB cluster with the given identifier. +// +// - ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" +// The user attempted to create a new DB cluster and the user has already reached +// the maximum allowed DB cluster quota. +// +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// - ErrCodeInsufficientDBClusterCapacityFault "InsufficientDBClusterCapacityFault" +// The DB cluster doesn't have enough capacity for the current operation. // -// * ErrCodeInsufficientDBClusterCapacityFault "InsufficientDBClusterCapacityFault" -// The DB cluster doesn't have enough capacity for the current operation. +// - ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" +// There is insufficient storage available for the current action. You might +// be able to resolve this error by updating your subnet group to use different +// Availability Zones that have more storage available. // -// * ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" -// There is insufficient storage available for the current action. You might -// be able to resolve this error by updating your subnet group to use different -// Availability Zones that have more storage available. +// - ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" +// The state of the DB snapshot doesn't allow deletion. // -// * ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" -// The state of the DB snapshot doesn't allow deletion. +// - ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" +// The supplied value isn't a valid DB cluster snapshot state. // -// * ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" -// The supplied value isn't a valid DB cluster snapshot state. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeInvalidRestoreFault "InvalidRestoreFault" -// Cannot restore from VPC backup to non-VPC DB instance. +// - ErrCodeInvalidRestoreFault "InvalidRestoreFault" +// Cannot restore from VPC backup to non-VPC DB instance. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. // -// * ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" -// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter -// group. +// - ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" +// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter +// group. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromSnapshot func (c *RDS) RestoreDBClusterFromSnapshot(input *RestoreDBClusterFromSnapshotInput) (*RestoreDBClusterFromSnapshotOutput, error) { @@ -12910,14 +15912,13 @@ const opRestoreDBClusterToPointInTime = "RestoreDBClusterToPointInTime" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RestoreDBClusterToPointInTimeRequest method. +// req, resp := client.RestoreDBClusterToPointInTimeRequest(params) // -// // Example sending a request using the RestoreDBClusterToPointInTimeRequest method. -// req, resp := client.RestoreDBClusterToPointInTimeRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterToPointInTime func (c *RDS) RestoreDBClusterToPointInTimeRequest(input *RestoreDBClusterToPointInTimeInput) (req *request.Request, output *RestoreDBClusterToPointInTimeOutput) { @@ -12944,17 +15945,20 @@ func (c *RDS) RestoreDBClusterToPointInTimeRequest(input *RestoreDBClusterToPoin // same configuration as the original DB cluster, except that the new DB cluster // is created with the default DB security group. // -// This action only restores the DB cluster, not the DB instances for that DB -// cluster. You must invoke the CreateDBInstance action to create DB instances -// for the restored DB cluster, specifying the identifier of the restored DB -// cluster in DBClusterIdentifier. You can create DB instances only after the -// RestoreDBClusterToPointInTime action has completed and the DB cluster is -// available. +// For Aurora, this operation only restores the DB cluster, not the DB instances +// for that DB cluster. You must invoke the CreateDBInstance operation to create +// DB instances for the restored DB cluster, specifying the identifier of the +// restored DB cluster in DBClusterIdentifier. You can create DB instances only +// after the RestoreDBClusterToPointInTime operation has completed and the DB +// cluster is available. // -// For more information on Amazon Aurora, see What Is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12964,66 +15968,74 @@ func (c *RDS) RestoreDBClusterToPointInTimeRequest(input *RestoreDBClusterToPoin // API operation RestoreDBClusterToPointInTime for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" -// The user already has a DB cluster with the given identifier. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" +// The user already has a DB cluster with the given identifier. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" +// The user attempted to create a new DB cluster and the user has already reached +// the maximum allowed DB cluster quota. // -// * ErrCodeDBClusterQuotaExceededFault "DBClusterQuotaExceededFault" -// The user attempted to create a new DB cluster and the user has already reached -// the maximum allowed DB cluster quota. +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeInsufficientDBClusterCapacityFault "InsufficientDBClusterCapacityFault" +// The DB cluster doesn't have enough capacity for the current operation. // -// * ErrCodeInsufficientDBClusterCapacityFault "InsufficientDBClusterCapacityFault" -// The DB cluster doesn't have enough capacity for the current operation. +// - ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" +// There is insufficient storage available for the current action. You might +// be able to resolve this error by updating your subnet group to use different +// Availability Zones that have more storage available. // -// * ErrCodeInsufficientStorageClusterCapacityFault "InsufficientStorageClusterCapacity" -// There is insufficient storage available for the current action. You might -// be able to resolve this error by updating your subnet group to use different -// Availability Zones that have more storage available. +// - ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" +// The supplied value isn't a valid DB cluster snapshot state. // -// * ErrCodeInvalidDBClusterSnapshotStateFault "InvalidDBClusterSnapshotStateFault" -// The supplied value isn't a valid DB cluster snapshot state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" +// The state of the DB snapshot doesn't allow deletion. // -// * ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" -// The state of the DB snapshot doesn't allow deletion. +// - ErrCodeInvalidRestoreFault "InvalidRestoreFault" +// Cannot restore from VPC backup to non-VPC DB instance. // -// * ErrCodeInvalidRestoreFault "InvalidRestoreFault" -// Cannot restore from VPC backup to non-VPC DB instance. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" +// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter +// group. // -// * ErrCodeDBClusterParameterGroupNotFoundFault "DBClusterParameterGroupNotFound" -// DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter -// group. +// - ErrCodeDBClusterAutomatedBackupNotFoundFault "DBClusterAutomatedBackupNotFoundFault" +// No automated backup for this DB cluster was found. +// +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterToPointInTime func (c *RDS) RestoreDBClusterToPointInTime(input *RestoreDBClusterToPointInTimeInput) (*RestoreDBClusterToPointInTimeOutput, error) { @@ -13063,14 +16075,13 @@ const opRestoreDBInstanceFromDBSnapshot = "RestoreDBInstanceFromDBSnapshot" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RestoreDBInstanceFromDBSnapshotRequest method. +// req, resp := client.RestoreDBInstanceFromDBSnapshotRequest(params) // -// // Example sending a request using the RestoreDBInstanceFromDBSnapshotRequest method. -// req, resp := client.RestoreDBInstanceFromDBSnapshotRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromDBSnapshot func (c *RDS) RestoreDBInstanceFromDBSnapshotRequest(input *RestoreDBInstanceFromDBSnapshotInput) (req *request.Request, output *RestoreDBInstanceFromDBSnapshotOutput) { @@ -13101,12 +16112,12 @@ func (c *RDS) RestoreDBInstanceFromDBSnapshotRequest(input *RestoreDBInstanceFro // // If you want to replace your original DB instance with the new, restored DB // instance, then rename your original DB instance before you call the RestoreDBInstanceFromDBSnapshot -// action. RDS doesn't allow two DB instances with the same name. After you +// operation. RDS doesn't allow two DB instances with the same name. After you // have renamed your original DB instance with a different identifier, then // you can pass the original name of the DB instance as the DBInstanceIdentifier -// in the call to the RestoreDBInstanceFromDBSnapshot action. The result is -// that you replace the original DB instance with the DB instance created from -// the snapshot. +// in the call to the RestoreDBInstanceFromDBSnapshot operation. The result +// is that you replace the original DB instance with the DB instance created +// from the snapshot. // // If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier // must be the ARN of the shared DB snapshot. @@ -13122,73 +16133,88 @@ func (c *RDS) RestoreDBInstanceFromDBSnapshotRequest(input *RestoreDBInstanceFro // API operation RestoreDBInstanceFromDBSnapshot for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" -// The user already has a DB instance with the given identifier. // -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. +// +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. +// +// - ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB instances. +// +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // -// * ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB instances. +// - ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" +// The state of the DB snapshot doesn't allow deletion. // -// * ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" -// The specified DB instance class isn't available in the specified Availability -// Zone. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeInvalidDBSnapshotStateFault "InvalidDBSnapshotState" -// The state of the DB snapshot doesn't allow deletion. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeInvalidRestoreFault "InvalidRestoreFault" +// Cannot restore from VPC backup to non-VPC DB instance. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeInvalidRestoreFault "InvalidRestoreFault" -// Cannot restore from VPC backup to non-VPC DB instance. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" +// Provisioned IOPS not available in the specified Availability Zone. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" -// Provisioned IOPS not available in the specified Availability Zone. +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" +// The specified CIDR IP range or Amazon EC2 security group might not be authorized +// for the specified DB security group. // -// * ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// Or, RDS might not be authorized to perform necessary actions using IAM on +// your behalf. // -// * ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" -// The specified CIDR IP range or Amazon EC2 security group might not be authorized -// for the specified DB security group. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// Or, RDS might not be authorized to perform necessary actions using IAM on -// your behalf. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. // -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. // -// * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. +// +// - ErrCodeTenantDatabaseQuotaExceededFault "TenantDatabaseQuotaExceeded" +// You attempted to create more tenant databases than are permitted in your +// Amazon Web Services account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromDBSnapshot func (c *RDS) RestoreDBInstanceFromDBSnapshot(input *RestoreDBInstanceFromDBSnapshotInput) (*RestoreDBInstanceFromDBSnapshotOutput, error) { @@ -13228,14 +16254,13 @@ const opRestoreDBInstanceFromS3 = "RestoreDBInstanceFromS3" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RestoreDBInstanceFromS3Request method. +// req, resp := client.RestoreDBInstanceFromS3Request(params) // -// // Example sending a request using the RestoreDBInstanceFromS3Request method. -// req, resp := client.RestoreDBInstanceFromS3Request(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromS3 func (c *RDS) RestoreDBInstanceFromS3Request(input *RestoreDBInstanceFromS3Input) (req *request.Request, output *RestoreDBInstanceFromS3Output) { @@ -13264,6 +16289,8 @@ func (c *RDS) RestoreDBInstanceFromS3Request(input *RestoreDBInstanceFromS3Input // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html) // in the Amazon RDS User Guide. // +// This operation doesn't apply to RDS Custom. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -13272,66 +16299,74 @@ func (c *RDS) RestoreDBInstanceFromS3Request(input *RestoreDBInstanceFromS3Input // API operation RestoreDBInstanceFromS3 for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" -// The user already has a DB instance with the given identifier. // -// * ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" -// The specified DB instance class isn't available in the specified Availability -// Zone. +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. +// +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB instances. +// - ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB instances. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidS3BucketFault "InvalidS3BucketFault" -// The specified Amazon S3 bucket name can't be found or Amazon RDS isn't authorized -// to access the specified Amazon S3 bucket. Verify the SourceS3BucketName and -// S3IngestionRoleArn values and try again. +// - ErrCodeInvalidS3BucketFault "InvalidS3BucketFault" +// The specified Amazon S3 bucket name can't be found or Amazon RDS isn't authorized +// to access the specified Amazon S3 bucket. Verify the SourceS3BucketName and +// S3IngestionRoleArn values and try again. // -// * ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" -// Provisioned IOPS not available in the specified Availability Zone. +// - ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" +// Provisioned IOPS not available in the specified Availability Zone. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. // -// * ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" -// The specified CIDR IP range or Amazon EC2 security group might not be authorized -// for the specified DB security group. +// - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" +// The specified CIDR IP range or Amazon EC2 security group might not be authorized +// for the specified DB security group. // -// Or, RDS might not be authorized to perform necessary actions using IAM on -// your behalf. +// Or, RDS might not be authorized to perform necessary actions using IAM on +// your behalf. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" +// - ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" +// +// - ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromS3 func (c *RDS) RestoreDBInstanceFromS3(input *RestoreDBInstanceFromS3Input) (*RestoreDBInstanceFromS3Output, error) { @@ -13371,14 +16406,13 @@ const opRestoreDBInstanceToPointInTime = "RestoreDBInstanceToPointInTime" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RestoreDBInstanceToPointInTimeRequest method. +// req, resp := client.RestoreDBInstanceToPointInTimeRequest(params) // -// // Example sending a request using the RestoreDBInstanceToPointInTimeRequest method. -// req, resp := client.RestoreDBInstanceToPointInTimeRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceToPointInTime func (c *RDS) RestoreDBInstanceToPointInTimeRequest(input *RestoreDBInstanceToPointInTimeInput) (req *request.Request, output *RestoreDBInstanceToPointInTimeOutput) { @@ -13412,7 +16446,7 @@ func (c *RDS) RestoreDBInstanceToPointInTimeRequest(input *RestoreDBInstanceToPo // with mirroring; in this case, the instance becomes a mirrored deployment // and not a single-AZ deployment. // -// This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, +// This operation doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, // use RestoreDBClusterToPointInTime. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -13423,80 +16457,92 @@ func (c *RDS) RestoreDBInstanceToPointInTimeRequest(input *RestoreDBInstanceToPo // API operation RestoreDBInstanceToPointInTime for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" -// The user already has a DB instance with the given identifier. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBInstanceAlreadyExistsFault "DBInstanceAlreadyExists" +// The user already has a DB instance with the given identifier. +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB instances. +// - ErrCodeInstanceQuotaExceededFault "InstanceQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB instances. // -// * ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" -// The specified DB instance class isn't available in the specified Availability -// Zone. +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodePointInTimeRestoreNotEnabledFault "PointInTimeRestoreNotEnabled" -// SourceDBInstanceIdentifier refers to a DB instance with BackupRetentionPeriod -// equal to 0. +// - ErrCodePointInTimeRestoreNotEnabledFault "PointInTimeRestoreNotEnabled" +// SourceDBInstanceIdentifier refers to a DB instance with BackupRetentionPeriod +// equal to 0. // -// * ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" -// The request would result in the user exceeding the allowed amount of storage -// available across all DB instances. +// - ErrCodeStorageQuotaExceededFault "StorageQuotaExceeded" +// The request would result in the user exceeding the allowed amount of storage +// available across all DB instances. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeInvalidRestoreFault "InvalidRestoreFault" -// Cannot restore from VPC backup to non-VPC DB instance. +// - ErrCodeInvalidRestoreFault "InvalidRestoreFault" +// Cannot restore from VPC backup to non-VPC DB instance. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" -// Provisioned IOPS not available in the specified Availability Zone. +// - ErrCodeProvisionedIopsNotAvailableInAZFault "ProvisionedIopsNotAvailableInAZFault" +// Provisioned IOPS not available in the specified Availability Zone. // -// * ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" -// The specified option group could not be found. +// - ErrCodeOptionGroupNotFoundFault "OptionGroupNotFoundFault" +// The specified option group could not be found. // -// * ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. // -// * ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" -// The specified CIDR IP range or Amazon EC2 security group might not be authorized -// for the specified DB security group. +// - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" +// The specified CIDR IP range or Amazon EC2 security group might not be authorized +// for the specified DB security group. // -// Or, RDS might not be authorized to perform necessary actions using IAM on -// your behalf. +// Or, RDS might not be authorized to perform necessary actions using IAM on +// your behalf. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeDomainNotFoundFault "DomainNotFoundFault" -// Domain doesn't refer to an existing Active Directory domain. +// - ErrCodeDomainNotFoundFault "DomainNotFoundFault" +// Domain doesn't refer to an existing Active Directory domain. // -// * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" +// - ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" // -// * ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" -// DBParameterGroupName doesn't refer to an existing DB parameter group. +// - ErrCodeDBParameterGroupNotFoundFault "DBParameterGroupNotFound" +// DBParameterGroupName doesn't refer to an existing DB parameter group. // -// * ErrCodeDBInstanceAutomatedBackupNotFoundFault "DBInstanceAutomatedBackupNotFound" -// No automated backup for this DB instance was found. +// - ErrCodeDBInstanceAutomatedBackupNotFoundFault "DBInstanceAutomatedBackupNotFound" +// No automated backup for this DB instance was found. +// +// - ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// +// - ErrCodeTenantDatabaseQuotaExceededFault "TenantDatabaseQuotaExceeded" +// You attempted to create more tenant databases than are permitted in your +// Amazon Web Services account. +// +// - ErrCodeCertificateNotFoundFault "CertificateNotFound" +// CertificateIdentifier doesn't refer to an existing certificate. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceToPointInTime func (c *RDS) RestoreDBInstanceToPointInTime(input *RestoreDBInstanceToPointInTimeInput) (*RestoreDBInstanceToPointInTimeOutput, error) { @@ -13536,14 +16582,13 @@ const opRevokeDBSecurityGroupIngress = "RevokeDBSecurityGroupIngress" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RevokeDBSecurityGroupIngressRequest method. +// req, resp := client.RevokeDBSecurityGroupIngressRequest(params) // -// // Example sending a request using the RevokeDBSecurityGroupIngressRequest method. -// req, resp := client.RevokeDBSecurityGroupIngressRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RevokeDBSecurityGroupIngress func (c *RDS) RevokeDBSecurityGroupIngressRequest(input *RevokeDBSecurityGroupIngressInput) (req *request.Request, output *RevokeDBSecurityGroupIngressOutput) { @@ -13565,10 +16610,18 @@ func (c *RDS) RevokeDBSecurityGroupIngressRequest(input *RevokeDBSecurityGroupIn // RevokeDBSecurityGroupIngress API operation for Amazon Relational Database Service. // // Revokes ingress from a DBSecurityGroup for previously authorized IP ranges -// or EC2 or VPC Security Groups. Required parameters for this API are one of +// or EC2 or VPC security groups. Required parameters for this API are one of // CIDRIP, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either // EC2SecurityGroupName or EC2SecurityGroupId). // +// EC2-Classic was retired on August 15, 2022. If you haven't migrated from +// EC2-Classic to a VPC, we recommend that you migrate as soon as possible. +// For more information, see Migrate from EC2-Classic to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) +// in the Amazon EC2 User Guide, the blog EC2-Classic Networking is Retiring +// – Here’s How to Prepare (http://aws.amazon.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/), +// and Moving a DB instance not in a VPC into a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html) +// in the Amazon RDS User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -13577,18 +16630,19 @@ func (c *RDS) RevokeDBSecurityGroupIngressRequest(input *RevokeDBSecurityGroupIn // API operation RevokeDBSecurityGroupIngress for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" -// DBSecurityGroupName doesn't refer to an existing DB security group. // -// * ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" -// The specified CIDR IP range or Amazon EC2 security group might not be authorized -// for the specified DB security group. +// - ErrCodeDBSecurityGroupNotFoundFault "DBSecurityGroupNotFound" +// DBSecurityGroupName doesn't refer to an existing DB security group. +// +// - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" +// The specified CIDR IP range or Amazon EC2 security group might not be authorized +// for the specified DB security group. // -// Or, RDS might not be authorized to perform necessary actions using IAM on -// your behalf. +// Or, RDS might not be authorized to perform necessary actions using IAM on +// your behalf. // -// * ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" -// The state of the DB security group doesn't allow deletion. +// - ErrCodeInvalidDBSecurityGroupStateFault "InvalidDBSecurityGroupState" +// The state of the DB security group doesn't allow deletion. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RevokeDBSecurityGroupIngress func (c *RDS) RevokeDBSecurityGroupIngress(input *RevokeDBSecurityGroupIngressInput) (*RevokeDBSecurityGroupIngressOutput, error) { @@ -13628,14 +16682,13 @@ const opStartActivityStream = "StartActivityStream" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StartActivityStreamRequest method. +// req, resp := client.StartActivityStreamRequest(params) // -// // Example sending a request using the StartActivityStreamRequest method. -// req, resp := client.StartActivityStreamRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartActivityStream func (c *RDS) StartActivityStreamRequest(input *StartActivityStreamInput) (req *request.Request, output *StartActivityStreamOutput) { @@ -13657,8 +16710,11 @@ func (c *RDS) StartActivityStreamRequest(input *StartActivityStreamInput) (req * // StartActivityStream API operation for Amazon Relational Database Service. // // Starts a database activity stream to monitor activity on the database. For -// more information, see Database Activity Streams (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.html) -// in the Amazon Aurora User Guide. +// more information, see Monitoring Amazon Aurora with Database Activity Streams +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.html) +// in the Amazon Aurora User Guide or Monitoring Amazon RDS with Database Activity +// Streams (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/DBActivityStreams.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13668,23 +16724,24 @@ func (c *RDS) StartActivityStreamRequest(input *StartActivityStreamInput) (req * // API operation StartActivityStream for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeResourceNotFoundFault "ResourceNotFoundFault" -// The specified resource ID was not found. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeResourceNotFoundFault "ResourceNotFoundFault" +// The specified resource ID was not found. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartActivityStream func (c *RDS) StartActivityStream(input *StartActivityStreamInput) (*StartActivityStreamOutput, error) { @@ -13724,14 +16781,13 @@ const opStartDBCluster = "StartDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StartDBClusterRequest method. +// req, resp := client.StartDBClusterRequest(params) // -// // Example sending a request using the StartDBClusterRequest method. -// req, resp := client.StartDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBCluster func (c *RDS) StartDBClusterRequest(input *StartDBClusterInput) (req *request.Request, output *StartDBClusterOutput) { @@ -13752,13 +16808,13 @@ func (c *RDS) StartDBClusterRequest(input *StartDBClusterInput) (req *request.Re // StartDBCluster API operation for Amazon Relational Database Service. // -// Starts an Amazon Aurora DB cluster that was stopped using the AWS console, -// the stop-db-cluster AWS CLI command, or the StopDBCluster action. +// Starts an Amazon Aurora DB cluster that was stopped using the Amazon Web +// Services console, the stop-db-cluster CLI command, or the StopDBCluster operation. // // For more information, see Stopping and Starting an Aurora Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-cluster-stop-start.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// This operation only applies to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13768,14 +16824,15 @@ func (c *RDS) StartDBClusterRequest(input *StartDBClusterInput) (req *request.Re // API operation StartDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBCluster func (c *RDS) StartDBCluster(input *StartDBClusterInput) (*StartDBClusterOutput, error) { @@ -13815,14 +16872,13 @@ const opStartDBInstance = "StartDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StartDBInstanceRequest method. +// req, resp := client.StartDBInstanceRequest(params) // -// // Example sending a request using the StartDBInstanceRequest method. -// req, resp := client.StartDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstance func (c *RDS) StartDBInstanceRequest(input *StartDBInstanceInput) (req *request.Request, output *StartDBInstanceOutput) { @@ -13843,15 +16899,15 @@ func (c *RDS) StartDBInstanceRequest(input *StartDBInstanceInput) (req *request. // StartDBInstance API operation for Amazon Relational Database Service. // -// Starts an Amazon RDS DB instance that was stopped using the AWS console, -// the stop-db-instance AWS CLI command, or the StopDBInstance action. +// Starts an Amazon RDS DB instance that was stopped using the Amazon Web Services +// console, the stop-db-instance CLI command, or the StopDBInstance operation. // // For more information, see Starting an Amazon RDS DB instance That Was Previously // Stopped (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_StartInstance.html) // in the Amazon RDS User Guide. // -// This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora -// DB clusters, use StartDBCluster instead. +// This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. +// For Aurora DB clusters, use StartDBCluster instead. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13861,46 +16917,47 @@ func (c *RDS) StartDBInstanceRequest(input *StartDBInstanceInput) (req *request. // API operation StartDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" -// The specified DB instance class isn't available in the specified Availability -// Zone. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" -// DBSubnetGroupName doesn't refer to an existing DB subnet group. +// - ErrCodeInsufficientDBInstanceCapacityFault "InsufficientDBInstanceCapacity" +// The specified DB instance class isn't available in the specified Availability +// Zone. // -// * ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" -// Subnets in the DB subnet group should cover at least two Availability Zones -// unless there is only one Availability Zone. +// - ErrCodeDBSubnetGroupNotFoundFault "DBSubnetGroupNotFoundFault" +// DBSubnetGroupName doesn't refer to an existing DB subnet group. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBSubnetGroupDoesNotCoverEnoughAZs "DBSubnetGroupDoesNotCoverEnoughAZs" +// Subnets in the DB subnet group should cover at least two Availability Zones +// unless there is only one Availability Zone. // -// * ErrCodeInvalidSubnet "InvalidSubnet" -// The requested subnet is invalid, or multiple subnets were requested that -// are not all in a common VPC. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" -// The DB subnet group doesn't cover all Availability Zones after it's created -// because of users' change. +// - ErrCodeInvalidSubnet "InvalidSubnet" +// The requested subnet is invalid, or multiple subnets were requested that +// are not all in a common VPC. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeInvalidVPCNetworkStateFault "InvalidVPCNetworkStateFault" +// The DB subnet group doesn't cover all Availability Zones after it's created +// because of users' change. // -// * ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" -// The specified CIDR IP range or Amazon EC2 security group might not be authorized -// for the specified DB security group. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// Or, RDS might not be authorized to perform necessary actions using IAM on -// your behalf. +// - ErrCodeAuthorizationNotFoundFault "AuthorizationNotFound" +// The specified CIDR IP range or Amazon EC2 security group might not be authorized +// for the specified DB security group. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// Or, RDS might not be authorized to perform necessary actions using IAM on +// your behalf. +// +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstance func (c *RDS) StartDBInstance(input *StartDBInstanceInput) (*StartDBInstanceOutput, error) { @@ -13940,14 +16997,13 @@ const opStartDBInstanceAutomatedBackupsReplication = "StartDBInstanceAutomatedBa // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StartDBInstanceAutomatedBackupsReplicationRequest method. +// req, resp := client.StartDBInstanceAutomatedBackupsReplicationRequest(params) // -// // Example sending a request using the StartDBInstanceAutomatedBackupsReplicationRequest method. -// req, resp := client.StartDBInstanceAutomatedBackupsReplicationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplication func (c *RDS) StartDBInstanceAutomatedBackupsReplicationRequest(input *StartDBInstanceAutomatedBackupsReplicationInput) (req *request.Request, output *StartDBInstanceAutomatedBackupsReplicationOutput) { @@ -13968,10 +17024,13 @@ func (c *RDS) StartDBInstanceAutomatedBackupsReplicationRequest(input *StartDBIn // StartDBInstanceAutomatedBackupsReplication API operation for Amazon Relational Database Service. // -// Enables replication of automated backups to a different AWS Region. +// Enables replication of automated backups to a different Amazon Web Services +// Region. +// +// This command doesn't apply to RDS Custom. // -// For more information, see Replicating Automated Backups to Another AWS Region -// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) +// For more information, see Replicating Automated Backups to Another Amazon +// Web Services Region (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -13982,22 +17041,23 @@ func (c *RDS) StartDBInstanceAutomatedBackupsReplicationRequest(input *StartDBIn // API operation StartDBInstanceAutomatedBackupsReplication for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeDBInstanceAutomatedBackupQuotaExceededFault "DBInstanceAutomatedBackupQuotaExceeded" -// The quota for retained automated backups was exceeded. This prevents you -// from retaining any additional automated backups. The retained automated backups -// quota is the same as your DB Instance quota. +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. // -// * ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" -// Storage of the StorageType specified can't be associated with the DB instance. +// - ErrCodeDBInstanceAutomatedBackupQuotaExceededFault "DBInstanceAutomatedBackupQuotaExceeded" +// The quota for retained automated backups was exceeded. This prevents you +// from retaining any additional automated backups. The retained automated backups +// quota is the same as your DB instance quota. +// +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// The specified StorageType can't be associated with the DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplication func (c *RDS) StartDBInstanceAutomatedBackupsReplication(input *StartDBInstanceAutomatedBackupsReplicationInput) (*StartDBInstanceAutomatedBackupsReplicationOutput, error) { @@ -14037,14 +17097,13 @@ const opStartExportTask = "StartExportTask" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StartExportTaskRequest method. +// req, resp := client.StartExportTaskRequest(params) // -// // Example sending a request using the StartExportTaskRequest method. -// req, resp := client.StartExportTaskRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartExportTask func (c *RDS) StartExportTaskRequest(input *StartExportTaskInput) (req *request.Request, output *StartExportTaskOutput) { @@ -14065,8 +17124,20 @@ func (c *RDS) StartExportTaskRequest(input *StartExportTaskInput) (req *request. // StartExportTask API operation for Amazon Relational Database Service. // -// Starts an export of a snapshot to Amazon S3. The provided IAM role must have -// access to the S3 bucket. +// Starts an export of DB snapshot or DB cluster data to Amazon S3. The provided +// IAM role must have access to the S3 bucket. +// +// You can't export snapshot data from Db2 or RDS Custom DB instances. +// +// For more information on exporting DB snapshot data, see Exporting DB snapshot +// data to Amazon S3 (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ExportSnapshot.html) +// in the Amazon RDS User Guide or Exporting DB cluster snapshot data to Amazon +// S3 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-export-snapshot.html) +// in the Amazon Aurora User Guide. +// +// For more information on exporting DB cluster data, see Exporting DB cluster +// data to Amazon S3 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/export-cluster-data.html) +// in the Amazon Aurora User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14076,35 +17147,39 @@ func (c *RDS) StartExportTaskRequest(input *StartExportTaskInput) (req *request. // API operation StartExportTask for usage and error information. // // Returned Error Codes: -// * ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" -// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // -// * ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" -// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. +// - ErrCodeDBSnapshotNotFoundFault "DBSnapshotNotFound" +// DBSnapshotIdentifier doesn't refer to an existing DB snapshot. // -// * ErrCodeExportTaskAlreadyExistsFault "ExportTaskAlreadyExists" -// You can't start an export task that's already running. +// - ErrCodeDBClusterSnapshotNotFoundFault "DBClusterSnapshotNotFoundFault" +// DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot. // -// * ErrCodeInvalidS3BucketFault "InvalidS3BucketFault" -// The specified Amazon S3 bucket name can't be found or Amazon RDS isn't authorized -// to access the specified Amazon S3 bucket. Verify the SourceS3BucketName and -// S3IngestionRoleArn values and try again. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeIamRoleNotFoundFault "IamRoleNotFound" -// The IAM role is missing for exporting to an Amazon S3 bucket. +// - ErrCodeExportTaskAlreadyExistsFault "ExportTaskAlreadyExists" +// You can't start an export task that's already running. // -// * ErrCodeIamRoleMissingPermissionsFault "IamRoleMissingPermissions" -// The IAM role requires additional permissions to export to an Amazon S3 bucket. +// - ErrCodeInvalidS3BucketFault "InvalidS3BucketFault" +// The specified Amazon S3 bucket name can't be found or Amazon RDS isn't authorized +// to access the specified Amazon S3 bucket. Verify the SourceS3BucketName and +// S3IngestionRoleArn values and try again. // -// * ErrCodeInvalidExportOnlyFault "InvalidExportOnly" -// The export is invalid for exporting to an Amazon S3 bucket. +// - ErrCodeIamRoleNotFoundFault "IamRoleNotFound" +// The IAM role is missing for exporting to an Amazon S3 bucket. // -// * ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" -// An error occurred accessing an AWS KMS key. +// - ErrCodeIamRoleMissingPermissionsFault "IamRoleMissingPermissions" +// The IAM role requires additional permissions to export to an Amazon S3 bucket. // -// * ErrCodeInvalidExportSourceStateFault "InvalidExportSourceState" -// The state of the export snapshot is invalid for exporting to an Amazon S3 -// bucket. +// - ErrCodeInvalidExportOnlyFault "InvalidExportOnly" +// The export is invalid for exporting to an Amazon S3 bucket. +// +// - ErrCodeKMSKeyNotAccessibleFault "KMSKeyNotAccessibleFault" +// An error occurred accessing an Amazon Web Services KMS key. +// +// - ErrCodeInvalidExportSourceStateFault "InvalidExportSourceState" +// The state of the export snapshot is invalid for exporting to an Amazon S3 +// bucket. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartExportTask func (c *RDS) StartExportTask(input *StartExportTaskInput) (*StartExportTaskOutput, error) { @@ -14144,14 +17219,13 @@ const opStopActivityStream = "StopActivityStream" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StopActivityStreamRequest method. +// req, resp := client.StopActivityStreamRequest(params) // -// // Example sending a request using the StopActivityStreamRequest method. -// req, resp := client.StopActivityStreamRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopActivityStream func (c *RDS) StopActivityStreamRequest(input *StopActivityStreamInput) (req *request.Request, output *StopActivityStreamOutput) { @@ -14172,11 +17246,15 @@ func (c *RDS) StopActivityStreamRequest(input *StopActivityStreamInput) (req *re // StopActivityStream API operation for Amazon Relational Database Service. // -// Stops a database activity stream that was started using the AWS console, -// the start-activity-stream AWS CLI command, or the StartActivityStream action. +// Stops a database activity stream that was started using the Amazon Web Services +// console, the start-activity-stream CLI command, or the StartActivityStream +// operation. // -// For more information, see Database Activity Streams (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.html) -// in the Amazon Aurora User Guide. +// For more information, see Monitoring Amazon Aurora with Database Activity +// Streams (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.html) +// in the Amazon Aurora User Guide or Monitoring Amazon RDS with Database Activity +// Streams (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/DBActivityStreams.html) +// in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14186,20 +17264,21 @@ func (c *RDS) StopActivityStreamRequest(input *StopActivityStreamInput) (req *re // API operation StopActivityStream for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeResourceNotFoundFault "ResourceNotFoundFault" -// The specified resource ID was not found. +// - ErrCodeResourceNotFoundFault "ResourceNotFoundFault" +// The specified resource ID was not found. // -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopActivityStream func (c *RDS) StopActivityStream(input *StopActivityStreamInput) (*StopActivityStreamOutput, error) { @@ -14239,14 +17318,13 @@ const opStopDBCluster = "StopDBCluster" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StopDBClusterRequest method. +// req, resp := client.StopDBClusterRequest(params) // -// // Example sending a request using the StopDBClusterRequest method. -// req, resp := client.StopDBClusterRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBCluster func (c *RDS) StopDBClusterRequest(input *StopDBClusterInput) (req *request.Request, output *StopDBClusterOutput) { @@ -14275,7 +17353,7 @@ func (c *RDS) StopDBClusterRequest(input *StopDBClusterInput) (req *request.Requ // For more information, see Stopping and Starting an Aurora Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-cluster-stop-start.html) // in the Amazon Aurora User Guide. // -// This action only applies to Aurora DB clusters. +// This operation only applies to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14285,14 +17363,15 @@ func (c *RDS) StopDBClusterRequest(input *StopDBClusterInput) (req *request.Requ // API operation StopDBCluster for usage and error information. // // Returned Error Codes: -// * ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" -// DBClusterIdentifier doesn't refer to an existing DB cluster. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBCluster func (c *RDS) StopDBCluster(input *StopDBClusterInput) (*StopDBClusterOutput, error) { @@ -14332,14 +17411,13 @@ const opStopDBInstance = "StopDBInstance" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StopDBInstanceRequest method. +// req, resp := client.StopDBInstanceRequest(params) // -// // Example sending a request using the StopDBInstanceRequest method. -// req, resp := client.StopDBInstanceRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstance func (c *RDS) StopDBInstanceRequest(input *StopDBInstanceInput) (req *request.Request, output *StopDBInstanceOutput) { @@ -14369,8 +17447,8 @@ func (c *RDS) StopDBInstanceRequest(input *StopDBInstanceInput) (req *request.Re // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_StopInstance.html) // in the Amazon RDS User Guide. // -// This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora -// clusters, use StopDBCluster instead. +// This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. +// For Aurora clusters, use StopDBCluster instead. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14380,20 +17458,21 @@ func (c *RDS) StopDBInstanceRequest(input *StopDBInstanceInput) (req *request.Re // API operation StopDBInstance for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // -// * ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" -// DBSnapshotIdentifier is already used by an existing snapshot. +// - ErrCodeDBSnapshotAlreadyExistsFault "DBSnapshotAlreadyExists" +// DBSnapshotIdentifier is already used by an existing snapshot. // -// * ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" -// The request would result in the user exceeding the allowed number of DB snapshots. +// - ErrCodeSnapshotQuotaExceededFault "SnapshotQuotaExceeded" +// The request would result in the user exceeding the allowed number of DB snapshots. // -// * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" -// The requested operation can't be performed while the cluster is in this state. +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstance func (c *RDS) StopDBInstance(input *StopDBInstanceInput) (*StopDBInstanceOutput, error) { @@ -14433,14 +17512,13 @@ const opStopDBInstanceAutomatedBackupsReplication = "StopDBInstanceAutomatedBack // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the StopDBInstanceAutomatedBackupsReplicationRequest method. +// req, resp := client.StopDBInstanceAutomatedBackupsReplicationRequest(params) // -// // Example sending a request using the StopDBInstanceAutomatedBackupsReplicationRequest method. -// req, resp := client.StopDBInstanceAutomatedBackupsReplicationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplication func (c *RDS) StopDBInstanceAutomatedBackupsReplicationRequest(input *StopDBInstanceAutomatedBackupsReplicationInput) (req *request.Request, output *StopDBInstanceAutomatedBackupsReplicationOutput) { @@ -14463,8 +17541,10 @@ func (c *RDS) StopDBInstanceAutomatedBackupsReplicationRequest(input *StopDBInst // // Stops automated backup replication for a DB instance. // -// For more information, see Replicating Automated Backups to Another AWS Region -// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) +// This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. +// +// For more information, see Replicating Automated Backups to Another Amazon +// Web Services Region (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) // in the Amazon RDS User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -14475,11 +17555,12 @@ func (c *RDS) StopDBInstanceAutomatedBackupsReplicationRequest(input *StopDBInst // API operation StopDBInstanceAutomatedBackupsReplication for usage and error information. // // Returned Error Codes: -// * ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" -// DBInstanceIdentifier doesn't refer to an existing DB instance. // -// * ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" -// The DB instance isn't in a valid state. +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. // // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplication func (c *RDS) StopDBInstanceAutomatedBackupsReplication(input *StopDBInstanceAutomatedBackupsReplicationInput) (*StopDBInstanceAutomatedBackupsReplicationOutput, error) { @@ -14503,84 +17584,369 @@ func (c *RDS) StopDBInstanceAutomatedBackupsReplicationWithContext(ctx aws.Conte return out, req.Send() } -// Describes a quota for an AWS account. +const opSwitchoverBlueGreenDeployment = "SwitchoverBlueGreenDeployment" + +// SwitchoverBlueGreenDeploymentRequest generates a "aws/request.Request" representing the +// client's request for the SwitchoverBlueGreenDeployment operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SwitchoverBlueGreenDeployment for more information on using the SwitchoverBlueGreenDeployment +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SwitchoverBlueGreenDeploymentRequest method. +// req, resp := client.SwitchoverBlueGreenDeploymentRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SwitchoverBlueGreenDeployment +func (c *RDS) SwitchoverBlueGreenDeploymentRequest(input *SwitchoverBlueGreenDeploymentInput) (req *request.Request, output *SwitchoverBlueGreenDeploymentOutput) { + op := &request.Operation{ + Name: opSwitchoverBlueGreenDeployment, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SwitchoverBlueGreenDeploymentInput{} + } + + output = &SwitchoverBlueGreenDeploymentOutput{} + req = c.newRequest(op, input, output) + return +} + +// SwitchoverBlueGreenDeployment API operation for Amazon Relational Database Service. +// +// Switches over a blue/green deployment. +// +// Before you switch over, production traffic is routed to the databases in +// the blue environment. After you switch over, production traffic is routed +// to the databases in the green environment. +// +// For more information, see Using Amazon RDS Blue/Green Deployments for database +// updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) +// in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments +// for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) +// in the Amazon Aurora User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation SwitchoverBlueGreenDeployment for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeBlueGreenDeploymentNotFoundFault "BlueGreenDeploymentNotFoundFault" +// BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment. +// +// - ErrCodeInvalidBlueGreenDeploymentStateFault "InvalidBlueGreenDeploymentStateFault" +// The blue/green deployment can't be switched over or deleted because there +// is an invalid configuration in the green environment. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SwitchoverBlueGreenDeployment +func (c *RDS) SwitchoverBlueGreenDeployment(input *SwitchoverBlueGreenDeploymentInput) (*SwitchoverBlueGreenDeploymentOutput, error) { + req, out := c.SwitchoverBlueGreenDeploymentRequest(input) + return out, req.Send() +} + +// SwitchoverBlueGreenDeploymentWithContext is the same as SwitchoverBlueGreenDeployment with the addition of +// the ability to pass a context and additional request options. +// +// See SwitchoverBlueGreenDeployment for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) SwitchoverBlueGreenDeploymentWithContext(ctx aws.Context, input *SwitchoverBlueGreenDeploymentInput, opts ...request.Option) (*SwitchoverBlueGreenDeploymentOutput, error) { + req, out := c.SwitchoverBlueGreenDeploymentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSwitchoverGlobalCluster = "SwitchoverGlobalCluster" + +// SwitchoverGlobalClusterRequest generates a "aws/request.Request" representing the +// client's request for the SwitchoverGlobalCluster operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SwitchoverGlobalCluster for more information on using the SwitchoverGlobalCluster +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SwitchoverGlobalClusterRequest method. +// req, resp := client.SwitchoverGlobalClusterRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SwitchoverGlobalCluster +func (c *RDS) SwitchoverGlobalClusterRequest(input *SwitchoverGlobalClusterInput) (req *request.Request, output *SwitchoverGlobalClusterOutput) { + op := &request.Operation{ + Name: opSwitchoverGlobalCluster, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SwitchoverGlobalClusterInput{} + } + + output = &SwitchoverGlobalClusterOutput{} + req = c.newRequest(op, input, output) + return +} + +// SwitchoverGlobalCluster API operation for Amazon Relational Database Service. +// +// Switches over the specified secondary DB cluster to be the new primary DB +// cluster in the global database cluster. Switchover operations were previously +// called "managed planned failovers." +// +// Aurora promotes the specified secondary cluster to assume full read/write +// capabilities and demotes the current primary cluster to a secondary (read-only) +// cluster, maintaining the orginal replication topology. All secondary clusters +// are synchronized with the primary at the beginning of the process so the +// new primary continues operations for the Aurora global database without losing +// any data. Your database is unavailable for a short time while the primary +// and selected secondary clusters are assuming their new roles. For more information +// about switching over an Aurora global database, see Performing switchovers +// for Amazon Aurora global databases (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.html#aurora-global-database-disaster-recovery.managed-failover) +// in the Amazon Aurora User Guide. +// +// This operation is intended for controlled environments, for operations such +// as "regional rotation" or to fall back to the original primary after a global +// database failover. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation SwitchoverGlobalCluster for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeGlobalClusterNotFoundFault "GlobalClusterNotFoundFault" +// The GlobalClusterIdentifier doesn't refer to an existing global database +// cluster. +// +// - ErrCodeInvalidGlobalClusterStateFault "InvalidGlobalClusterStateFault" +// The global cluster is in an invalid state and can't perform the requested +// operation. +// +// - ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" +// The requested operation can't be performed while the cluster is in this state. +// +// - ErrCodeDBClusterNotFoundFault "DBClusterNotFoundFault" +// DBClusterIdentifier doesn't refer to an existing DB cluster. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SwitchoverGlobalCluster +func (c *RDS) SwitchoverGlobalCluster(input *SwitchoverGlobalClusterInput) (*SwitchoverGlobalClusterOutput, error) { + req, out := c.SwitchoverGlobalClusterRequest(input) + return out, req.Send() +} + +// SwitchoverGlobalClusterWithContext is the same as SwitchoverGlobalCluster with the addition of +// the ability to pass a context and additional request options. +// +// See SwitchoverGlobalCluster for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) SwitchoverGlobalClusterWithContext(ctx aws.Context, input *SwitchoverGlobalClusterInput, opts ...request.Option) (*SwitchoverGlobalClusterOutput, error) { + req, out := c.SwitchoverGlobalClusterRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opSwitchoverReadReplica = "SwitchoverReadReplica" + +// SwitchoverReadReplicaRequest generates a "aws/request.Request" representing the +// client's request for the SwitchoverReadReplica operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SwitchoverReadReplica for more information on using the SwitchoverReadReplica +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the SwitchoverReadReplicaRequest method. +// req, resp := client.SwitchoverReadReplicaRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SwitchoverReadReplica +func (c *RDS) SwitchoverReadReplicaRequest(input *SwitchoverReadReplicaInput) (req *request.Request, output *SwitchoverReadReplicaOutput) { + op := &request.Operation{ + Name: opSwitchoverReadReplica, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SwitchoverReadReplicaInput{} + } + + output = &SwitchoverReadReplicaOutput{} + req = c.newRequest(op, input, output) + return +} + +// SwitchoverReadReplica API operation for Amazon Relational Database Service. +// +// Switches over an Oracle standby database in an Oracle Data Guard environment, +// making it the new primary database. Issue this command in the Region that +// hosts the current standby database. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Relational Database Service's +// API operation SwitchoverReadReplica for usage and error information. +// +// Returned Error Codes: +// +// - ErrCodeDBInstanceNotFoundFault "DBInstanceNotFound" +// DBInstanceIdentifier doesn't refer to an existing DB instance. +// +// - ErrCodeInvalidDBInstanceStateFault "InvalidDBInstanceState" +// The DB instance isn't in a valid state. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SwitchoverReadReplica +func (c *RDS) SwitchoverReadReplica(input *SwitchoverReadReplicaInput) (*SwitchoverReadReplicaOutput, error) { + req, out := c.SwitchoverReadReplicaRequest(input) + return out, req.Send() +} + +// SwitchoverReadReplicaWithContext is the same as SwitchoverReadReplica with the addition of +// the ability to pass a context and additional request options. +// +// See SwitchoverReadReplica for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) SwitchoverReadReplicaWithContext(ctx aws.Context, input *SwitchoverReadReplicaInput, opts ...request.Option) (*SwitchoverReadReplicaOutput, error) { + req, out := c.SwitchoverReadReplicaRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// Describes a quota for an Amazon Web Services account. // // The following are account quotas: // -// * AllocatedStorage - The total allocated storage per account, in GiB. -// The used value is the total allocated storage in the account, in GiB. +// - AllocatedStorage - The total allocated storage per account, in GiB. +// The used value is the total allocated storage in the account, in GiB. // -// * AuthorizationsPerDBSecurityGroup - The number of ingress rules per DB -// security group. The used value is the highest number of ingress rules -// in a DB security group in the account. Other DB security groups in the -// account might have a lower number of ingress rules. +// - AuthorizationsPerDBSecurityGroup - The number of ingress rules per DB +// security group. The used value is the highest number of ingress rules +// in a DB security group in the account. Other DB security groups in the +// account might have a lower number of ingress rules. // -// * CustomEndpointsPerDBCluster - The number of custom endpoints per DB -// cluster. The used value is the highest number of custom endpoints in a -// DB clusters in the account. Other DB clusters in the account might have -// a lower number of custom endpoints. +// - CustomEndpointsPerDBCluster - The number of custom endpoints per DB +// cluster. The used value is the highest number of custom endpoints in a +// DB clusters in the account. Other DB clusters in the account might have +// a lower number of custom endpoints. // -// * DBClusterParameterGroups - The number of DB cluster parameter groups -// per account, excluding default parameter groups. The used value is the -// count of nondefault DB cluster parameter groups in the account. +// - DBClusterParameterGroups - The number of DB cluster parameter groups +// per account, excluding default parameter groups. The used value is the +// count of nondefault DB cluster parameter groups in the account. // -// * DBClusterRoles - The number of associated AWS Identity and Access Management -// (IAM) roles per DB cluster. The used value is the highest number of associated -// IAM roles for a DB cluster in the account. Other DB clusters in the account -// might have a lower number of associated IAM roles. +// - DBClusterRoles - The number of associated Amazon Web Services Identity +// and Access Management (IAM) roles per DB cluster. The used value is the +// highest number of associated IAM roles for a DB cluster in the account. +// Other DB clusters in the account might have a lower number of associated +// IAM roles. // -// * DBClusters - The number of DB clusters per account. The used value is -// the count of DB clusters in the account. +// - DBClusters - The number of DB clusters per account. The used value is +// the count of DB clusters in the account. // -// * DBInstanceRoles - The number of associated IAM roles per DB instance. -// The used value is the highest number of associated IAM roles for a DB -// instance in the account. Other DB instances in the account might have -// a lower number of associated IAM roles. +// - DBInstanceRoles - The number of associated IAM roles per DB instance. +// The used value is the highest number of associated IAM roles for a DB +// instance in the account. Other DB instances in the account might have +// a lower number of associated IAM roles. // -// * DBInstances - The number of DB instances per account. The used value -// is the count of the DB instances in the account. Amazon RDS DB instances, -// Amazon Aurora DB instances, Amazon Neptune instances, and Amazon DocumentDB -// instances apply to this quota. +// - DBInstances - The number of DB instances per account. The used value +// is the count of the DB instances in the account. Amazon RDS DB instances, +// Amazon Aurora DB instances, Amazon Neptune instances, and Amazon DocumentDB +// instances apply to this quota. // -// * DBParameterGroups - The number of DB parameter groups per account, excluding -// default parameter groups. The used value is the count of nondefault DB -// parameter groups in the account. +// - DBParameterGroups - The number of DB parameter groups per account, excluding +// default parameter groups. The used value is the count of nondefault DB +// parameter groups in the account. // -// * DBSecurityGroups - The number of DB security groups (not VPC security -// groups) per account, excluding the default security group. The used value -// is the count of nondefault DB security groups in the account. +// - DBSecurityGroups - The number of DB security groups (not VPC security +// groups) per account, excluding the default security group. The used value +// is the count of nondefault DB security groups in the account. // -// * DBSubnetGroups - The number of DB subnet groups per account. The used -// value is the count of the DB subnet groups in the account. +// - DBSubnetGroups - The number of DB subnet groups per account. The used +// value is the count of the DB subnet groups in the account. // -// * EventSubscriptions - The number of event subscriptions per account. -// The used value is the count of the event subscriptions in the account. +// - EventSubscriptions - The number of event subscriptions per account. +// The used value is the count of the event subscriptions in the account. // -// * ManualClusterSnapshots - The number of manual DB cluster snapshots per -// account. The used value is the count of the manual DB cluster snapshots -// in the account. +// - ManualClusterSnapshots - The number of manual DB cluster snapshots per +// account. The used value is the count of the manual DB cluster snapshots +// in the account. // -// * ManualSnapshots - The number of manual DB instance snapshots per account. -// The used value is the count of the manual DB instance snapshots in the -// account. +// - ManualSnapshots - The number of manual DB instance snapshots per account. +// The used value is the count of the manual DB instance snapshots in the +// account. // -// * OptionGroups - The number of DB option groups per account, excluding -// default option groups. The used value is the count of nondefault DB option -// groups in the account. +// - OptionGroups - The number of DB option groups per account, excluding +// default option groups. The used value is the count of nondefault DB option +// groups in the account. // -// * ReadReplicasPerMaster - The number of read replicas per DB instance. -// The used value is the highest number of read replicas for a DB instance -// in the account. Other DB instances in the account might have a lower number -// of read replicas. +// - ReadReplicasPerMaster - The number of read replicas per DB instance. +// The used value is the highest number of read replicas for a DB instance +// in the account. Other DB instances in the account might have a lower number +// of read replicas. // -// * ReservedDBInstances - The number of reserved DB instances per account. -// The used value is the count of the active reserved DB instances in the -// account. +// - ReservedDBInstances - The number of reserved DB instances per account. +// The used value is the count of the active reserved DB instances in the +// account. // -// * SubnetsPerDBSubnetGroup - The number of subnets per DB subnet group. -// The used value is highest number of subnets for a DB subnet group in the -// account. Other DB subnet groups in the account might have a lower number -// of subnets. +// - SubnetsPerDBSubnetGroup - The number of subnets per DB subnet group. +// The used value is highest number of subnets for a DB subnet group in the +// account. Other DB subnet groups in the account might have a lower number +// of subnets. // // For more information, see Quotas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html) // in the Amazon RDS User Guide and Quotas for Amazon Aurora (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Limits.html) @@ -14588,7 +17954,7 @@ func (c *RDS) StopDBInstanceAutomatedBackupsReplicationWithContext(ctx aws.Conte type AccountQuota struct { _ struct{} `type:"structure"` - // The name of the Amazon RDS quota for this AWS account. + // The name of the Amazon RDS quota for this Amazon Web Services account. AccountQuotaName *string `type:"string"` // The maximum allowed value for the quota. @@ -14598,12 +17964,20 @@ type AccountQuota struct { Used *int64 `type:"long"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccountQuota) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccountQuota) GoString() string { return s.String() } @@ -14635,22 +18009,30 @@ type AddRoleToDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` // The name of the feature for the DB cluster that the IAM role is to be associated - // with. For the list of supported feature names, see DBEngineVersion. + // with. For information about supported feature names, see DBEngineVersion. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role to associate with the Aurora - // DB cluster, for example, arn:aws:iam::123456789012:role/AuroraAccessRole. + // DB cluster, for example arn:aws:iam::123456789012:role/AuroraAccessRole. // // RoleArn is a required field RoleArn *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBClusterInput) GoString() string { return s.String() } @@ -14693,12 +18075,20 @@ type AddRoleToDBClusterOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBClusterOutput) GoString() string { return s.String() } @@ -14712,7 +18102,7 @@ type AddRoleToDBInstanceInput struct { DBInstanceIdentifier *string `type:"string" required:"true"` // The name of the feature for the DB instance that the IAM role is to be associated - // with. For the list of supported feature names, see DBEngineVersion. + // with. For information about supported feature names, see DBEngineVersion. // // FeatureName is a required field FeatureName *string `type:"string" required:"true"` @@ -14724,12 +18114,20 @@ type AddRoleToDBInstanceInput struct { RoleArn *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBInstanceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBInstanceInput) GoString() string { return s.String() } @@ -14775,12 +18173,20 @@ type AddRoleToDBInstanceOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBInstanceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddRoleToDBInstanceOutput) GoString() string { return s.String() } @@ -14810,6 +18216,8 @@ type AddSourceIdentifierToSubscriptionInput struct { // * If the source type is a DB cluster snapshot, a DBClusterSnapshotIdentifier // value must be supplied. // + // * If the source type is an RDS Proxy, a DBProxyName value must be supplied. + // // SourceIdentifier is a required field SourceIdentifier *string `type:"string" required:"true"` @@ -14820,12 +18228,20 @@ type AddSourceIdentifierToSubscriptionInput struct { SubscriptionName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddSourceIdentifierToSubscriptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddSourceIdentifierToSubscriptionInput) GoString() string { return s.String() } @@ -14866,12 +18282,20 @@ type AddSourceIdentifierToSubscriptionOutput struct { EventSubscription *EventSubscription `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddSourceIdentifierToSubscriptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddSourceIdentifierToSubscriptionOutput) GoString() string { return s.String() } @@ -14898,12 +18322,20 @@ type AddTagsToResourceInput struct { Tags []*Tag `locationNameList:"Tag" type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddTagsToResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddTagsToResourceInput) GoString() string { return s.String() } @@ -14940,12 +18372,20 @@ type AddTagsToResourceOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddTagsToResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AddTagsToResourceOutput) GoString() string { return s.String() } @@ -14955,7 +18395,7 @@ type ApplyPendingMaintenanceActionInput struct { // The pending maintenance action to apply to this resource. // - // Valid values: system-update, db-upgrade, hardware-maintenance, ca-certificate-rotation + // Valid Values: system-update, db-upgrade, hardware-maintenance, ca-certificate-rotation // // ApplyAction is a required field ApplyAction *string `type:"string" required:"true"` @@ -14963,7 +18403,7 @@ type ApplyPendingMaintenanceActionInput struct { // A value that specifies the type of opt-in request, or undoes an opt-in request. // An opt-in request of type immediate can't be undone. // - // Valid values: + // Valid Values: // // * immediate - Apply the maintenance action immediately. // @@ -14983,12 +18423,20 @@ type ApplyPendingMaintenanceActionInput struct { ResourceIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ApplyPendingMaintenanceActionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ApplyPendingMaintenanceActionInput) GoString() string { return s.String() } @@ -15037,12 +18485,20 @@ type ApplyPendingMaintenanceActionOutput struct { ResourcePendingMaintenanceActions *ResourcePendingMaintenanceActions `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ApplyPendingMaintenanceActionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ApplyPendingMaintenanceActionOutput) GoString() string { return s.String() } @@ -15074,20 +18530,28 @@ type AuthorizeDBSecurityGroupIngressInput struct { // either EC2SecurityGroupName or EC2SecurityGroupId must be provided. EC2SecurityGroupName *string `type:"string"` - // AWS account number of the owner of the EC2 security group specified in the - // EC2SecurityGroupName parameter. The AWS access key ID isn't an acceptable - // value. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, - // EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId - // must be provided. + // Amazon Web Services account number of the owner of the EC2 security group + // specified in the EC2SecurityGroupName parameter. The Amazon Web Services + // access key ID isn't an acceptable value. For VPC DB security groups, EC2SecurityGroupId + // must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName + // or EC2SecurityGroupId must be provided. EC2SecurityGroupOwnerId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AuthorizeDBSecurityGroupIngressInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AuthorizeDBSecurityGroupIngressInput) GoString() string { return s.String() } @@ -15145,12 +18609,20 @@ type AuthorizeDBSecurityGroupIngressOutput struct { DBSecurityGroup *DBSecurityGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AuthorizeDBSecurityGroupIngressOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AuthorizeDBSecurityGroupIngressOutput) GoString() string { return s.String() } @@ -15172,12 +18644,20 @@ type AvailabilityZone struct { Name *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AvailabilityZone) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AvailabilityZone) GoString() string { return s.String() } @@ -15207,12 +18687,20 @@ type AvailableProcessorFeature struct { Name *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AvailableProcessorFeature) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AvailableProcessorFeature) GoString() string { return s.String() } @@ -15272,25 +18760,31 @@ type BacktrackDBClusterInput struct { // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` - // A value that indicates whether to force the DB cluster to backtrack when - // binary logging is enabled. Otherwise, an error occurs when binary logging - // is enabled. + // Specifies whether to force the DB cluster to backtrack when binary logging + // is enabled. Otherwise, an error occurs when binary logging is enabled. Force *bool `type:"boolean"` - // A value that indicates whether to backtrack the DB cluster to the earliest - // possible backtrack time when BacktrackTo is set to a timestamp earlier than - // the earliest backtrack time. When this parameter is disabled and BacktrackTo - // is set to a timestamp earlier than the earliest backtrack time, an error - // occurs. + // Specifies whether to backtrack the DB cluster to the earliest possible backtrack + // time when BacktrackTo is set to a timestamp earlier than the earliest backtrack + // time. When this parameter is disabled and BacktrackTo is set to a timestamp + // earlier than the earliest backtrack time, an error occurs. UseEarliestTimeOnPointInTimeUnavailable *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BacktrackDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BacktrackDBClusterInput) GoString() string { return s.String() } @@ -15372,12 +18866,20 @@ type BacktrackDBClusterOutput struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BacktrackDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BacktrackDBClusterOutput) GoString() string { return s.String() } @@ -15418,21 +18920,243 @@ func (s *BacktrackDBClusterOutput) SetStatus(v string) *BacktrackDBClusterOutput return s } +// Details about a blue/green deployment. +// +// For more information, see Using Amazon RDS Blue/Green Deployments for database +// updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) +// in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments +// for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) +// in the Amazon Aurora User Guide. +type BlueGreenDeployment struct { + _ struct{} `type:"structure"` + + // The unique identifier of the blue/green deployment. + BlueGreenDeploymentIdentifier *string `min:"1" type:"string"` + + // The user-supplied name of the blue/green deployment. + BlueGreenDeploymentName *string `min:"1" type:"string"` + + // The time when the blue/green deployment was created, in Universal Coordinated + // Time (UTC). + CreateTime *time.Time `type:"timestamp"` + + // The time when the blue/green deployment was deleted, in Universal Coordinated + // Time (UTC). + DeleteTime *time.Time `type:"timestamp"` + + // The source database for the blue/green deployment. + // + // Before switchover, the source database is the production database in the + // blue environment. + Source *string `min:"1" type:"string"` + + // The status of the blue/green deployment. + // + // Valid Values: + // + // * PROVISIONING - Resources are being created in the green environment. + // + // * AVAILABLE - Resources are available in the green environment. + // + // * SWITCHOVER_IN_PROGRESS - The deployment is being switched from the blue + // environment to the green environment. + // + // * SWITCHOVER_COMPLETED - Switchover from the blue environment to the green + // environment is complete. + // + // * INVALID_CONFIGURATION - Resources in the green environment are invalid, + // so switchover isn't possible. + // + // * SWITCHOVER_FAILED - Switchover was attempted but failed. + // + // * DELETING - The blue/green deployment is being deleted. + Status *string `type:"string"` + + // Additional information about the status of the blue/green deployment. + StatusDetails *string `type:"string"` + + // The details about each source and target resource in the blue/green deployment. + SwitchoverDetails []*SwitchoverDetail `type:"list"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + TagList []*Tag `locationNameList:"Tag" type:"list"` + + // The target database for the blue/green deployment. + // + // Before switchover, the target database is the clone database in the green + // environment. + Target *string `min:"1" type:"string"` + + // Either tasks to be performed or tasks that have been completed on the target + // database before switchover. + Tasks []*BlueGreenDeploymentTask `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BlueGreenDeployment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BlueGreenDeployment) GoString() string { + return s.String() +} + +// SetBlueGreenDeploymentIdentifier sets the BlueGreenDeploymentIdentifier field's value. +func (s *BlueGreenDeployment) SetBlueGreenDeploymentIdentifier(v string) *BlueGreenDeployment { + s.BlueGreenDeploymentIdentifier = &v + return s +} + +// SetBlueGreenDeploymentName sets the BlueGreenDeploymentName field's value. +func (s *BlueGreenDeployment) SetBlueGreenDeploymentName(v string) *BlueGreenDeployment { + s.BlueGreenDeploymentName = &v + return s +} + +// SetCreateTime sets the CreateTime field's value. +func (s *BlueGreenDeployment) SetCreateTime(v time.Time) *BlueGreenDeployment { + s.CreateTime = &v + return s +} + +// SetDeleteTime sets the DeleteTime field's value. +func (s *BlueGreenDeployment) SetDeleteTime(v time.Time) *BlueGreenDeployment { + s.DeleteTime = &v + return s +} + +// SetSource sets the Source field's value. +func (s *BlueGreenDeployment) SetSource(v string) *BlueGreenDeployment { + s.Source = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *BlueGreenDeployment) SetStatus(v string) *BlueGreenDeployment { + s.Status = &v + return s +} + +// SetStatusDetails sets the StatusDetails field's value. +func (s *BlueGreenDeployment) SetStatusDetails(v string) *BlueGreenDeployment { + s.StatusDetails = &v + return s +} + +// SetSwitchoverDetails sets the SwitchoverDetails field's value. +func (s *BlueGreenDeployment) SetSwitchoverDetails(v []*SwitchoverDetail) *BlueGreenDeployment { + s.SwitchoverDetails = v + return s +} + +// SetTagList sets the TagList field's value. +func (s *BlueGreenDeployment) SetTagList(v []*Tag) *BlueGreenDeployment { + s.TagList = v + return s +} + +// SetTarget sets the Target field's value. +func (s *BlueGreenDeployment) SetTarget(v string) *BlueGreenDeployment { + s.Target = &v + return s +} + +// SetTasks sets the Tasks field's value. +func (s *BlueGreenDeployment) SetTasks(v []*BlueGreenDeploymentTask) *BlueGreenDeployment { + s.Tasks = v + return s +} + +// Details about a task for a blue/green deployment. +// +// For more information, see Using Amazon RDS Blue/Green Deployments for database +// updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) +// in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments +// for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) +// in the Amazon Aurora User Guide. +type BlueGreenDeploymentTask struct { + _ struct{} `type:"structure"` + + // The name of the blue/green deployment task. + Name *string `type:"string"` + + // The status of the blue/green deployment task. + // + // Valid Values: + // + // * PENDING - The resource is being prepared for deployment. + // + // * IN_PROGRESS - The resource is being deployed. + // + // * COMPLETED - The resource has been deployed. + // + // * FAILED - Deployment of the resource failed. + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BlueGreenDeploymentTask) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BlueGreenDeploymentTask) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *BlueGreenDeploymentTask) SetName(v string) *BlueGreenDeploymentTask { + s.Name = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *BlueGreenDeploymentTask) SetStatus(v string) *BlueGreenDeploymentTask { + s.Status = &v + return s +} + type CancelExportTaskInput struct { _ struct{} `type:"structure"` - // The identifier of the snapshot export task to cancel. + // The identifier of the snapshot or cluster export task to cancel. // // ExportTaskIdentifier is a required field ExportTaskIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelExportTaskInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelExportTaskInput) GoString() string { return s.String() } @@ -15456,82 +19180,109 @@ func (s *CancelExportTaskInput) SetExportTaskIdentifier(v string) *CancelExportT return s } -// Contains the details of a snapshot export to Amazon S3. +// Contains the details of a snapshot or cluster export to Amazon S3. // -// This data type is used as a response element in the DescribeExportTasks action. +// This data type is used as a response element in the DescribeExportTasks operation. type CancelExportTaskOutput struct { _ struct{} `type:"structure"` - // The data exported from the snapshot. Valid values are the following: + // The data exported from the snapshot or cluster. + // + // Valid Values: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is exported to. + // A unique identifier for the snapshot or cluster export task. This ID isn't + // an identifier for the Amazon S3 bucket where the data is exported. ExportTaskIdentifier *string `type:"string"` // The reason the export failed, if it failed. FailureCause *string `type:"string"` // The name of the IAM role that is used to write to Amazon S3 when exporting - // a snapshot. + // a snapshot or cluster. IamRoleArn *string `type:"string"` - // The key identifier of the AWS KMS customer master key (CMK) that is used - // to encrypt the snapshot when it's exported to Amazon S3. The AWS KMS CMK - // identifier is its key ARN, key ID, alias ARN, or alias name. The IAM role - // used for the snapshot export must have encryption and decryption permissions - // to use this AWS KMS CMK. + // The key identifier of the Amazon Web Services KMS key that is used to encrypt + // the data when it's exported to Amazon S3. The KMS key identifier is its key + // ARN, key ID, alias ARN, or alias name. The IAM role used for the export must + // have encryption and decryption permissions to use this KMS key. KmsKeyId *string `type:"string"` - // The progress of the snapshot export task as a percentage. + // The progress of the snapshot or cluster export task as a percentage. PercentProgress *int64 `type:"integer"` - // The Amazon S3 bucket that the snapshot is exported to. + // The Amazon S3 bucket where the snapshot or cluster is exported to. S3Bucket *string `type:"string"` // The Amazon S3 bucket prefix that is the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` - // The time that the snapshot was created. + // The time when the snapshot was created. SnapshotTime *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` - // The progress status of the export task. + // The type of source for the export. + SourceType *string `type:"string" enum:"ExportSourceType"` + + // The progress status of the export task. The status can be one of the following: + // + // * CANCELED + // + // * CANCELING + // + // * COMPLETE + // + // * FAILED + // + // * IN_PROGRESS + // + // * STARTING Status *string `type:"string"` - // The time that the snapshot export task completed. + // The time when the snapshot or cluster export task ended. TaskEndTime *time.Time `type:"timestamp"` - // The time that the snapshot export task started. + // The time when the snapshot or cluster export task started. TaskStartTime *time.Time `type:"timestamp"` // The total amount of data exported, in gigabytes. TotalExtractedDataInGB *int64 `type:"integer"` - // A warning about the snapshot export task. + // A warning about the snapshot or cluster export task. WarningMessage *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelExportTaskOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CancelExportTaskOutput) GoString() string { return s.String() } @@ -15596,6 +19347,12 @@ func (s *CancelExportTaskOutput) SetSourceArn(v string) *CancelExportTaskOutput return s } +// SetSourceType sets the SourceType field's value. +func (s *CancelExportTaskOutput) SetSourceType(v string) *CancelExportTaskOutput { + s.SourceType = &v + return s +} + // SetStatus sets the Status field's value. func (s *CancelExportTaskOutput) SetStatus(v string) *CancelExportTaskOutput { s.Status = &v @@ -15626,7 +19383,13 @@ func (s *CancelExportTaskOutput) SetWarningMessage(v string) *CancelExportTaskOu return s } -// A CA certificate for an AWS account. +// A CA certificate for an Amazon Web Services account. +// +// For more information, see Using SSL/TLS to encrypt a connection to a DB instance +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) +// in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to +// a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) +// in the Amazon Aurora User Guide. type Certificate struct { _ struct{} `type:"structure"` @@ -15639,7 +19402,7 @@ type Certificate struct { // The type of the certificate. CertificateType *string `type:"string"` - // Whether there is an override for the default certificate identifier. + // Indicates whether there is an override for the default certificate identifier. CustomerOverride *bool `type:"boolean"` // If there is an override for the default certificate identifier, when the @@ -15656,12 +19419,20 @@ type Certificate struct { ValidTill *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Certificate) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Certificate) GoString() string { return s.String() } @@ -15714,6 +19485,54 @@ func (s *Certificate) SetValidTill(v time.Time) *Certificate { return s } +// The details of the DB instance’s server certificate. +// +// For more information, see Using SSL/TLS to encrypt a connection to a DB instance +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) +// in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to +// a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) +// in the Amazon Aurora User Guide. +type CertificateDetails struct { + _ struct{} `type:"structure"` + + // The CA identifier of the CA certificate used for the DB instance's server + // certificate. + CAIdentifier *string `type:"string"` + + // The expiration date of the DB instance’s server certificate. + ValidTill *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CertificateDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CertificateDetails) GoString() string { + return s.String() +} + +// SetCAIdentifier sets the CAIdentifier field's value. +func (s *CertificateDetails) SetCAIdentifier(v string) *CertificateDetails { + s.CAIdentifier = &v + return s +} + +// SetValidTill sets the ValidTill field's value. +func (s *CertificateDetails) SetValidTill(v time.Time) *CertificateDetails { + s.ValidTill = &v + return s +} + // This data type is used as a response element in the action DescribeDBEngineVersions. type CharacterSet struct { _ struct{} `type:"structure"` @@ -15725,12 +19544,20 @@ type CharacterSet struct { CharacterSetName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CharacterSet) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CharacterSet) GoString() string { return s.String() } @@ -15771,12 +19598,20 @@ type CloudwatchLogsExportConfiguration struct { EnableLogTypes []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudwatchLogsExportConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudwatchLogsExportConfiguration) GoString() string { return s.String() } @@ -15793,18 +19628,156 @@ func (s *CloudwatchLogsExportConfiguration) SetEnableLogTypes(v []*string) *Clou return s } +// This data type is used as a response element in the ModifyDBCluster operation +// and contains changes that will be applied during the next maintenance window. +type ClusterPendingModifiedValues struct { + _ struct{} `type:"structure"` + + // The allocated storage size in gibibytes (GiB) for all database engines except + // Amazon Aurora. For Aurora, AllocatedStorage always returns 1, because Aurora + // DB cluster storage size isn't fixed, but instead automatically adjusts as + // needed. + AllocatedStorage *int64 `type:"integer"` + + // The number of days for which automatic DB snapshots are retained. + BackupRetentionPeriod *int64 `type:"integer"` + + // The details of the DB instance’s server certificate. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CertificateDetails *CertificateDetails `type:"structure"` + + // The DBClusterIdentifier value for the DB cluster. + DBClusterIdentifier *string `type:"string"` + + // The database engine version. + EngineVersion *string `type:"string"` + + // Indicates whether mapping of Amazon Web Services Identity and Access Management + // (IAM) accounts to database accounts is enabled. + IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` + + // The Provisioned IOPS (I/O operations per second) value. This setting is only + // for non-Aurora Multi-AZ DB clusters. + Iops *int64 `type:"integer"` + + // The master credentials for the DB cluster. + MasterUserPassword *string `type:"string"` + + // A list of the log types whose configuration is still pending. In other words, + // these log types are in the process of being activated or deactivated. + PendingCloudwatchLogsExports *PendingCloudwatchLogsExports `type:"structure"` + + // Reserved for future use. + RdsCustomClusterConfiguration *RdsCustomClusterConfiguration `type:"structure"` + + // The storage type for the DB cluster. + StorageType *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ClusterPendingModifiedValues) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ClusterPendingModifiedValues) GoString() string { + return s.String() +} + +// SetAllocatedStorage sets the AllocatedStorage field's value. +func (s *ClusterPendingModifiedValues) SetAllocatedStorage(v int64) *ClusterPendingModifiedValues { + s.AllocatedStorage = &v + return s +} + +// SetBackupRetentionPeriod sets the BackupRetentionPeriod field's value. +func (s *ClusterPendingModifiedValues) SetBackupRetentionPeriod(v int64) *ClusterPendingModifiedValues { + s.BackupRetentionPeriod = &v + return s +} + +// SetCertificateDetails sets the CertificateDetails field's value. +func (s *ClusterPendingModifiedValues) SetCertificateDetails(v *CertificateDetails) *ClusterPendingModifiedValues { + s.CertificateDetails = v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *ClusterPendingModifiedValues) SetDBClusterIdentifier(v string) *ClusterPendingModifiedValues { + s.DBClusterIdentifier = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *ClusterPendingModifiedValues) SetEngineVersion(v string) *ClusterPendingModifiedValues { + s.EngineVersion = &v + return s +} + +// SetIAMDatabaseAuthenticationEnabled sets the IAMDatabaseAuthenticationEnabled field's value. +func (s *ClusterPendingModifiedValues) SetIAMDatabaseAuthenticationEnabled(v bool) *ClusterPendingModifiedValues { + s.IAMDatabaseAuthenticationEnabled = &v + return s +} + +// SetIops sets the Iops field's value. +func (s *ClusterPendingModifiedValues) SetIops(v int64) *ClusterPendingModifiedValues { + s.Iops = &v + return s +} + +// SetMasterUserPassword sets the MasterUserPassword field's value. +func (s *ClusterPendingModifiedValues) SetMasterUserPassword(v string) *ClusterPendingModifiedValues { + s.MasterUserPassword = &v + return s +} + +// SetPendingCloudwatchLogsExports sets the PendingCloudwatchLogsExports field's value. +func (s *ClusterPendingModifiedValues) SetPendingCloudwatchLogsExports(v *PendingCloudwatchLogsExports) *ClusterPendingModifiedValues { + s.PendingCloudwatchLogsExports = v + return s +} + +// SetRdsCustomClusterConfiguration sets the RdsCustomClusterConfiguration field's value. +func (s *ClusterPendingModifiedValues) SetRdsCustomClusterConfiguration(v *RdsCustomClusterConfiguration) *ClusterPendingModifiedValues { + s.RdsCustomClusterConfiguration = v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *ClusterPendingModifiedValues) SetStorageType(v string) *ClusterPendingModifiedValues { + s.StorageType = &v + return s +} + // Specifies the settings that control the size and behavior of the connection // pool associated with a DBProxyTargetGroup. type ConnectionPoolConfiguration struct { _ struct{} `type:"structure"` // The number of seconds for a proxy to wait for a connection to become available - // in the connection pool. Only applies when the proxy has opened its maximum - // number of connections and all connections are busy with client sessions. + // in the connection pool. This setting only applies when the proxy has opened + // its maximum number of connections and all connections are busy with client + // sessions. For an unlimited wait time, specify 0. // // Default: 120 // - // Constraints: between 1 and 3600, or 0 representing unlimited + // Constraints: + // + // * Must be between 0 and 3600. ConnectionBorrowTimeout *int64 `type:"integer"` // One or more SQL statements for the proxy to run when opening each new database @@ -15817,24 +19790,37 @@ type ConnectionPoolConfiguration struct { InitQuery *string `type:"string"` // The maximum size of the connection pool for each target in a target group. - // For Aurora MySQL, it is expressed as a percentage of the max_connections - // setting for the RDS DB instance or Aurora DB cluster used by the target group. + // The value is expressed as a percentage of the max_connections setting for + // the RDS DB instance or Aurora DB cluster used by the target group. // - // Default: 100 + // If you specify MaxIdleConnectionsPercent, then you must also include a value + // for this parameter. + // + // Default: 10 for RDS for Microsoft SQL Server, and 100 for all other engines // - // Constraints: between 1 and 100 + // Constraints: + // + // * Must be between 1 and 100. MaxConnectionsPercent *int64 `type:"integer"` - // Controls how actively the proxy closes idle database connections in the connection - // pool. A high value enables the proxy to leave a high percentage of idle connections - // open. A low value causes the proxy to close idle client connections and return - // the underlying database connections to the connection pool. For Aurora MySQL, - // it is expressed as a percentage of the max_connections setting for the RDS - // DB instance or Aurora DB cluster used by the target group. + // A value that controls how actively the proxy closes idle database connections + // in the connection pool. The value is expressed as a percentage of the max_connections + // setting for the RDS DB instance or Aurora DB cluster used by the target group. + // With a high value, the proxy leaves a high percentage of idle database connections + // open. A low value causes the proxy to close more idle connections and return + // them to the database. + // + // If you specify this parameter, then you must also include a value for MaxConnectionsPercent. // - // Default: 50 + // Default: The default value is half of the value of MaxConnectionsPercent. + // For example, if MaxConnectionsPercent is 80, then the default value of MaxIdleConnectionsPercent + // is 40. If the value of MaxConnectionsPercent isn't specified, then for SQL + // Server, MaxIdleConnectionsPercent is 5, and for all other engines, the default + // is 50. // - // Constraints: between 0 and MaxConnectionsPercent + // Constraints: + // + // * Must be between 0 and the value of MaxConnectionsPercent. MaxIdleConnectionsPercent *int64 `type:"integer"` // Each item in the list represents a class of SQL operations that normally @@ -15846,12 +19832,20 @@ type ConnectionPoolConfiguration struct { SessionPinningFilters []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectionPoolConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectionPoolConfiguration) GoString() string { return s.String() } @@ -15905,32 +19899,41 @@ type ConnectionPoolConfigurationInfo struct { InitQuery *string `type:"string"` // The maximum size of the connection pool for each target in a target group. - // For Aurora MySQL, it is expressed as a percentage of the max_connections - // setting for the RDS DB instance or Aurora DB cluster used by the target group. + // The value is expressed as a percentage of the max_connections setting for + // the RDS DB instance or Aurora DB cluster used by the target group. MaxConnectionsPercent *int64 `type:"integer"` // Controls how actively the proxy closes idle database connections in the connection - // pool. A high value enables the proxy to leave a high percentage of idle connections - // open. A low value causes the proxy to close idle client connections and return - // the underlying database connections to the connection pool. For Aurora MySQL, - // it is expressed as a percentage of the max_connections setting for the RDS - // DB instance or Aurora DB cluster used by the target group. + // pool. The value is expressed as a percentage of the max_connections setting + // for the RDS DB instance or Aurora DB cluster used by the target group. With + // a high value, the proxy leaves a high percentage of idle database connections + // open. A low value causes the proxy to close more idle connections and return + // them to the database. MaxIdleConnectionsPercent *int64 `type:"integer"` // Each item in the list represents a class of SQL operations that normally // cause all later statements in a session using a proxy to be pinned to the // same underlying database connection. Including an item in the list exempts - // that class of SQL operations from the pinning behavior. Currently, the only - // allowed value is EXCLUDE_VARIABLE_SETS. + // that class of SQL operations from the pinning behavior. This setting is only + // supported for MySQL engine family databases. Currently, the only allowed + // value is EXCLUDE_VARIABLE_SETS. SessionPinningFilters []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectionPoolConfigurationInfo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ConnectionPoolConfigurationInfo) GoString() string { return s.String() } @@ -15965,6 +19968,47 @@ func (s *ConnectionPoolConfigurationInfo) SetSessionPinningFilters(v []*string) return s } +// The additional attributes of RecommendedAction data type. +type ContextAttribute struct { + _ struct{} `type:"structure"` + + // The key of ContextAttribute. + Key *string `type:"string"` + + // The value of ContextAttribute. + Value *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ContextAttribute) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ContextAttribute) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *ContextAttribute) SetKey(v string) *ContextAttribute { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *ContextAttribute) SetValue(v string) *ContextAttribute { + s.Value = &v + return s +} + type CopyDBClusterParameterGroupInput struct { _ struct{} `type:"structure"` @@ -15977,13 +20021,6 @@ type CopyDBClusterParameterGroupInput struct { // // * Must specify a valid DB cluster parameter group. // - // * If the source DB cluster parameter group is in the same AWS Region as - // the copy, specify a valid DB parameter group identifier, for example my-db-cluster-param-group, - // or a valid ARN. - // - // * If the source DB parameter group is in a different AWS Region than the - // copy, specify a valid DB cluster parameter group ARN, for example arn:aws:rds:us-east-1:123456789012:cluster-pg:custom-cluster-group1. - // // SourceDBClusterParameterGroupIdentifier is a required field SourceDBClusterParameterGroupIdentifier *string `type:"string" required:"true"` @@ -16014,12 +20051,20 @@ type CopyDBClusterParameterGroupInput struct { TargetDBClusterParameterGroupIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterParameterGroupInput) GoString() string { return s.String() } @@ -16077,12 +20122,20 @@ type CopyDBClusterParameterGroupOutput struct { DBClusterParameterGroup *DBClusterParameterGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterParameterGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterParameterGroupOutput) GoString() string { return s.String() } @@ -16096,88 +20149,96 @@ func (s *CopyDBClusterParameterGroupOutput) SetDBClusterParameterGroup(v *DBClus type CopyDBClusterSnapshotInput struct { _ struct{} `type:"structure"` - // A value that indicates whether to copy all tags from the source DB cluster - // snapshot to the target DB cluster snapshot. By default, tags are not copied. + // Specifies whether to copy all tags from the source DB cluster snapshot to + // the target DB cluster snapshot. By default, tags are not copied. CopyTags *bool `type:"boolean"` // DestinationRegion is used for presigning the request to a given region. DestinationRegion *string `type:"string"` - // The AWS KMS key identifier for an encrypted DB cluster snapshot. The AWS - // KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the - // AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier for an encrypted DB cluster snapshot. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the Amazon Web Services KMS key. // - // If you copy an encrypted DB cluster snapshot from your AWS account, you can - // specify a value for KmsKeyId to encrypt the copy with a new AWS KMS CMK. - // If you don't specify a value for KmsKeyId, then the copy of the DB cluster - // snapshot is encrypted with the same AWS KMS key as the source DB cluster - // snapshot. + // If you copy an encrypted DB cluster snapshot from your Amazon Web Services + // account, you can specify a value for KmsKeyId to encrypt the copy with a + // new KMS key. If you don't specify a value for KmsKeyId, then the copy of + // the DB cluster snapshot is encrypted with the same KMS key as the source + // DB cluster snapshot. // // If you copy an encrypted DB cluster snapshot that is shared from another - // AWS account, then you must specify a value for KmsKeyId. + // Amazon Web Services account, then you must specify a value for KmsKeyId. // - // To copy an encrypted DB cluster snapshot to another AWS Region, you must - // set KmsKeyId to the AWS KMS key identifier you want to use to encrypt the - // copy of the DB cluster snapshot in the destination AWS Region. AWS KMS CMKs - // are specific to the AWS Region that they are created in, and you can't use - // CMKs from one AWS Region in another AWS Region. + // To copy an encrypted DB cluster snapshot to another Amazon Web Services Region, + // you must set KmsKeyId to the Amazon Web Services KMS key identifier you want + // to use to encrypt the copy of the DB cluster snapshot in the destination + // Amazon Web Services Region. KMS keys are specific to the Amazon Web Services + // Region that they are created in, and you can't use KMS keys from one Amazon + // Web Services Region in another Amazon Web Services Region. // // If you copy an unencrypted DB cluster snapshot and specify a value for the // KmsKeyId parameter, an error is returned. KmsKeyId *string `type:"string"` - // The URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot - // API action in the AWS Region that contains the source DB cluster snapshot - // to copy. The PreSignedUrl parameter must be used when copying an encrypted - // DB cluster snapshot from another AWS Region. Don't specify PreSignedUrl when - // you are copying an encrypted DB cluster snapshot in the same AWS Region. + // When you are copying a DB cluster snapshot from one Amazon Web Services GovCloud + // (US) Region to another, the URL that contains a Signature Version 4 signed + // request for the CopyDBClusterSnapshot API operation in the Amazon Web Services + // Region that contains the source DB cluster snapshot to copy. Use the PreSignedUrl + // parameter when copying an encrypted DB cluster snapshot from another Amazon + // Web Services Region. Don't specify PreSignedUrl when copying an encrypted + // DB cluster snapshot in the same Amazon Web Services Region. + // + // This setting applies only to Amazon Web Services GovCloud (US) Regions. It's + // ignored in other Amazon Web Services Regions. // - // The pre-signed URL must be a valid request for the CopyDBClusterSnapshot - // API action that can be executed in the source AWS Region that contains the - // encrypted DB cluster snapshot to be copied. The pre-signed URL request must + // The presigned URL must be a valid request for the CopyDBClusterSnapshot API + // operation that can run in the source Amazon Web Services Region that contains + // the encrypted DB cluster snapshot to copy. The presigned URL request must // contain the following parameter values: // - // * KmsKeyId - The AWS KMS key identifier for the customer master key (CMK) - // to use to encrypt the copy of the DB cluster snapshot in the destination - // AWS Region. This is the same identifier for both the CopyDBClusterSnapshot - // action that is called in the destination AWS Region, and the action contained - // in the pre-signed URL. + // * KmsKeyId - The KMS key identifier for the KMS key to use to encrypt + // the copy of the DB cluster snapshot in the destination Amazon Web Services + // Region. This is the same identifier for both the CopyDBClusterSnapshot + // operation that is called in the destination Amazon Web Services Region, + // and the operation contained in the presigned URL. // - // * DestinationRegion - The name of the AWS Region that the DB cluster snapshot - // is to be created in. + // * DestinationRegion - The name of the Amazon Web Services Region that + // the DB cluster snapshot is to be created in. // // * SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier // for the encrypted DB cluster snapshot to be copied. This identifier must - // be in the Amazon Resource Name (ARN) format for the source AWS Region. - // For example, if you are copying an encrypted DB cluster snapshot from - // the us-west-2 AWS Region, then your SourceDBClusterSnapshotIdentifier + // be in the Amazon Resource Name (ARN) format for the source Amazon Web + // Services Region. For example, if you are copying an encrypted DB cluster + // snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBClusterSnapshotIdentifier // looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115. // // To learn how to generate a Signature Version 4 signed request, see Authenticating - // Requests: Using Query Parameters (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + // Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + // (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) // and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // - // If you are using an AWS SDK tool or the AWS CLI, you can specify SourceRegion - // (or --source-region for the AWS CLI) instead of specifying PreSignedUrl manually. - // Specifying SourceRegion autogenerates a pre-signed URL that is a valid request - // for the operation that can be executed in the source AWS Region. + // If you are using an Amazon Web Services SDK tool or the CLI, you can specify + // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl + // manually. Specifying SourceRegion autogenerates a presigned URL that is a + // valid request for the operation that can run in the source Amazon Web Services + // Region. PreSignedUrl *string `type:"string"` // The identifier of the DB cluster snapshot to copy. This parameter isn't case-sensitive. // - // You can't copy an encrypted, shared DB cluster snapshot from one AWS Region - // to another. + // You can't copy an encrypted, shared DB cluster snapshot from one Amazon Web + // Services Region to another. // // Constraints: // // * Must specify a valid system snapshot in the "available" state. // - // * If the source snapshot is in the same AWS Region as the copy, specify - // a valid DB snapshot identifier. + // * If the source snapshot is in the same Amazon Web Services Region as + // the copy, specify a valid DB snapshot identifier. // - // * If the source snapshot is in a different AWS Region than the copy, specify - // a valid DB cluster snapshot ARN. For more information, go to Copying Snapshots - // Across AWS Regions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CopySnapshot.html#USER_CopySnapshot.AcrossRegions) + // * If the source snapshot is in a different Amazon Web Services Region + // than the copy, specify a valid DB cluster snapshot ARN. For more information, + // go to Copying Snapshots Across Amazon Web Services Regions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CopySnapshot.html#USER_CopySnapshot.AcrossRegions) // in the Amazon Aurora User Guide. // // Example: my-cluster-snapshot1 @@ -16211,12 +20272,20 @@ type CopyDBClusterSnapshotInput struct { TargetDBClusterSnapshotIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterSnapshotInput) GoString() string { return s.String() } @@ -16295,12 +20364,20 @@ type CopyDBClusterSnapshotOutput struct { DBClusterSnapshot *DBClusterSnapshot `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBClusterSnapshotOutput) GoString() string { return s.String() } @@ -16322,9 +20399,6 @@ type CopyDBParameterGroupInput struct { // // * Must specify a valid DB parameter group. // - // * Must specify a valid DB parameter group identifier, for example my-db-param-group, - // or a valid ARN. - // // SourceDBParameterGroupIdentifier is a required field SourceDBParameterGroupIdentifier *string `type:"string" required:"true"` @@ -16355,12 +20429,20 @@ type CopyDBParameterGroupInput struct { TargetDBParameterGroupIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBParameterGroupInput) GoString() string { return s.String() } @@ -16418,12 +20500,20 @@ type CopyDBParameterGroupOutput struct { DBParameterGroup *DBParameterGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBParameterGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBParameterGroupOutput) GoString() string { return s.String() } @@ -16437,102 +20527,120 @@ func (s *CopyDBParameterGroupOutput) SetDBParameterGroup(v *DBParameterGroup) *C type CopyDBSnapshotInput struct { _ struct{} `type:"structure"` - // A value that indicates whether to copy all tags from the source DB snapshot - // to the target DB snapshot. By default, tags are not copied. + // Specifies whether to copy the DB option group associated with the source + // DB snapshot to the target Amazon Web Services account and associate with + // the target DB snapshot. The associated option group can be copied only with + // cross-account snapshot copy calls. + CopyOptionGroup *bool `type:"boolean"` + + // Specifies whether to copy all tags from the source DB snapshot to the target + // DB snapshot. By default, tags aren't copied. CopyTags *bool `type:"boolean"` // DestinationRegion is used for presigning the request to a given region. DestinationRegion *string `type:"string"` - // The AWS KMS key identifier for an encrypted DB snapshot. The AWS KMS key - // identifier is the key ARN, key ID, alias ARN, or alias name for the AWS KMS - // customer master key (CMK). + // The Amazon Web Services KMS key identifier for an encrypted DB snapshot. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. // - // If you copy an encrypted DB snapshot from your AWS account, you can specify - // a value for this parameter to encrypt the copy with a new AWS KMS CMK. If - // you don't specify a value for this parameter, then the copy of the DB snapshot - // is encrypted with the same AWS KMS key as the source DB snapshot. + // If you copy an encrypted DB snapshot from your Amazon Web Services account, + // you can specify a value for this parameter to encrypt the copy with a new + // KMS key. If you don't specify a value for this parameter, then the copy of + // the DB snapshot is encrypted with the same Amazon Web Services KMS key as + // the source DB snapshot. // - // If you copy an encrypted DB snapshot that is shared from another AWS account, - // then you must specify a value for this parameter. + // If you copy an encrypted DB snapshot that is shared from another Amazon Web + // Services account, then you must specify a value for this parameter. // // If you specify this parameter when you copy an unencrypted snapshot, the // copy is encrypted. // - // If you copy an encrypted snapshot to a different AWS Region, then you must - // specify a AWS KMS key identifier for the destination AWS Region. AWS KMS - // CMKs are specific to the AWS Region that they are created in, and you can't - // use CMKs from one AWS Region in another AWS Region. + // If you copy an encrypted snapshot to a different Amazon Web Services Region, + // then you must specify an Amazon Web Services KMS key identifier for the destination + // Amazon Web Services Region. KMS keys are specific to the Amazon Web Services + // Region that they are created in, and you can't use KMS keys from one Amazon + // Web Services Region in another Amazon Web Services Region. KmsKeyId *string `type:"string"` // The name of an option group to associate with the copy of the snapshot. // - // Specify this option if you are copying a snapshot from one AWS Region to - // another, and your DB instance uses a nondefault option group. If your source - // DB instance uses Transparent Data Encryption for Oracle or Microsoft SQL - // Server, you must specify this option when copying across AWS Regions. For - // more information, see Option Group Considerations (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html#USER_CopySnapshot.Options) + // Specify this option if you are copying a snapshot from one Amazon Web Services + // Region to another, and your DB instance uses a nondefault option group. If + // your source DB instance uses Transparent Data Encryption for Oracle or Microsoft + // SQL Server, you must specify this option when copying across Amazon Web Services + // Regions. For more information, see Option group considerations (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html#USER_CopySnapshot.Options) // in the Amazon RDS User Guide. OptionGroupName *string `type:"string"` - // The URL that contains a Signature Version 4 signed request for the CopyDBSnapshot - // API action in the source AWS Region that contains the source DB snapshot - // to copy. + // When you are copying a snapshot from one Amazon Web Services GovCloud (US) + // Region to another, the URL that contains a Signature Version 4 signed request + // for the CopyDBSnapshot API operation in the source Amazon Web Services Region + // that contains the source DB snapshot to copy. + // + // This setting applies only to Amazon Web Services GovCloud (US) Regions. It's + // ignored in other Amazon Web Services Regions. // // You must specify this parameter when you copy an encrypted DB snapshot from - // another AWS Region by using the Amazon RDS API. Don't specify PreSignedUrl - // when you are copying an encrypted DB snapshot in the same AWS Region. - // - // The presigned URL must be a valid request for the CopyDBSnapshot API action - // that can be executed in the source AWS Region that contains the encrypted - // DB snapshot to be copied. The presigned URL request must contain the following - // parameter values: - // - // * DestinationRegion - The AWS Region that the encrypted DB snapshot is - // copied to. This AWS Region is the same one where the CopyDBSnapshot action - // is called that contains this presigned URL. For example, if you copy an - // encrypted DB snapshot from the us-west-2 AWS Region to the us-east-1 AWS - // Region, then you call the CopyDBSnapshot action in the us-east-1 AWS Region - // and provide a presigned URL that contains a call to the CopyDBSnapshot - // action in the us-west-2 AWS Region. For this example, the DestinationRegion - // in the presigned URL must be set to the us-east-1 AWS Region. - // - // * KmsKeyId - The AWS KMS key identifier for the customer master key (CMK) - // to use to encrypt the copy of the DB snapshot in the destination AWS Region. - // This is the same identifier for both the CopyDBSnapshot action that is - // called in the destination AWS Region, and the action contained in the - // presigned URL. + // another Amazon Web Services Region by using the Amazon RDS API. Don't specify + // PreSignedUrl when you are copying an encrypted DB snapshot in the same Amazon + // Web Services Region. + // + // The presigned URL must be a valid request for the CopyDBClusterSnapshot API + // operation that can run in the source Amazon Web Services Region that contains + // the encrypted DB cluster snapshot to copy. The presigned URL request must + // contain the following parameter values: + // + // * DestinationRegion - The Amazon Web Services Region that the encrypted + // DB snapshot is copied to. This Amazon Web Services Region is the same + // one where the CopyDBSnapshot operation is called that contains this presigned + // URL. For example, if you copy an encrypted DB snapshot from the us-west-2 + // Amazon Web Services Region to the us-east-1 Amazon Web Services Region, + // then you call the CopyDBSnapshot operation in the us-east-1 Amazon Web + // Services Region and provide a presigned URL that contains a call to the + // CopyDBSnapshot operation in the us-west-2 Amazon Web Services Region. + // For this example, the DestinationRegion in the presigned URL must be set + // to the us-east-1 Amazon Web Services Region. + // + // * KmsKeyId - The KMS key identifier for the KMS key to use to encrypt + // the copy of the DB snapshot in the destination Amazon Web Services Region. + // This is the same identifier for both the CopyDBSnapshot operation that + // is called in the destination Amazon Web Services Region, and the operation + // contained in the presigned URL. // // * SourceDBSnapshotIdentifier - The DB snapshot identifier for the encrypted // snapshot to be copied. This identifier must be in the Amazon Resource - // Name (ARN) format for the source AWS Region. For example, if you are copying - // an encrypted DB snapshot from the us-west-2 AWS Region, then your SourceDBSnapshotIdentifier - // looks like the following example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20161115. + // Name (ARN) format for the source Amazon Web Services Region. For example, + // if you are copying an encrypted DB snapshot from the us-west-2 Amazon + // Web Services Region, then your SourceDBSnapshotIdentifier looks like the + // following example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20161115. // // To learn how to generate a Signature Version 4 signed request, see Authenticating - // Requests: Using Query Parameters (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + // Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + // (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) // and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // - // If you are using an AWS SDK tool or the AWS CLI, you can specify SourceRegion - // (or --source-region for the AWS CLI) instead of specifying PreSignedUrl manually. - // Specifying SourceRegion autogenerates a pre-signed URL that is a valid request - // for the operation that can be executed in the source AWS Region. + // If you are using an Amazon Web Services SDK tool or the CLI, you can specify + // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl + // manually. Specifying SourceRegion autogenerates a presigned URL that is a + // valid request for the operation that can run in the source Amazon Web Services + // Region. PreSignedUrl *string `type:"string"` // The identifier for the source DB snapshot. // - // If the source snapshot is in the same AWS Region as the copy, specify a valid - // DB snapshot identifier. For example, you might specify rds:mysql-instance1-snapshot-20130805. + // If the source snapshot is in the same Amazon Web Services Region as the copy, + // specify a valid DB snapshot identifier. For example, you might specify rds:mysql-instance1-snapshot-20130805. // - // If the source snapshot is in a different AWS Region than the copy, specify - // a valid DB snapshot ARN. For example, you might specify arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805. + // If the source snapshot is in a different Amazon Web Services Region than + // the copy, specify a valid DB snapshot ARN. For example, you might specify + // arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805. // // If you are copying from a shared manual DB snapshot, this parameter must // be the Amazon Resource Name (ARN) of the shared DB snapshot. // // If you are copying an encrypted snapshot this parameter must be in the ARN - // format for the source AWS Region, and must match the SourceDBSnapshotIdentifier - // in the PreSignedUrl parameter. + // format for the source Amazon Web Services Region. // // Constraints: // @@ -16577,12 +20685,20 @@ type CopyDBSnapshotInput struct { TargetDBSnapshotIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBSnapshotInput) GoString() string { return s.String() } @@ -16603,6 +20719,12 @@ func (s *CopyDBSnapshotInput) Validate() error { return nil } +// SetCopyOptionGroup sets the CopyOptionGroup field's value. +func (s *CopyDBSnapshotInput) SetCopyOptionGroup(v bool) *CopyDBSnapshotInput { + s.CopyOptionGroup = &v + return s +} + // SetCopyTags sets the CopyTags field's value. func (s *CopyDBSnapshotInput) SetCopyTags(v bool) *CopyDBSnapshotInput { s.CopyTags = &v @@ -16672,12 +20794,20 @@ type CopyDBSnapshotOutput struct { DBSnapshot *DBSnapshot `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyDBSnapshotOutput) GoString() string { return s.String() } @@ -16727,12 +20857,20 @@ type CopyOptionGroupInput struct { TargetOptionGroupIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyOptionGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyOptionGroupInput) GoString() string { return s.String() } @@ -16786,12 +20924,20 @@ type CopyOptionGroupOutput struct { OptionGroup *OptionGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyOptionGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyOptionGroupOutput) GoString() string { return s.String() } @@ -16802,46 +20948,111 @@ func (s *CopyOptionGroupOutput) SetOptionGroup(v *OptionGroup) *CopyOptionGroupO return s } -type CreateCustomAvailabilityZoneInput struct { +type CreateBlueGreenDeploymentInput struct { _ struct{} `type:"structure"` - // The name of the custom Availability Zone (AZ). + // The name of the blue/green deployment. + // + // Constraints: // - // CustomAvailabilityZoneName is a required field - CustomAvailabilityZoneName *string `type:"string" required:"true"` + // * Can't be the same as an existing blue/green deployment name in the same + // account and Amazon Web Services Region. + // + // BlueGreenDeploymentName is a required field + BlueGreenDeploymentName *string `min:"1" type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of the source production database. + // + // Specify the database that you want to clone. The blue/green deployment creates + // this database in the green environment. You can make updates to the database + // in the green environment, such as an engine version upgrade. When you are + // ready, you can switch the database in the green environment to be the production + // database. + // + // Source is a required field + Source *string `min:"1" type:"string" required:"true"` - // The ID of an existing virtual private network (VPN) between the Amazon RDS - // website and the VMware vSphere cluster. - ExistingVpnId *string `type:"string"` + // Tags to assign to the blue/green deployment. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // The DB cluster parameter group associated with the Aurora DB cluster in the + // green environment. + // + // To test parameter changes, specify a DB cluster parameter group that is different + // from the one associated with the source DB cluster. + TargetDBClusterParameterGroupName *string `min:"1" type:"string"` - // The name of a new VPN tunnel between the Amazon RDS website and the VMware - // vSphere cluster. + // Specify the DB instance class for the databases in the green environment. // - // Specify this parameter only if ExistingVpnId isn't specified. - NewVpnTunnelName *string `type:"string"` + // This parameter only applies to RDS DB instances, because DB instances within + // an Aurora DB cluster can have multiple different instance classes. If you're + // creating a blue/green deployment from an Aurora DB cluster, don't specify + // this parameter. After the green environment is created, you can individually + // modify the instance classes of the DB instances within the green DB cluster. + TargetDBInstanceClass *string `min:"5" type:"string"` - // The IP address of network traffic from your on-premises data center. A custom - // AZ receives the network traffic. + // The DB parameter group associated with the DB instance in the green environment. // - // Specify this parameter only if ExistingVpnId isn't specified. - VpnTunnelOriginatorIP *string `type:"string"` + // To test parameter changes, specify a DB parameter group that is different + // from the one associated with the source DB instance. + TargetDBParameterGroupName *string `min:"1" type:"string"` + + // The engine version of the database in the green environment. + // + // Specify the engine version to upgrade to in the green environment. + TargetEngineVersion *string `min:"1" type:"string"` + + // Whether to upgrade the storage file system configuration on the green database. + // This option migrates the green DB instance from the older 32-bit file system + // to the preferred configuration. For more information, see Upgrading the storage + // file system for a DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.UpgradeFileSystem). + UpgradeTargetStorageConfig *bool `type:"boolean"` } -// String returns the string representation -func (s CreateCustomAvailabilityZoneInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateBlueGreenDeploymentInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CreateCustomAvailabilityZoneInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateBlueGreenDeploymentInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *CreateCustomAvailabilityZoneInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "CreateCustomAvailabilityZoneInput"} - if s.CustomAvailabilityZoneName == nil { - invalidParams.Add(request.NewErrParamRequired("CustomAvailabilityZoneName")) +func (s *CreateBlueGreenDeploymentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateBlueGreenDeploymentInput"} + if s.BlueGreenDeploymentName == nil { + invalidParams.Add(request.NewErrParamRequired("BlueGreenDeploymentName")) + } + if s.BlueGreenDeploymentName != nil && len(*s.BlueGreenDeploymentName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("BlueGreenDeploymentName", 1)) + } + if s.Source == nil { + invalidParams.Add(request.NewErrParamRequired("Source")) + } + if s.Source != nil && len(*s.Source) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Source", 1)) + } + if s.TargetDBClusterParameterGroupName != nil && len(*s.TargetDBClusterParameterGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetDBClusterParameterGroupName", 1)) + } + if s.TargetDBInstanceClass != nil && len(*s.TargetDBInstanceClass) < 5 { + invalidParams.Add(request.NewErrParamMinLen("TargetDBInstanceClass", 5)) + } + if s.TargetDBParameterGroupName != nil && len(*s.TargetDBParameterGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetDBParameterGroupName", 1)) + } + if s.TargetEngineVersion != nil && len(*s.TargetEngineVersion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetEngineVersion", 1)) } if invalidParams.Len() > 0 { @@ -16850,54 +21061,694 @@ func (s *CreateCustomAvailabilityZoneInput) Validate() error { return nil } -// SetCustomAvailabilityZoneName sets the CustomAvailabilityZoneName field's value. -func (s *CreateCustomAvailabilityZoneInput) SetCustomAvailabilityZoneName(v string) *CreateCustomAvailabilityZoneInput { - s.CustomAvailabilityZoneName = &v +// SetBlueGreenDeploymentName sets the BlueGreenDeploymentName field's value. +func (s *CreateBlueGreenDeploymentInput) SetBlueGreenDeploymentName(v string) *CreateBlueGreenDeploymentInput { + s.BlueGreenDeploymentName = &v + return s +} + +// SetSource sets the Source field's value. +func (s *CreateBlueGreenDeploymentInput) SetSource(v string) *CreateBlueGreenDeploymentInput { + s.Source = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateBlueGreenDeploymentInput) SetTags(v []*Tag) *CreateBlueGreenDeploymentInput { + s.Tags = v return s } -// SetExistingVpnId sets the ExistingVpnId field's value. -func (s *CreateCustomAvailabilityZoneInput) SetExistingVpnId(v string) *CreateCustomAvailabilityZoneInput { - s.ExistingVpnId = &v +// SetTargetDBClusterParameterGroupName sets the TargetDBClusterParameterGroupName field's value. +func (s *CreateBlueGreenDeploymentInput) SetTargetDBClusterParameterGroupName(v string) *CreateBlueGreenDeploymentInput { + s.TargetDBClusterParameterGroupName = &v return s } -// SetNewVpnTunnelName sets the NewVpnTunnelName field's value. -func (s *CreateCustomAvailabilityZoneInput) SetNewVpnTunnelName(v string) *CreateCustomAvailabilityZoneInput { - s.NewVpnTunnelName = &v +// SetTargetDBInstanceClass sets the TargetDBInstanceClass field's value. +func (s *CreateBlueGreenDeploymentInput) SetTargetDBInstanceClass(v string) *CreateBlueGreenDeploymentInput { + s.TargetDBInstanceClass = &v return s } -// SetVpnTunnelOriginatorIP sets the VpnTunnelOriginatorIP field's value. -func (s *CreateCustomAvailabilityZoneInput) SetVpnTunnelOriginatorIP(v string) *CreateCustomAvailabilityZoneInput { - s.VpnTunnelOriginatorIP = &v +// SetTargetDBParameterGroupName sets the TargetDBParameterGroupName field's value. +func (s *CreateBlueGreenDeploymentInput) SetTargetDBParameterGroupName(v string) *CreateBlueGreenDeploymentInput { + s.TargetDBParameterGroupName = &v return s } -type CreateCustomAvailabilityZoneOutput struct { +// SetTargetEngineVersion sets the TargetEngineVersion field's value. +func (s *CreateBlueGreenDeploymentInput) SetTargetEngineVersion(v string) *CreateBlueGreenDeploymentInput { + s.TargetEngineVersion = &v + return s +} + +// SetUpgradeTargetStorageConfig sets the UpgradeTargetStorageConfig field's value. +func (s *CreateBlueGreenDeploymentInput) SetUpgradeTargetStorageConfig(v bool) *CreateBlueGreenDeploymentInput { + s.UpgradeTargetStorageConfig = &v + return s +} + +type CreateBlueGreenDeploymentOutput struct { + _ struct{} `type:"structure"` + + // Details about a blue/green deployment. + // + // For more information, see Using Amazon RDS Blue/Green Deployments for database + // updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) + // in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments + // for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) + // in the Amazon Aurora User Guide. + BlueGreenDeployment *BlueGreenDeployment `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateBlueGreenDeploymentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateBlueGreenDeploymentOutput) GoString() string { + return s.String() +} + +// SetBlueGreenDeployment sets the BlueGreenDeployment field's value. +func (s *CreateBlueGreenDeploymentOutput) SetBlueGreenDeployment(v *BlueGreenDeployment) *CreateBlueGreenDeploymentOutput { + s.BlueGreenDeployment = v + return s +} + +type CreateCustomDBEngineVersionInput struct { + _ struct{} `type:"structure"` + + // The name of an Amazon S3 bucket that contains database installation files + // for your CEV. For example, a valid bucket name is my-custom-installation-files. + DatabaseInstallationFilesS3BucketName *string `min:"3" type:"string"` + + // The Amazon S3 directory that contains the database installation files for + // your CEV. For example, a valid bucket name is 123456789012/cev1. If this + // setting isn't specified, no prefix is assumed. + DatabaseInstallationFilesS3Prefix *string `min:"1" type:"string"` + + // An optional description of your CEV. + Description *string `min:"1" type:"string"` + + // The database engine. RDS Custom for Oracle supports the following values: + // + // * custom-oracle-ee + // + // * custom-oracle-ee-cdb + // + // * custom-oracle-se2 + // + // * custom-oracle-se2-cdb + // + // Engine is a required field + Engine *string `min:"1" type:"string" required:"true"` + + // The name of your CEV. The name format is 19.customized_string. For example, + // a valid CEV name is 19.my_cev1. This setting is required for RDS Custom for + // Oracle, but optional for Amazon RDS. The combination of Engine and EngineVersion + // is unique per customer per Region. + // + // EngineVersion is a required field + EngineVersion *string `min:"1" type:"string" required:"true"` + + // The ID of the Amazon Machine Image (AMI). For RDS Custom for SQL Server, + // an AMI ID is required to create a CEV. For RDS Custom for Oracle, the default + // is the most recent AMI available, but you can specify an AMI ID that was + // used in a different Oracle CEV. Find the AMIs used by your CEVs by calling + // the DescribeDBEngineVersions (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBEngineVersions.html) + // operation. + ImageId *string `min:"1" type:"string"` + + // The Amazon Web Services KMS key identifier for an encrypted CEV. A symmetric + // encryption KMS key is required for RDS Custom, but optional for Amazon RDS. + // + // If you have an existing symmetric encryption KMS key in your account, you + // can use it with RDS Custom. No further action is necessary. If you don't + // already have a symmetric encryption KMS key in your account, follow the instructions + // in Creating a symmetric encryption KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) + // in the Amazon Web Services Key Management Service Developer Guide. + // + // You can choose the same symmetric encryption key when you create a CEV and + // a DB instance, or choose different keys. + KMSKeyId *string `min:"1" type:"string"` + + // The CEV manifest, which is a JSON document that describes the installation + // .zip files stored in Amazon S3. Specify the name/value pairs in a file or + // a quoted string. RDS Custom applies the patches in the order in which they + // are listed. + // + // The following JSON fields are valid: + // + // MediaImportTemplateVersion + // + // Version of the CEV manifest. The date is in the format YYYY-MM-DD. + // + // databaseInstallationFileNames + // + // Ordered list of installation files for the CEV. + // + // opatchFileNames + // + // Ordered list of OPatch installers used for the Oracle DB engine. + // + // psuRuPatchFileNames + // + // The PSU and RU patches for this CEV. + // + // OtherPatchFileNames + // + // The patches that are not in the list of PSU and RU patches. Amazon RDS applies + // these patches after applying the PSU and RU patches. + // + // For more information, see Creating the CEV manifest (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest) + // in the Amazon RDS User Guide. + Manifest *string `min:"1" type:"string"` + + // The ARN of a CEV to use as a source for creating a new CEV. You can specify + // a different Amazon Machine Imagine (AMI) by using either Source or UseAwsProvidedLatestImage. + // You can't specify a different JSON manifest when you specify SourceCustomDbEngineVersionIdentifier. + SourceCustomDbEngineVersionIdentifier *string `min:"1" type:"string"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // Specifies whether to use the latest service-provided Amazon Machine Image + // (AMI) for the CEV. If you specify UseAwsProvidedLatestImage, you can't also + // specify ImageId. + UseAwsProvidedLatestImage *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDBEngineVersionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDBEngineVersionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateCustomDBEngineVersionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateCustomDBEngineVersionInput"} + if s.DatabaseInstallationFilesS3BucketName != nil && len(*s.DatabaseInstallationFilesS3BucketName) < 3 { + invalidParams.Add(request.NewErrParamMinLen("DatabaseInstallationFilesS3BucketName", 3)) + } + if s.DatabaseInstallationFilesS3Prefix != nil && len(*s.DatabaseInstallationFilesS3Prefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DatabaseInstallationFilesS3Prefix", 1)) + } + if s.Description != nil && len(*s.Description) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Description", 1)) + } + if s.Engine == nil { + invalidParams.Add(request.NewErrParamRequired("Engine")) + } + if s.Engine != nil && len(*s.Engine) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Engine", 1)) + } + if s.EngineVersion == nil { + invalidParams.Add(request.NewErrParamRequired("EngineVersion")) + } + if s.EngineVersion != nil && len(*s.EngineVersion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("EngineVersion", 1)) + } + if s.ImageId != nil && len(*s.ImageId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ImageId", 1)) + } + if s.KMSKeyId != nil && len(*s.KMSKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KMSKeyId", 1)) + } + if s.Manifest != nil && len(*s.Manifest) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Manifest", 1)) + } + if s.SourceCustomDbEngineVersionIdentifier != nil && len(*s.SourceCustomDbEngineVersionIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SourceCustomDbEngineVersionIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDatabaseInstallationFilesS3BucketName sets the DatabaseInstallationFilesS3BucketName field's value. +func (s *CreateCustomDBEngineVersionInput) SetDatabaseInstallationFilesS3BucketName(v string) *CreateCustomDBEngineVersionInput { + s.DatabaseInstallationFilesS3BucketName = &v + return s +} + +// SetDatabaseInstallationFilesS3Prefix sets the DatabaseInstallationFilesS3Prefix field's value. +func (s *CreateCustomDBEngineVersionInput) SetDatabaseInstallationFilesS3Prefix(v string) *CreateCustomDBEngineVersionInput { + s.DatabaseInstallationFilesS3Prefix = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateCustomDBEngineVersionInput) SetDescription(v string) *CreateCustomDBEngineVersionInput { + s.Description = &v + return s +} + +// SetEngine sets the Engine field's value. +func (s *CreateCustomDBEngineVersionInput) SetEngine(v string) *CreateCustomDBEngineVersionInput { + s.Engine = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *CreateCustomDBEngineVersionInput) SetEngineVersion(v string) *CreateCustomDBEngineVersionInput { + s.EngineVersion = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *CreateCustomDBEngineVersionInput) SetImageId(v string) *CreateCustomDBEngineVersionInput { + s.ImageId = &v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *CreateCustomDBEngineVersionInput) SetKMSKeyId(v string) *CreateCustomDBEngineVersionInput { + s.KMSKeyId = &v + return s +} + +// SetManifest sets the Manifest field's value. +func (s *CreateCustomDBEngineVersionInput) SetManifest(v string) *CreateCustomDBEngineVersionInput { + s.Manifest = &v + return s +} + +// SetSourceCustomDbEngineVersionIdentifier sets the SourceCustomDbEngineVersionIdentifier field's value. +func (s *CreateCustomDBEngineVersionInput) SetSourceCustomDbEngineVersionIdentifier(v string) *CreateCustomDBEngineVersionInput { + s.SourceCustomDbEngineVersionIdentifier = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateCustomDBEngineVersionInput) SetTags(v []*Tag) *CreateCustomDBEngineVersionInput { + s.Tags = v + return s +} + +// SetUseAwsProvidedLatestImage sets the UseAwsProvidedLatestImage field's value. +func (s *CreateCustomDBEngineVersionInput) SetUseAwsProvidedLatestImage(v bool) *CreateCustomDBEngineVersionInput { + s.UseAwsProvidedLatestImage = &v + return s +} + +// This data type is used as a response element in the action DescribeDBEngineVersions. +type CreateCustomDBEngineVersionOutput struct { _ struct{} `type:"structure"` - // A custom Availability Zone (AZ) is an on-premises AZ that is integrated with - // a VMware vSphere cluster. + // The creation time of the DB engine version. + CreateTime *time.Time `type:"timestamp"` + + // JSON string that lists the installation files and parameters that RDS Custom + // uses to create a custom engine version (CEV). RDS Custom applies the patches + // in the order in which they're listed in the manifest. You can set the Oracle + // home, Oracle base, and UNIX/Linux user and group using the installation parameters. + // For more information, see JSON fields in the CEV manifest (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.preparing.html#custom-cev.preparing.manifest.fields) + // in the Amazon RDS User Guide. + CustomDBEngineVersionManifest *string `min:"1" type:"string"` + + // The description of the database engine. + DBEngineDescription *string `type:"string"` + + // A value that indicates the source media provider of the AMI based on the + // usage operation. Applicable for RDS Custom for SQL Server. + DBEngineMediaType *string `type:"string"` + + // The ARN of the custom engine version. + DBEngineVersionArn *string `type:"string"` + + // The description of the database engine version. + DBEngineVersionDescription *string `type:"string"` + + // The name of the DB parameter group family for the database engine. + DBParameterGroupFamily *string `type:"string"` + + // The name of the Amazon S3 bucket that contains your database installation + // files. + DatabaseInstallationFilesS3BucketName *string `type:"string"` + + // The Amazon S3 directory that contains the database installation files. If + // not specified, then no prefix is assumed. + DatabaseInstallationFilesS3Prefix *string `type:"string"` + + // The default character set for new instances of this engine version, if the + // CharacterSetName parameter of the CreateDBInstance API isn't specified. + DefaultCharacterSet *CharacterSet `type:"structure"` + + // The name of the database engine. + Engine *string `type:"string"` + + // The version number of the database engine. + EngineVersion *string `type:"string"` + + // The types of logs that the database engine has available for export to CloudWatch + // Logs. + ExportableLogTypes []*string `type:"list"` + + // The EC2 image + Image *CustomDBEngineVersionAMI `type:"structure"` + + // The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter + // is required for RDS Custom, but optional for Amazon RDS. + KMSKeyId *string `type:"string"` + + // The major engine version of the CEV. + MajorEngineVersion *string `type:"string"` + + // The status of the DB engine version, either available or deprecated. + Status *string `type:"string"` + + // A list of the supported CA certificate identifiers. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + SupportedCACertificateIdentifiers []*string `type:"list"` + + // A list of the character sets supported by this engine for the CharacterSetName + // parameter of the CreateDBInstance operation. + SupportedCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` + + // A list of the supported DB engine modes. + SupportedEngineModes []*string `type:"list"` + + // A list of features supported by the DB engine. + // + // The supported features vary by DB engine and DB engine version. + // + // To determine the supported features for a specific DB engine and DB engine + // version using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine --engine-version + // + // + // For example, to determine the supported features for RDS for PostgreSQL version + // 13.3 using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine postgres --engine-version 13.3 + // + // The supported features are listed under SupportedFeatureNames in the output. + SupportedFeatureNames []*string `type:"list"` + + // A list of the character sets supported by the Oracle DB engine for the NcharCharacterSetName + // parameter of the CreateDBInstance operation. + SupportedNcharCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` + + // A list of the time zones supported by this engine for the Timezone parameter + // of the CreateDBInstance action. + SupportedTimezones []*Timezone `locationNameList:"Timezone" type:"list"` + + // Indicates whether the engine version supports Babelfish for Aurora PostgreSQL. + SupportsBabelfish *bool `type:"boolean"` + + // Indicates whether the engine version supports rotating the server certificate + // without rebooting the DB instance. + SupportsCertificateRotationWithoutRestart *bool `type:"boolean"` + + // Indicates whether you can use Aurora global databases with a specific DB + // engine version. + SupportsGlobalDatabases *bool `type:"boolean"` + + // Indicates whether the DB engine version supports zero-ETL integrations with + // Amazon Redshift. + SupportsIntegrations *bool `type:"boolean"` + + // Indicates whether the DB engine version supports Aurora Limitless Database. + SupportsLimitlessDatabase *bool `type:"boolean"` + + // Indicates whether the DB engine version supports forwarding write operations + // from reader DB instances to the writer DB instance in the DB cluster. By + // default, write operations aren't allowed on reader DB instances. // - // For more information about RDS on VMware, see the RDS on VMware User Guide. - // (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) - CustomAvailabilityZone *CustomAvailabilityZone `type:"structure"` + // Valid for: Aurora DB clusters only + SupportsLocalWriteForwarding *bool `type:"boolean"` + + // Indicates whether the engine version supports exporting the log types specified + // by ExportableLogTypes to CloudWatch Logs. + SupportsLogExportsToCloudwatchLogs *bool `type:"boolean"` + + // Indicates whether you can use Aurora parallel query with a specific DB engine + // version. + SupportsParallelQuery *bool `type:"boolean"` + + // Indicates whether the database engine version supports read replicas. + SupportsReadReplica *bool `type:"boolean"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + TagList []*Tag `locationNameList:"Tag" type:"list"` + + // A list of engine versions that this database engine version can be upgraded + // to. + ValidUpgradeTarget []*UpgradeTarget `locationNameList:"UpgradeTarget" type:"list"` } -// String returns the string representation -func (s CreateCustomAvailabilityZoneOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDBEngineVersionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CreateCustomAvailabilityZoneOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateCustomDBEngineVersionOutput) GoString() string { return s.String() } -// SetCustomAvailabilityZone sets the CustomAvailabilityZone field's value. -func (s *CreateCustomAvailabilityZoneOutput) SetCustomAvailabilityZone(v *CustomAvailabilityZone) *CreateCustomAvailabilityZoneOutput { - s.CustomAvailabilityZone = v +// SetCreateTime sets the CreateTime field's value. +func (s *CreateCustomDBEngineVersionOutput) SetCreateTime(v time.Time) *CreateCustomDBEngineVersionOutput { + s.CreateTime = &v + return s +} + +// SetCustomDBEngineVersionManifest sets the CustomDBEngineVersionManifest field's value. +func (s *CreateCustomDBEngineVersionOutput) SetCustomDBEngineVersionManifest(v string) *CreateCustomDBEngineVersionOutput { + s.CustomDBEngineVersionManifest = &v + return s +} + +// SetDBEngineDescription sets the DBEngineDescription field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDBEngineDescription(v string) *CreateCustomDBEngineVersionOutput { + s.DBEngineDescription = &v + return s +} + +// SetDBEngineMediaType sets the DBEngineMediaType field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDBEngineMediaType(v string) *CreateCustomDBEngineVersionOutput { + s.DBEngineMediaType = &v + return s +} + +// SetDBEngineVersionArn sets the DBEngineVersionArn field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDBEngineVersionArn(v string) *CreateCustomDBEngineVersionOutput { + s.DBEngineVersionArn = &v + return s +} + +// SetDBEngineVersionDescription sets the DBEngineVersionDescription field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDBEngineVersionDescription(v string) *CreateCustomDBEngineVersionOutput { + s.DBEngineVersionDescription = &v + return s +} + +// SetDBParameterGroupFamily sets the DBParameterGroupFamily field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDBParameterGroupFamily(v string) *CreateCustomDBEngineVersionOutput { + s.DBParameterGroupFamily = &v + return s +} + +// SetDatabaseInstallationFilesS3BucketName sets the DatabaseInstallationFilesS3BucketName field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDatabaseInstallationFilesS3BucketName(v string) *CreateCustomDBEngineVersionOutput { + s.DatabaseInstallationFilesS3BucketName = &v + return s +} + +// SetDatabaseInstallationFilesS3Prefix sets the DatabaseInstallationFilesS3Prefix field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDatabaseInstallationFilesS3Prefix(v string) *CreateCustomDBEngineVersionOutput { + s.DatabaseInstallationFilesS3Prefix = &v + return s +} + +// SetDefaultCharacterSet sets the DefaultCharacterSet field's value. +func (s *CreateCustomDBEngineVersionOutput) SetDefaultCharacterSet(v *CharacterSet) *CreateCustomDBEngineVersionOutput { + s.DefaultCharacterSet = v + return s +} + +// SetEngine sets the Engine field's value. +func (s *CreateCustomDBEngineVersionOutput) SetEngine(v string) *CreateCustomDBEngineVersionOutput { + s.Engine = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *CreateCustomDBEngineVersionOutput) SetEngineVersion(v string) *CreateCustomDBEngineVersionOutput { + s.EngineVersion = &v + return s +} + +// SetExportableLogTypes sets the ExportableLogTypes field's value. +func (s *CreateCustomDBEngineVersionOutput) SetExportableLogTypes(v []*string) *CreateCustomDBEngineVersionOutput { + s.ExportableLogTypes = v + return s +} + +// SetImage sets the Image field's value. +func (s *CreateCustomDBEngineVersionOutput) SetImage(v *CustomDBEngineVersionAMI) *CreateCustomDBEngineVersionOutput { + s.Image = v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *CreateCustomDBEngineVersionOutput) SetKMSKeyId(v string) *CreateCustomDBEngineVersionOutput { + s.KMSKeyId = &v + return s +} + +// SetMajorEngineVersion sets the MajorEngineVersion field's value. +func (s *CreateCustomDBEngineVersionOutput) SetMajorEngineVersion(v string) *CreateCustomDBEngineVersionOutput { + s.MajorEngineVersion = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *CreateCustomDBEngineVersionOutput) SetStatus(v string) *CreateCustomDBEngineVersionOutput { + s.Status = &v + return s +} + +// SetSupportedCACertificateIdentifiers sets the SupportedCACertificateIdentifiers field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportedCACertificateIdentifiers(v []*string) *CreateCustomDBEngineVersionOutput { + s.SupportedCACertificateIdentifiers = v + return s +} + +// SetSupportedCharacterSets sets the SupportedCharacterSets field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportedCharacterSets(v []*CharacterSet) *CreateCustomDBEngineVersionOutput { + s.SupportedCharacterSets = v + return s +} + +// SetSupportedEngineModes sets the SupportedEngineModes field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportedEngineModes(v []*string) *CreateCustomDBEngineVersionOutput { + s.SupportedEngineModes = v + return s +} + +// SetSupportedFeatureNames sets the SupportedFeatureNames field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportedFeatureNames(v []*string) *CreateCustomDBEngineVersionOutput { + s.SupportedFeatureNames = v + return s +} + +// SetSupportedNcharCharacterSets sets the SupportedNcharCharacterSets field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportedNcharCharacterSets(v []*CharacterSet) *CreateCustomDBEngineVersionOutput { + s.SupportedNcharCharacterSets = v + return s +} + +// SetSupportedTimezones sets the SupportedTimezones field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportedTimezones(v []*Timezone) *CreateCustomDBEngineVersionOutput { + s.SupportedTimezones = v + return s +} + +// SetSupportsBabelfish sets the SupportsBabelfish field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsBabelfish(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsBabelfish = &v + return s +} + +// SetSupportsCertificateRotationWithoutRestart sets the SupportsCertificateRotationWithoutRestart field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsCertificateRotationWithoutRestart(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsCertificateRotationWithoutRestart = &v + return s +} + +// SetSupportsGlobalDatabases sets the SupportsGlobalDatabases field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsGlobalDatabases(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsGlobalDatabases = &v + return s +} + +// SetSupportsIntegrations sets the SupportsIntegrations field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsIntegrations(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsIntegrations = &v + return s +} + +// SetSupportsLimitlessDatabase sets the SupportsLimitlessDatabase field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsLimitlessDatabase(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsLimitlessDatabase = &v + return s +} + +// SetSupportsLocalWriteForwarding sets the SupportsLocalWriteForwarding field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsLocalWriteForwarding(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsLocalWriteForwarding = &v + return s +} + +// SetSupportsLogExportsToCloudwatchLogs sets the SupportsLogExportsToCloudwatchLogs field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsLogExportsToCloudwatchLogs(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsLogExportsToCloudwatchLogs = &v + return s +} + +// SetSupportsParallelQuery sets the SupportsParallelQuery field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsParallelQuery(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsParallelQuery = &v + return s +} + +// SetSupportsReadReplica sets the SupportsReadReplica field's value. +func (s *CreateCustomDBEngineVersionOutput) SetSupportsReadReplica(v bool) *CreateCustomDBEngineVersionOutput { + s.SupportsReadReplica = &v + return s +} + +// SetTagList sets the TagList field's value. +func (s *CreateCustomDBEngineVersionOutput) SetTagList(v []*Tag) *CreateCustomDBEngineVersionOutput { + s.TagList = v + return s +} + +// SetValidUpgradeTarget sets the ValidUpgradeTarget field's value. +func (s *CreateCustomDBEngineVersionOutput) SetValidUpgradeTarget(v []*UpgradeTarget) *CreateCustomDBEngineVersionOutput { + s.ValidUpgradeTarget = v return s } @@ -16916,14 +21767,14 @@ type CreateDBClusterEndpointInput struct { // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` - // The type of the endpoint. One of: READER, WRITER, ANY. + // The type of the endpoint, one of: READER, WRITER, ANY. // // EndpointType is a required field EndpointType *string `type:"string" required:"true"` // List of DB instance identifiers that aren't part of the custom endpoint group. - // All other eligible instances are reachable through the custom endpoint. Only - // relevant if the list of static members is empty. + // All other eligible instances are reachable through the custom endpoint. This + // parameter is relevant only if the list of static members is empty. ExcludedMembers []*string `type:"list"` // List of DB instance identifiers that are part of the custom endpoint group. @@ -16933,12 +21784,20 @@ type CreateDBClusterEndpointInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterEndpointInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterEndpointInput) GoString() string { return s.String() } @@ -17002,13 +21861,13 @@ func (s *CreateDBClusterEndpointInput) SetTags(v []*Tag) *CreateDBClusterEndpoin // Aurora DB cluster. This data type is used as a response element in the following // actions: // -// * CreateDBClusterEndpoint +// - CreateDBClusterEndpoint // -// * DescribeDBClusterEndpoints +// - DescribeDBClusterEndpoints // -// * ModifyDBClusterEndpoint +// - ModifyDBClusterEndpoint // -// * DeleteDBClusterEndpoint +// - DeleteDBClusterEndpoint // // For the data structure that represents Amazon RDS DB instance endpoints, // see Endpoint. @@ -17054,12 +21913,20 @@ type CreateDBClusterEndpointOutput struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterEndpointOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterEndpointOutput) GoString() string { return s.String() } @@ -17127,16 +21994,38 @@ func (s *CreateDBClusterEndpointOutput) SetStatus(v string) *CreateDBClusterEndp type CreateDBClusterInput struct { _ struct{} `type:"structure"` - // A list of Availability Zones (AZs) where instances in the DB cluster can - // be created. For information on AWS Regions and Availability Zones, see Choosing - // the Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html) + // The amount of storage in gibibytes (GiB) to allocate to each DB instance + // in the Multi-AZ DB cluster. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // This setting is required to create a Multi-AZ DB cluster. + AllocatedStorage *int64 `type:"integer"` + + // Specifies whether minor engine upgrades are applied automatically to the + // DB cluster during the maintenance window. By default, minor engine upgrades + // are applied automatically. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + AutoMinorVersionUpgrade *bool `type:"boolean"` + + // A list of Availability Zones (AZs) where you specifically want to create + // DB instances in the DB cluster. + // + // For information on AZs, see Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html#Concepts.RegionsAndAvailabilityZones.AvailabilityZones) // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only + // + // Constraints: + // + // * Can't specify more than three AZs. AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` // The target backtrack window, in seconds. To disable backtracking, set this // value to 0. // - // Currently, Backtrack is only supported for Aurora MySQL DB clusters. + // Valid for Cluster Type: Aurora MySQL DB clusters only // // Default: 0 // @@ -17148,26 +22037,45 @@ type CreateDBClusterInput struct { // The number of days for which automated backups are retained. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Default: 1 // // Constraints: // - // * Must be a value from 1 to 35 + // * Must be a value from 1 to 35. BackupRetentionPeriod *int64 `type:"integer"` - // A value that indicates that the DB cluster should be associated with the - // specified CharacterSet. + // The CA certificate identifier to use for the DB cluster's server certificate. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide. + // + // Valid for Cluster Type: Multi-AZ DB clusters + CACertificateIdentifier *string `type:"string"` + + // The name of the character set (CharacterSet) to associate the DB cluster + // with. + // + // Valid for Cluster Type: Aurora DB clusters only CharacterSetName *string `type:"string"` - // A value that indicates whether to copy all tags from the DB cluster to snapshots - // of the DB cluster. The default is not to copy them. + // Specifies whether to copy all tags from the DB cluster to snapshots of the + // DB cluster. The default is not to copy them. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters CopyTagsToSnapshot *bool `type:"boolean"` - // The DB cluster identifier. This parameter is stored as a lowercase string. + // The identifier for this DB cluster. This parameter is stored as a lowercase + // string. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // Constraints: // - // * Must contain from 1 to 63 letters, numbers, or hyphens. + // * Must contain from 1 to 63 (for Aurora DB clusters) or 1 to 52 (for Multi-AZ + // DB clusters) letters, numbers, or hyphens. // // * First character must be a letter. // @@ -17178,10 +22086,25 @@ type CreateDBClusterInput struct { // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` + // The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, + // for example db.m6gd.xlarge. Not all DB instance classes are available in + // all Amazon Web Services Regions, or for all database engines. + // + // For the full list of DB instance classes and availability for your engine, + // see DB instance class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. + // + // This setting is required to create a Multi-AZ DB cluster. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + DBClusterInstanceClass *string `type:"string"` + // The name of the DB cluster parameter group to associate with this DB cluster. - // If you do not specify a value, then the default DB cluster parameter group + // If you don't specify a value, then the default DB cluster parameter group // for the specified DB engine and version is used. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * If supplied, must match the name of an existing DB cluster parameter @@ -17190,20 +22113,32 @@ type CreateDBClusterInput struct { // A DB subnet group to associate with this DB cluster. // - // Constraints: Must match the name of an existing DBSubnetGroup. Must not be - // default. + // This setting is required to create a Multi-AZ DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Constraints: + // + // * Must match the name of an existing DB subnet group. // - // Example: mySubnetgroup + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // The name for your database of up to 64 alphanumeric characters. If you do - // not provide a name, Amazon RDS doesn't create a database in the DB cluster - // you are creating. + // Reserved for future use. + DBSystemId *string `type:"string"` + + // The name for your database of up to 64 alphanumeric characters. A database + // named postgres is always created. If this parameter is specified, an additional + // database with this name is created. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DatabaseName *string `type:"string"` - // A value that indicates whether the DB cluster has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. + // Specifies whether the DB cluster has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DeletionProtection *bool `type:"boolean"` // DestinationRegion is used for presigning the request to a given region. @@ -17211,151 +22146,320 @@ type CreateDBClusterInput struct { // The Active Directory directory ID to create the DB cluster in. // - // For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication - // to authenticate users that connect to the DB cluster. For more information, - // see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) + // For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication + // to authenticate users that connect to the DB cluster. + // + // For more information, see Kerberos authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to use when making API calls to the Directory Service. + // + // Valid for Cluster Type: Aurora DB clusters only DomainIAMRoleName *string `type:"string"` // The list of log types that need to be enabled for exporting to CloudWatch - // Logs. The values in the list depend on the DB engine being used. For more - // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) - // in the Amazon Aurora User Guide. + // Logs. // - // Aurora MySQL + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Possible values are audit, error, general, and slowquery. + // The following values are valid for each DB engine: // - // Aurora PostgreSQL + // * Aurora MySQL - audit | error | general | slowquery // - // Possible values are postgresql and upgrade. + // * Aurora PostgreSQL - postgresql + // + // * RDS for MySQL - error | general | slowquery + // + // * RDS for PostgreSQL - postgresql | upgrade + // + // For more information about exporting CloudWatch Logs for Amazon RDS, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // in the Amazon RDS User Guide. + // + // For more information about exporting CloudWatch Logs for Amazon Aurora, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // in the Amazon Aurora User Guide. EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable write operations to be forwarded - // from this cluster to the primary cluster in an Aurora global database. The - // resulting changes are replicated back to this cluster. This parameter only - // applies to DB clusters that are secondary clusters in an Aurora global database. - // By default, Aurora disallows write operations for secondary clusters. + // Specifies whether to enable this DB cluster to forward write operations to + // the primary cluster of a global cluster (Aurora global database). By default, + // write operations are not allowed on Aurora DB clusters that are secondary + // clusters in an Aurora global database. + // + // You can set this value only on Aurora DB clusters that are members of an + // Aurora global database. With this parameter enabled, a secondary cluster + // can forward writes to the current primary cluster, and the resulting changes + // are replicated back to this cluster. For the primary DB cluster of an Aurora + // global database, this value is used immediately if the primary is demoted + // by a global cluster API operation, but it does nothing until then. + // + // Valid for Cluster Type: Aurora DB clusters only EnableGlobalWriteForwarding *bool `type:"boolean"` - // A value that indicates whether to enable the HTTP endpoint for an Aurora - // Serverless DB cluster. By default, the HTTP endpoint is disabled. + // Specifies whether to enable the HTTP endpoint for the DB cluster. By default, + // the HTTP endpoint isn't enabled. // // When enabled, the HTTP endpoint provides a connectionless web service API - // for running SQL queries on the Aurora Serverless DB cluster. You can also - // query your database from inside the RDS console with the query editor. + // (RDS Data API) for running SQL queries on the DB cluster. You can also query + // your database from inside the RDS console with the RDS query editor. + // + // RDS Data API is supported with the following DB clusters: + // + // * Aurora PostgreSQL Serverless v2 and provisioned + // + // * Aurora PostgreSQL and Aurora MySQL Serverless v1 // - // For more information, see Using the Data API for Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) + // For more information, see Using RDS Data API (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only EnableHttpEndpoint *bool `type:"boolean"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // The name of the database engine to be used for this DB cluster. + // Specifies whether to enable Aurora Limitless Database. You must enable Aurora + // Limitless Database to create a DB shard group. + // + // Valid for: Aurora DB clusters only + EnableLimitlessDatabase *bool `type:"boolean"` + + // Specifies whether read replicas can forward write operations to the writer + // DB instance in the DB cluster. By default, write operations aren't allowed + // on reader DB instances. + // + // Valid for: Aurora DB clusters only + EnableLocalWriteForwarding *bool `type:"boolean"` + + // Specifies whether to turn on Performance Insights for the DB cluster. // - // Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for - // MySQL 5.7-compatible Aurora), and aurora-postgresql + // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + // in the Amazon RDS User Guide. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + EnablePerformanceInsights *bool `type:"boolean"` + + // The database engine to use for this DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: + // + // * aurora-mysql + // + // * aurora-postgresql + // + // * mysql + // + // * postgres + // + // * neptune - For information about using Amazon Neptune, see the Amazon + // Neptune User Guide (https://docs.aws.amazon.com/neptune/latest/userguide/intro.html). // // Engine is a required field Engine *string `type:"string" required:"true"` - // The DB engine mode of the DB cluster, either provisioned serverless, parallelquery, - // global, or multimaster. + // The life cycle type for this DB cluster. // - // The parallelquery engine mode isn't required for Aurora MySQL version 1.23 - // and higher 1.x versions, and version 2.09 and higher 2.x versions. + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, creating the + // DB cluster will fail if the DB major version is past its end of standard + // support date. // - // The global engine mode isn't required for Aurora MySQL version 1.22 and higher - // 1.x versions, and global engine mode isn't required for any 2.x versions. + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: // - // The multimaster engine mode only applies for DB clusters created with Aurora - // MySQL version 5.6.10a. + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide // - // For Aurora PostgreSQL, the global engine mode isn't required, and both the - // parallelquery and the multimaster engine modes currently aren't supported. + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide // - // Limitations and requirements apply to some DB engine modes. For more information, - // see the following sections in the Amazon Aurora User Guide: + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + + // The DB engine mode of the DB cluster, either provisioned or serverless. // - // * Limitations of Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) + // The serverless engine mode only applies for Aurora Serverless v1 DB clusters. + // Aurora Serverless v2 DB clusters use the provisioned engine mode. // - // * Limitations of Parallel Query (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations) + // For information about limitations and requirements for Serverless DB clusters, + // see the following sections in the Amazon Aurora User Guide: + // + // * Limitations of Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) // - // * Limitations of Aurora Global Databases (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations) + // * Requirements for Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html) // - // * Limitations of Multi-Master Clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-multi-master.html#aurora-multi-master-limitations) + // Valid for Cluster Type: Aurora DB clusters only EngineMode *string `type:"string"` // The version number of the database engine to use. // - // To list all of the available engine versions for aurora (for MySQL 5.6-compatible - // Aurora), use the following command: - // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" - // - // To list all of the available engine versions for aurora-mysql (for MySQL - // 5.7-compatible Aurora), use the following command: + // To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) + // and version 3 (MySQL 8.0-compatible), use the following command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // - // To list all of the available engine versions for aurora-postgresql, use the + // You can supply either 5.7 or 8.0 to use the default engine version for Aurora + // MySQL version 2 or version 3, respectively. + // + // To list all of the available engine versions for Aurora PostgreSQL, use the // following command: // // aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion" // - // Aurora MySQL + // To list all of the available engine versions for RDS for MySQL, use the following + // command: // - // Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.12, 5.7.mysql_aurora.2.04.5 + // aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion" // - // Aurora PostgreSQL + // To list all of the available engine versions for RDS for PostgreSQL, use + // the following command: + // + // aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion" + // + // For information about a specific engine, see the following topics: + // + // * Aurora MySQL - see Database engine updates for Amazon Aurora MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) + // in the Amazon Aurora User Guide. + // + // * Aurora PostgreSQL - see Amazon Aurora PostgreSQL releases and engine + // versions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) + // in the Amazon Aurora User Guide. + // + // * RDS for MySQL - see Amazon RDS for MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + // in the Amazon RDS User Guide. + // + // * RDS for PostgreSQL - see Amazon RDS for PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) + // in the Amazon RDS User Guide. // - // Example: 9.6.3, 10.7 + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters EngineVersion *string `type:"string"` // The global cluster ID of an Aurora cluster that becomes the primary cluster // in the new global database cluster. + // + // Valid for Cluster Type: Aurora DB clusters only GlobalClusterIdentifier *string `type:"string"` - // The AWS KMS key identifier for an encrypted DB cluster. + // The amount of Provisioned IOPS (input/output operations per second) to be + // initially allocated for each DB instance in the Multi-AZ DB cluster. + // + // For information about valid IOPS values, see Provisioned IOPS storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // in the Amazon RDS User Guide. + // + // This setting is required to create a Multi-AZ DB cluster. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // Constraints: + // + // * Must be a multiple between .5 and 50 of the storage amount for the DB + // cluster. + Iops *int64 `type:"integer"` + + // The Amazon Web Services KMS key identifier for an encrypted DB cluster. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). To use a CMK in a different AWS - // account, specify the key ARN or alias ARN. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. // - // When a CMK isn't specified in KmsKeyId: + // When a KMS key isn't specified in KmsKeyId: // // * If ReplicationSourceIdentifier identifies an encrypted source, then - // Amazon RDS will use the CMK used to encrypt the source. Otherwise, Amazon - // RDS will use your default CMK. + // Amazon RDS uses the KMS key used to encrypt the source. Otherwise, Amazon + // RDS uses your default KMS key. // // * If the StorageEncrypted parameter is enabled and ReplicationSourceIdentifier - // isn't specified, then Amazon RDS will use your default CMK. + // isn't specified, then Amazon RDS uses your default KMS key. + // + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. // - // There is a default CMK for your AWS account. Your AWS account has a different - // default CMK for each AWS Region. + // If you create a read replica of an encrypted DB cluster in another Amazon + // Web Services Region, make sure to set KmsKeyId to a KMS key identifier that + // is valid in the destination Amazon Web Services Region. This KMS key is used + // to encrypt the read replica in that Amazon Web Services Region. // - // If you create a read replica of an encrypted DB cluster in another AWS Region, - // you must set KmsKeyId to a AWS KMS key identifier that is valid in the destination - // AWS Region. This CMK is used to encrypt the read replica in that AWS Region. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters KmsKeyId *string `type:"string"` - // The password for the master database user. This password can contain any - // printable ASCII character except "/", """, or "@". + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide and Password management with Amazon Web Services + // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // Constraints: Must contain from 8 to 41 characters. + // Constraints: + // + // * Can't manage the master user password with Amazon Web Services Secrets + // Manager if MasterUserPassword is specified. + ManageMasterUserPassword *bool `type:"boolean"` + + // The password for the master database user. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Constraints: + // + // * Must contain from 8 to 41 characters. + // + // * Can contain any printable ASCII character except "/", """, or "@". + // + // * Can't be specified if ManageMasterUserPassword is turned on. MasterUserPassword *string `type:"string"` + // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + // generated and managed in Amazon Web Services Secrets Manager. + // + // This setting is valid only if the master user password is managed by RDS + // in Amazon Web Services Secrets Manager for the DB cluster. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. + // + // If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + // KMS key is used to encrypt the secret. If the secret is in a different Amazon + // Web Services account, then you can't use the aws/secretsmanager KMS key to + // encrypt the secret, and you must use a customer managed KMS key. + // + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + MasterUserSecretKmsKeyId *string `type:"string"` + // The name of the master user for the DB cluster. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * Must be 1 to 16 letters or numbers. @@ -17365,60 +22469,148 @@ type CreateDBClusterInput struct { // * Can't be a reserved word for the chosen database engine. MasterUsername *string `type:"string"` - // A value that indicates that the DB cluster should be associated with the - // specified option group. + // The interval, in seconds, between points when Enhanced Monitoring metrics + // are collected for the DB cluster. To turn off collecting Enhanced Monitoring + // metrics, specify 0. // - // Permanent options can't be removed from an option group. The option group - // can't be removed from a DB cluster once it is associated with a DB cluster. + // If MonitoringRoleArn is specified, also set MonitoringInterval to a value + // other than 0. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 + MonitoringInterval *int64 `type:"integer"` + + // The Amazon Resource Name (ARN) for the IAM role that permits RDS to send + // Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. + // For information on creating a monitoring role, see Setting up and enabling + // Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) + // in the Amazon RDS User Guide. + // + // If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn + // value. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + MonitoringRoleArn *string `type:"string"` + + // The network type of the DB cluster. + // + // The network type is determined by the DBSubnetGroup specified for the DB + // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and + // the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only + // + // Valid Values: IPV4 | DUAL + NetworkType *string `type:"string"` + + // The option group to associate the DB cluster with. + // + // DB clusters are associated with a default option group that can't be modified. OptionGroupName *string `type:"string"` + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. + // + // If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon + // RDS uses your default KMS key. There is a default KMS key for your Amazon + // Web Services account. Your Amazon Web Services account has a different default + // KMS key for each Amazon Web Services Region. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + PerformanceInsightsKMSKeyId *string `type:"string"` + + // The number of days to retain Performance Insights data. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // Valid Values: + // + // * 7 + // + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) + // + // * 731 + // + // Default: 7 days + // + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // issues an error. + PerformanceInsightsRetentionPeriod *int64 `type:"integer"` + // The port number on which the instances in the DB cluster accept connections. // - // Default: 3306 if engine is set as aurora or 5432 if set to aurora-postgresql. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: 1150-65535 + // + // Default: + // + // * RDS for MySQL and Aurora MySQL - 3306 + // + // * RDS for PostgreSQL and Aurora PostgreSQL - 5432 Port *int64 `type:"integer"` - // A URL that contains a Signature Version 4 signed request for the CreateDBCluster - // action to be called in the source AWS Region where the DB cluster is replicated - // from. You only need to specify PreSignedUrl when you are performing cross-region - // replication from an encrypted DB cluster. + // When you are replicating a DB cluster from one Amazon Web Services GovCloud + // (US) Region to another, an URL that contains a Signature Version 4 signed + // request for the CreateDBCluster operation to be called in the source Amazon + // Web Services Region where the DB cluster is replicated from. Specify PreSignedUrl + // only when you are performing cross-Region replication from an encrypted DB + // cluster. // - // The pre-signed URL must be a valid request for the CreateDBCluster API action - // that can be executed in the source AWS Region that contains the encrypted - // DB cluster to be copied. + // The presigned URL must be a valid request for the CreateDBCluster API operation + // that can run in the source Amazon Web Services Region that contains the encrypted + // DB cluster to copy. // - // The pre-signed URL request must contain the following parameter values: + // The presigned URL request must contain the following parameter values: // - // * KmsKeyId - The AWS KMS key identifier for the key to use to encrypt - // the copy of the DB cluster in the destination AWS Region. This should - // refer to the same AWS KMS CMK for both the CreateDBCluster action that - // is called in the destination AWS Region, and the action contained in the - // pre-signed URL. + // * KmsKeyId - The KMS key identifier for the KMS key to use to encrypt + // the copy of the DB cluster in the destination Amazon Web Services Region. + // This should refer to the same KMS key for both the CreateDBCluster operation + // that is called in the destination Amazon Web Services Region, and the + // operation contained in the presigned URL. // - // * DestinationRegion - The name of the AWS Region that Aurora read replica - // will be created in. + // * DestinationRegion - The name of the Amazon Web Services Region that + // Aurora read replica will be created in. // // * ReplicationSourceIdentifier - The DB cluster identifier for the encrypted // DB cluster to be copied. This identifier must be in the Amazon Resource - // Name (ARN) format for the source AWS Region. For example, if you are copying - // an encrypted DB cluster from the us-west-2 AWS Region, then your ReplicationSourceIdentifier - // would look like Example: arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1. + // Name (ARN) format for the source Amazon Web Services Region. For example, + // if you are copying an encrypted DB cluster from the us-west-2 Amazon Web + // Services Region, then your ReplicationSourceIdentifier would look like + // Example: arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1. // // To learn how to generate a Signature Version 4 signed request, see Authenticating - // Requests: Using Query Parameters (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + // Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + // (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) // and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // - // If you are using an AWS SDK tool or the AWS CLI, you can specify SourceRegion - // (or --source-region for the AWS CLI) instead of specifying PreSignedUrl manually. - // Specifying SourceRegion autogenerates a pre-signed URL that is a valid request - // for the operation that can be executed in the source AWS Region. + // If you are using an Amazon Web Services SDK tool or the CLI, you can specify + // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl + // manually. Specifying SourceRegion autogenerates a presigned URL that is a + // valid request for the operation that can run in the source Amazon Web Services + // Region. + // + // Valid for Cluster Type: Aurora DB clusters only PreSignedUrl *string `type:"string"` // The daily time range during which automated backups are created if automated // backups are enabled using the BackupRetentionPeriod parameter. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region. To see the time blocks available, see Adjusting - // the Preferred DB Cluster Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // of time for each Amazon Web Services Region. To view the time blocks available, + // see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) // in the Amazon Aurora User Guide. // // Constraints: @@ -17432,51 +22624,151 @@ type CreateDBClusterInput struct { // * Must be at least 30 minutes. PreferredBackupWindow *string `type:"string"` - // The weekly time range during which system maintenance can occur, in Universal - // Coordinated Time (UTC). + // The weekly time range during which system maintenance can occur. // - // Format: ddd:hh24:mi-ddd:hh24:mi + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region, occurring on a random day of the week. To see - // the time blocks available, see Adjusting the Preferred DB Cluster Maintenance - // Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // of time for each Amazon Web Services Region, occurring on a random day of + // the week. To see the time blocks available, see Adjusting the Preferred DB + // Cluster Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) // in the Amazon Aurora User Guide. // - // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + // Constraints: // - // Constraints: Minimum 30-minute window. + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. + // + // * Days must be one of Mon | Tue | Wed | Thu | Fri | Sat | Sun. + // + // * Must be in Universal Coordinated Time (UTC). + // + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` + // Specifies whether the DB cluster is publicly accessible. + // + // When the DB cluster is publicly accessible and you connect from outside of + // the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) + // endpoint resolves to the public IP address. When you connect from within + // the same VPC as the DB cluster, the endpoint resolves to the private IP address. + // Access to the DB cluster is ultimately controlled by the security group it + // uses. That public access isn't permitted if the security group assigned to + // the DB cluster doesn't permit it. + // + // When the DB cluster isn't publicly accessible, it is an internal DB cluster + // with a DNS name that resolves to a private IP address. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // Default: The default behavior varies depending on whether DBSubnetGroupName + // is specified. + // + // If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the default VPC in the target Region doesn’t have an internet gateway + // attached to it, the DB cluster is private. + // + // * If the default VPC in the target Region has an internet gateway attached + // to it, the DB cluster is public. + // + // If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the subnets are part of a VPC that doesn’t have an internet gateway + // attached to it, the DB cluster is private. + // + // * If the subnets are part of a VPC that has an internet gateway attached + // to it, the DB cluster is public. + PubliclyAccessible *bool `type:"boolean"` + + // Reserved for future use. + RdsCustomClusterConfiguration *RdsCustomClusterConfiguration `type:"structure"` + // The Amazon Resource Name (ARN) of the source DB instance or DB cluster if // this DB cluster is created as a read replica. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters ReplicationSourceIdentifier *string `type:"string"` // For DB clusters in serverless DB engine mode, the scaling properties of the // DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters only ScalingConfiguration *ScalingConfiguration `type:"structure"` + // Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + // + // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) + // in the Amazon Aurora User Guide. + ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfiguration `type:"structure"` + // SourceRegion is the source region where the resource exists. This is not // sent over the wire and is only used for presigning. This value should always // have the same region as the source ARN. SourceRegion *string `type:"string" ignore:"true"` - // A value that indicates whether the DB cluster is encrypted. + // Specifies whether the DB cluster is encrypted. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters StorageEncrypted *bool `type:"boolean"` + // The storage type to associate with the DB cluster. + // + // For information on storage types for Aurora DB clusters, see Storage configurations + // for Amazon Aurora DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type). + // For information on storage types for Multi-AZ DB clusters, see Settings for + // creating Multi-AZ DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings). + // + // This setting is required to create a Multi-AZ DB cluster. + // + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: + // + // * Aurora DB clusters - aurora | aurora-iopt1 + // + // * Multi-AZ DB clusters - io1 | io2 | gp3 + // + // Default: + // + // * Aurora DB clusters - aurora + // + // * Multi-AZ DB clusters - io1 + // + // When you create an Aurora DB cluster with the storage type set to aurora-iopt1, + // the storage type is returned in the response. The storage type isn't returned + // when you set it to aurora. + StorageType *string `type:"string"` + // Tags to assign to the DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Tags []*Tag `locationNameList:"Tag" type:"list"` // A list of EC2 VPC security groups to associate with this DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterInput) GoString() string { return s.String() } @@ -17497,6 +22789,18 @@ func (s *CreateDBClusterInput) Validate() error { return nil } +// SetAllocatedStorage sets the AllocatedStorage field's value. +func (s *CreateDBClusterInput) SetAllocatedStorage(v int64) *CreateDBClusterInput { + s.AllocatedStorage = &v + return s +} + +// SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. +func (s *CreateDBClusterInput) SetAutoMinorVersionUpgrade(v bool) *CreateDBClusterInput { + s.AutoMinorVersionUpgrade = &v + return s +} + // SetAvailabilityZones sets the AvailabilityZones field's value. func (s *CreateDBClusterInput) SetAvailabilityZones(v []*string) *CreateDBClusterInput { s.AvailabilityZones = v @@ -17515,6 +22819,12 @@ func (s *CreateDBClusterInput) SetBackupRetentionPeriod(v int64) *CreateDBCluste return s } +// SetCACertificateIdentifier sets the CACertificateIdentifier field's value. +func (s *CreateDBClusterInput) SetCACertificateIdentifier(v string) *CreateDBClusterInput { + s.CACertificateIdentifier = &v + return s +} + // SetCharacterSetName sets the CharacterSetName field's value. func (s *CreateDBClusterInput) SetCharacterSetName(v string) *CreateDBClusterInput { s.CharacterSetName = &v @@ -17533,6 +22843,12 @@ func (s *CreateDBClusterInput) SetDBClusterIdentifier(v string) *CreateDBCluster return s } +// SetDBClusterInstanceClass sets the DBClusterInstanceClass field's value. +func (s *CreateDBClusterInput) SetDBClusterInstanceClass(v string) *CreateDBClusterInput { + s.DBClusterInstanceClass = &v + return s +} + // SetDBClusterParameterGroupName sets the DBClusterParameterGroupName field's value. func (s *CreateDBClusterInput) SetDBClusterParameterGroupName(v string) *CreateDBClusterInput { s.DBClusterParameterGroupName = &v @@ -17545,6 +22861,12 @@ func (s *CreateDBClusterInput) SetDBSubnetGroupName(v string) *CreateDBClusterIn return s } +// SetDBSystemId sets the DBSystemId field's value. +func (s *CreateDBClusterInput) SetDBSystemId(v string) *CreateDBClusterInput { + s.DBSystemId = &v + return s +} + // SetDatabaseName sets the DatabaseName field's value. func (s *CreateDBClusterInput) SetDatabaseName(v string) *CreateDBClusterInput { s.DatabaseName = &v @@ -17599,12 +22921,36 @@ func (s *CreateDBClusterInput) SetEnableIAMDatabaseAuthentication(v bool) *Creat return s } +// SetEnableLimitlessDatabase sets the EnableLimitlessDatabase field's value. +func (s *CreateDBClusterInput) SetEnableLimitlessDatabase(v bool) *CreateDBClusterInput { + s.EnableLimitlessDatabase = &v + return s +} + +// SetEnableLocalWriteForwarding sets the EnableLocalWriteForwarding field's value. +func (s *CreateDBClusterInput) SetEnableLocalWriteForwarding(v bool) *CreateDBClusterInput { + s.EnableLocalWriteForwarding = &v + return s +} + +// SetEnablePerformanceInsights sets the EnablePerformanceInsights field's value. +func (s *CreateDBClusterInput) SetEnablePerformanceInsights(v bool) *CreateDBClusterInput { + s.EnablePerformanceInsights = &v + return s +} + // SetEngine sets the Engine field's value. func (s *CreateDBClusterInput) SetEngine(v string) *CreateDBClusterInput { s.Engine = &v return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *CreateDBClusterInput) SetEngineLifecycleSupport(v string) *CreateDBClusterInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineMode sets the EngineMode field's value. func (s *CreateDBClusterInput) SetEngineMode(v string) *CreateDBClusterInput { s.EngineMode = &v @@ -17623,30 +22969,78 @@ func (s *CreateDBClusterInput) SetGlobalClusterIdentifier(v string) *CreateDBClu return s } +// SetIops sets the Iops field's value. +func (s *CreateDBClusterInput) SetIops(v int64) *CreateDBClusterInput { + s.Iops = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *CreateDBClusterInput) SetKmsKeyId(v string) *CreateDBClusterInput { s.KmsKeyId = &v return s } +// SetManageMasterUserPassword sets the ManageMasterUserPassword field's value. +func (s *CreateDBClusterInput) SetManageMasterUserPassword(v bool) *CreateDBClusterInput { + s.ManageMasterUserPassword = &v + return s +} + // SetMasterUserPassword sets the MasterUserPassword field's value. func (s *CreateDBClusterInput) SetMasterUserPassword(v string) *CreateDBClusterInput { s.MasterUserPassword = &v return s } +// SetMasterUserSecretKmsKeyId sets the MasterUserSecretKmsKeyId field's value. +func (s *CreateDBClusterInput) SetMasterUserSecretKmsKeyId(v string) *CreateDBClusterInput { + s.MasterUserSecretKmsKeyId = &v + return s +} + // SetMasterUsername sets the MasterUsername field's value. func (s *CreateDBClusterInput) SetMasterUsername(v string) *CreateDBClusterInput { s.MasterUsername = &v return s } +// SetMonitoringInterval sets the MonitoringInterval field's value. +func (s *CreateDBClusterInput) SetMonitoringInterval(v int64) *CreateDBClusterInput { + s.MonitoringInterval = &v + return s +} + +// SetMonitoringRoleArn sets the MonitoringRoleArn field's value. +func (s *CreateDBClusterInput) SetMonitoringRoleArn(v string) *CreateDBClusterInput { + s.MonitoringRoleArn = &v + return s +} + +// SetNetworkType sets the NetworkType field's value. +func (s *CreateDBClusterInput) SetNetworkType(v string) *CreateDBClusterInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *CreateDBClusterInput) SetOptionGroupName(v string) *CreateDBClusterInput { s.OptionGroupName = &v return s } +// SetPerformanceInsightsKMSKeyId sets the PerformanceInsightsKMSKeyId field's value. +func (s *CreateDBClusterInput) SetPerformanceInsightsKMSKeyId(v string) *CreateDBClusterInput { + s.PerformanceInsightsKMSKeyId = &v + return s +} + +// SetPerformanceInsightsRetentionPeriod sets the PerformanceInsightsRetentionPeriod field's value. +func (s *CreateDBClusterInput) SetPerformanceInsightsRetentionPeriod(v int64) *CreateDBClusterInput { + s.PerformanceInsightsRetentionPeriod = &v + return s +} + // SetPort sets the Port field's value. func (s *CreateDBClusterInput) SetPort(v int64) *CreateDBClusterInput { s.Port = &v @@ -17671,6 +23065,18 @@ func (s *CreateDBClusterInput) SetPreferredMaintenanceWindow(v string) *CreateDB return s } +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *CreateDBClusterInput) SetPubliclyAccessible(v bool) *CreateDBClusterInput { + s.PubliclyAccessible = &v + return s +} + +// SetRdsCustomClusterConfiguration sets the RdsCustomClusterConfiguration field's value. +func (s *CreateDBClusterInput) SetRdsCustomClusterConfiguration(v *RdsCustomClusterConfiguration) *CreateDBClusterInput { + s.RdsCustomClusterConfiguration = v + return s +} + // SetReplicationSourceIdentifier sets the ReplicationSourceIdentifier field's value. func (s *CreateDBClusterInput) SetReplicationSourceIdentifier(v string) *CreateDBClusterInput { s.ReplicationSourceIdentifier = &v @@ -17683,6 +23089,12 @@ func (s *CreateDBClusterInput) SetScalingConfiguration(v *ScalingConfiguration) return s } +// SetServerlessV2ScalingConfiguration sets the ServerlessV2ScalingConfiguration field's value. +func (s *CreateDBClusterInput) SetServerlessV2ScalingConfiguration(v *ServerlessV2ScalingConfiguration) *CreateDBClusterInput { + s.ServerlessV2ScalingConfiguration = v + return s +} + // SetSourceRegion sets the SourceRegion field's value. func (s *CreateDBClusterInput) SetSourceRegion(v string) *CreateDBClusterInput { s.SourceRegion = &v @@ -17695,6 +23107,12 @@ func (s *CreateDBClusterInput) SetStorageEncrypted(v bool) *CreateDBClusterInput return s } +// SetStorageType sets the StorageType field's value. +func (s *CreateDBClusterInput) SetStorageType(v string) *CreateDBClusterInput { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *CreateDBClusterInput) SetTags(v []*Tag) *CreateDBClusterInput { s.Tags = v @@ -17710,19 +23128,41 @@ func (s *CreateDBClusterInput) SetVpcSecurityGroupIds(v []*string) *CreateDBClus type CreateDBClusterOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterOutput) GoString() string { return s.String() } @@ -17740,7 +23180,7 @@ type CreateDBClusterParameterGroupInput struct { // // Constraints: // - // * Must match the name of an existing DB cluster parameter group. + // * Must not match the name of an existing DB cluster parameter group. // // This value is stored as a lowercase string. // @@ -17754,11 +23194,43 @@ type CreateDBClusterParameterGroupInput struct { // // Aurora MySQL // - // Example: aurora5.6, aurora-mysql5.7 + // Example: aurora-mysql5.7, aurora-mysql8.0 // // Aurora PostgreSQL // - // Example: aurora-postgresql9.6 + // Example: aurora-postgresql14 + // + // RDS for MySQL + // + // Example: mysql8.0 + // + // RDS for PostgreSQL + // + // Example: postgres13 + // + // To list all of the available parameter group families for a DB engine, use + // the following command: + // + // aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + // --engine + // + // For example, to list all of the available parameter group families for the + // Aurora PostgreSQL DB engine, use the following command: + // + // aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + // --engine aurora-postgresql + // + // The output contains duplicates. + // + // The following are the valid DB engine values: + // + // * aurora-mysql + // + // * aurora-postgresql + // + // * mysql + // + // * postgres // // DBParameterGroupFamily is a required field DBParameterGroupFamily *string `type:"string" required:"true"` @@ -17772,12 +23244,20 @@ type CreateDBClusterParameterGroupInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterParameterGroupInput) GoString() string { return s.String() } @@ -17835,12 +23315,20 @@ type CreateDBClusterParameterGroupOutput struct { DBClusterParameterGroup *DBClusterParameterGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterParameterGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterParameterGroupOutput) GoString() string { return s.String() } @@ -17886,12 +23374,20 @@ type CreateDBClusterSnapshotInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterSnapshotInput) GoString() string { return s.String() } @@ -17940,12 +23436,20 @@ type CreateDBClusterSnapshotOutput struct { DBClusterSnapshot *DBClusterSnapshot `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBClusterSnapshotOutput) GoString() string { return s.String() } @@ -17959,148 +23463,229 @@ func (s *CreateDBClusterSnapshotOutput) SetDBClusterSnapshot(v *DBClusterSnapsho type CreateDBInstanceInput struct { _ struct{} `type:"structure"` - // The amount of storage (in gibibytes) to allocate for the DB instance. + // The amount of storage in gibibytes (GiB) to allocate for the DB instance. // - // Type: Integer + // This setting doesn't apply to Amazon Aurora DB instances. Aurora cluster + // volumes automatically grow as the amount of data in your database increases, + // though you are only charged for the space that you use in an Aurora cluster + // volume. // - // Amazon Aurora + // Amazon RDS Custom // - // Not applicable. Aurora cluster volumes automatically grow as the amount of - // data in your database increases, though you are only charged for the space - // that you use in an Aurora cluster volume. + // Constraints to the amount of storage for each storage type are the following: // - // MySQL + // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 40 + // to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. // - // Constraints to the amount of storage for each storage type are the following: + // * Provisioned IOPS storage (io1, io2): Must be an integer from 40 to 65536 + // for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. // - // * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + // RDS for Db2 // - // * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // Constraints to the amount of storage for each storage type are the following: // - // * Magnetic storage (standard): Must be an integer from 5 to 3072. + // * General Purpose (SSD) storage (gp3): Must be an integer from 20 to 65536. // - // MariaDB + // * Provisioned IOPS storage (io1, io2): Must be an integer from 100 to + // 65536. + // + // RDS for MariaDB // // Constraints to the amount of storage for each storage type are the following: // - // * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + // to 65536. // - // * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // * Provisioned IOPS storage (io1, io2): Must be an integer from 100 to + // 65536. // // * Magnetic storage (standard): Must be an integer from 5 to 3072. // - // PostgreSQL + // RDS for MySQL // // Constraints to the amount of storage for each storage type are the following: // - // * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + // to 65536. // - // * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // * Provisioned IOPS storage (io1, io2): Must be an integer from 100 to + // 65536. // // * Magnetic storage (standard): Must be an integer from 5 to 3072. // - // Oracle + // RDS for Oracle // // Constraints to the amount of storage for each storage type are the following: // - // * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + // to 65536. // - // * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + // * Provisioned IOPS storage (io1, io2): Must be an integer from 100 to + // 65536. // // * Magnetic storage (standard): Must be an integer from 10 to 3072. // - // SQL Server + // RDS for PostgreSQL // // Constraints to the amount of storage for each storage type are the following: // - // * General Purpose (SSD) storage (gp2): Enterprise and Standard editions: - // Must be an integer from 200 to 16384. Web and Express editions: Must be + // * General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + // to 65536. + // + // * Provisioned IOPS storage (io1, io2): Must be an integer from 100 to + // 65536. + // + // * Magnetic storage (standard): Must be an integer from 5 to 3072. + // + // RDS for SQL Server + // + // Constraints to the amount of storage for each storage type are the following: + // + // * General Purpose (SSD) storage (gp2, gp3): Enterprise and Standard editions: + // Must be an integer from 20 to 16384. Web and Express editions: Must be // an integer from 20 to 16384. // - // * Provisioned IOPS storage (io1): Enterprise and Standard editions: Must - // be an integer from 200 to 16384. Web and Express editions: Must be an - // integer from 100 to 16384. + // * Provisioned IOPS storage (io1, io2): Enterprise and Standard editions: + // Must be an integer from 100 to 16384. Web and Express editions: Must be + // an integer from 100 to 16384. // // * Magnetic storage (standard): Enterprise and Standard editions: Must - // be an integer from 200 to 1024. Web and Express editions: Must be an integer + // be an integer from 20 to 1024. Web and Express editions: Must be an integer // from 20 to 1024. AllocatedStorage *int64 `type:"integer"` - // A value that indicates whether minor engine upgrades are applied automatically - // to the DB instance during the maintenance window. By default, minor engine - // upgrades are applied automatically. + // Specifies whether minor engine upgrades are applied automatically to the + // DB instance during the maintenance window. By default, minor engine upgrades + // are applied automatically. + // + // If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade + // to false. AutoMinorVersionUpgrade *bool `type:"boolean"` // The Availability Zone (AZ) where the database will be created. For information - // on AWS Regions and Availability Zones, see Regions and Availability Zones - // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). + // on Amazon Web Services Regions and Availability Zones, see Regions and Availability + // Zones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). // - // Default: A random, system-chosen Availability Zone in the endpoint's AWS - // Region. + // For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in + // three separate Availability Zones. Specify one of these Availability Zones. + // Aurora automatically chooses an appropriate Availability Zone if you don't + // specify one. // - // Example: us-east-1d + // Default: A random, system-chosen Availability Zone in the endpoint's Amazon + // Web Services Region. // - // Constraint: The AvailabilityZone parameter can't be specified if the DB instance - // is a Multi-AZ deployment. The specified Availability Zone must be in the - // same AWS Region as the current endpoint. + // Constraints: // - // If you're creating a DB instance in an RDS on VMware environment, specify - // the identifier of the custom Availability Zone to create the DB instance - // in. + // * The AvailabilityZone parameter can't be specified if the DB instance + // is a Multi-AZ deployment. // - // For more information about RDS on VMware, see the RDS on VMware User Guide. - // (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) + // * The specified Availability Zone must be in the same Amazon Web Services + // Region as the current endpoint. + // + // Example: us-east-1d AvailabilityZone *string `type:"string"` // The number of days for which automated backups are retained. Setting this // parameter to a positive number enables backups. Setting this parameter to // 0 disables automated backups. // - // Amazon Aurora - // - // Not applicable. The retention period for automated backups is managed by - // the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The retention period + // for automated backups is managed by the DB cluster. // // Default: 1 // // Constraints: // - // * Must be a value from 0 to 35 + // * Must be a value from 0 to 35. + // + // * Can't be set to 0 if the DB instance is a source to read replicas. // - // * Can't be set to 0 if the DB instance is a source to read replicas + // * Can't be set to 0 for an RDS Custom for Oracle DB instance. BackupRetentionPeriod *int64 `type:"integer"` - // For supported engines, indicates that the DB instance should be associated - // with the specified CharacterSet. + // The location for storing automated backups and manual snapshots. // - // Amazon Aurora + // Valid Values: // - // Not applicable. The character set is managed by the DB cluster. For more - // information, see CreateDBCluster. - CharacterSetName *string `type:"string"` + // * outposts (Amazon Web Services Outposts) + // + // * region (Amazon Web Services Region) + // + // Default: region + // + // For more information, see Working with Amazon RDS on Amazon Web Services + // Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + BackupTarget *string `type:"string"` - // A value that indicates whether to copy tags from the DB instance to snapshots - // of the DB instance. By default, tags are not copied. + // The CA certificate identifier to use for the DB instance's server certificate. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CACertificateIdentifier *string `type:"string"` + + // For supported engines, the character set (CharacterSet) to associate the + // DB instance with. + // + // This setting doesn't apply to the following DB instances: + // + // * Amazon Aurora - The character set is managed by the DB cluster. For + // more information, see CreateDBCluster. // - // Amazon Aurora + // * RDS Custom - However, if you need to change the character set, you can + // change it on the database itself. + CharacterSetName *string `type:"string"` + + // Specifies whether to copy tags from the DB instance to snapshots of the DB + // instance. By default, tags are not copied. // - // Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting - // this value for an Aurora DB instance has no effect on the DB cluster setting. + // This setting doesn't apply to Amazon Aurora DB instances. Copying tags to + // snapshots is managed by the DB cluster. Setting this value for an Aurora + // DB instance has no effect on the DB cluster setting. CopyTagsToSnapshot *bool `type:"boolean"` - // The identifier of the DB cluster that the instance will belong to. + // The instance profile associated with the underlying Amazon EC2 instance of + // an RDS Custom DB instance. + // + // This setting is required for RDS Custom. + // + // Constraints: + // + // * The profile must exist in your account. + // + // * The profile must have an IAM role that Amazon EC2 has permissions to + // assume. + // + // * The instance profile name and the associated IAM role name must start + // with the prefix AWSRDSCustom. + // + // For the list of permissions required for the IAM role, see Configure IAM + // and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) + // in the Amazon RDS User Guide. + CustomIamInstanceProfile *string `type:"string"` + + // The identifier of the DB cluster that this DB instance will belong to. + // + // This setting doesn't apply to RDS Custom DB instances. DBClusterIdentifier *string `type:"string"` - // The compute and memory capacity of the DB instance, for example, db.m4.large. - // Not all DB instance classes are available in all AWS Regions, or for all - // database engines. For the full list of DB instance classes, and availability - // for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) - // in the Amazon RDS User Guide. + // The compute and memory capacity of the DB instance, for example db.m5.large. + // Not all DB instance classes are available in all Amazon Web Services Regions, + // or for all database engines. For the full list of DB instance classes, and + // availability for your engine, see DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide or Aurora DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) + // in the Amazon Aurora User Guide. // // DBInstanceClass is a required field DBInstanceClass *string `type:"string" required:"true"` - // The DB instance identifier. This parameter is stored as a lowercase string. + // The identifier for this DB instance. This parameter is stored as a lowercase + // string. // // Constraints: // @@ -18118,10 +23703,61 @@ type CreateDBInstanceInput struct { // The meaning of this parameter differs according to the database engine you // use. // - // MySQL + // Amazon Aurora MySQL + // + // The name of the database to create when the primary DB instance of the Aurora + // MySQL DB cluster is created. If this parameter isn't specified for an Aurora + // MySQL DB cluster, no database is created in the DB cluster. + // + // Constraints: + // + // * Must contain 1 to 64 alphanumeric characters. + // + // * Can't be a word reserved by the database engine. + // + // Amazon Aurora PostgreSQL + // + // The name of the database to create when the primary DB instance of the Aurora + // PostgreSQL DB cluster is created. A database named postgres is always created. + // If this parameter is specified, an additional database with this name is + // created. + // + // Constraints: + // + // * It must contain 1 to 63 alphanumeric characters. + // + // * Must begin with a letter. Subsequent characters can be letters, underscores, + // or digits (0 to 9). + // + // * Can't be a word reserved by the database engine. + // + // Amazon RDS Custom for Oracle + // + // The Oracle System ID (SID) of the created RDS Custom DB instance. If you + // don't specify a value, the default value is ORCL for non-CDBs and RDSCDB + // for CDBs. + // + // Default: ORCL + // + // Constraints: + // + // * Must contain 1 to 8 alphanumeric characters. + // + // * Must contain a letter. + // + // * Can't be a word reserved by the database engine. + // + // Amazon RDS Custom for SQL Server + // + // Not applicable. Must be null. + // + // RDS for Db2 // // The name of the database to create when the DB instance is created. If this - // parameter isn't specified, no database is created in the DB instance. + // parameter isn't specified, no database is created in the DB instance. In + // some cases, we recommend that you don't add a database name. For more information, + // see Additional considerations (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-db-instance-prereqs.html#db2-prereqs-additional-considerations) + // in the Amazon RDS User Guide. // // Constraints: // @@ -18130,9 +23766,9 @@ type CreateDBInstanceInput struct { // * Must begin with a letter. Subsequent characters can be letters, underscores, // or digits (0-9). // - // * Can't be a word reserved by the specified database engine + // * Can't be a word reserved by the specified database engine. // - // MariaDB + // RDS for MariaDB // // The name of the database to create when the DB instance is created. If this // parameter isn't specified, no database is created in the DB instance. @@ -18144,159 +23780,259 @@ type CreateDBInstanceInput struct { // * Must begin with a letter. Subsequent characters can be letters, underscores, // or digits (0-9). // - // * Can't be a word reserved by the specified database engine + // * Can't be a word reserved by the specified database engine. // - // PostgreSQL + // RDS for MySQL // // The name of the database to create when the DB instance is created. If this - // parameter isn't specified, the default "postgres" database is created in - // the DB instance. + // parameter isn't specified, no database is created in the DB instance. // // Constraints: // - // * Must contain 1 to 63 letters, numbers, or underscores. + // * Must contain 1 to 64 letters or numbers. // // * Must begin with a letter. Subsequent characters can be letters, underscores, // or digits (0-9). // - // * Can't be a word reserved by the specified database engine + // * Can't be a word reserved by the specified database engine. // - // Oracle + // RDS for Oracle // - // The Oracle System ID (SID) of the created DB instance. If you specify null, - // the default value ORCL is used. You can't specify the string NULL, or any - // other reserved word, for DBName. + // The Oracle System ID (SID) of the created DB instance. If you don't specify + // a value, the default value is ORCL. You can't specify the string null, or + // any other reserved word, for DBName. // // Default: ORCL // // Constraints: // - // * Can't be longer than 8 characters + // * Can't be longer than 8 characters. // - // SQL Server + // RDS for PostgreSQL // - // Not applicable. Must be null. + // The name of the database to create when the DB instance is created. A database + // named postgres is always created. If this parameter is specified, an additional + // database with this name is created. // - // Amazon Aurora + // Constraints: // - // The name of the database to create when the primary instance of the DB cluster - // is created. If this parameter isn't specified, no database is created in - // the DB instance. + // * Must contain 1 to 63 letters, numbers, or underscores. // - // Constraints: + // * Must begin with a letter. Subsequent characters can be letters, underscores, + // or digits (0-9). // - // * Must contain 1 to 64 letters or numbers. + // * Can't be a word reserved by the specified database engine. + // + // RDS for SQL Server // - // * Can't be a word reserved by the specified database engine + // Not applicable. Must be null. DBName *string `type:"string"` // The name of the DB parameter group to associate with this DB instance. If - // you do not specify a value, then the default DB parameter group for the specified - // DB engine and version is used. + // you don't specify a value, then Amazon RDS uses the default DB parameter + // group for the specified DB engine and version. + // + // This setting doesn't apply to RDS Custom DB instances. // // Constraints: // // * Must be 1 to 255 letters, numbers, or hyphens. // - // * First character must be a letter + // * The first character must be a letter. // - // * Can't end with a hyphen or contain two consecutive hyphens + // * Can't end with a hyphen or contain two consecutive hyphens. DBParameterGroupName *string `type:"string"` // A list of DB security groups to associate with this DB instance. // - // Default: The default DB security group for the database engine. + // This setting applies to the legacy EC2-Classic platform, which is no longer + // used to create new DB instances. Use the VpcSecurityGroupIds setting instead. DBSecurityGroups []*string `locationNameList:"DBSecurityGroupName" type:"list"` // A DB subnet group to associate with this DB instance. // - // If there is no DB subnet group, then it is a non-VPC DB instance. - DBSubnetGroupName *string `type:"string"` - - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. For more information, see Deleting a DB - // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + // Constraints: // - // Amazon Aurora + // * Must match the name of an existing DB subnet group. // - // Not applicable. You can enable or disable deletion protection for the DB - // cluster. For more information, see CreateDBCluster. DB instances in a DB - // cluster can be deleted even when deletion protection is enabled for the DB - // cluster. + // * Must not be default. + // + // Example: mydbsubnetgroup + DBSubnetGroupName *string `type:"string"` + + // The Oracle system identifier (SID), which is the name of the Oracle database + // instance that manages your database files. In this context, the term "Oracle + // database instance" refers exclusively to the system global area (SGA) and + // Oracle background processes. If you don't specify a SID, the value defaults + // to RDSCDB. The Oracle SID is also the name of your CDB. + DBSystemId *string `type:"string"` + + // Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DedicatedLogVolume *bool `type:"boolean"` + + // Specifies whether the DB instance has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. For more information, see Deleting a DB Instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + // + // This setting doesn't apply to Amazon Aurora DB instances. You can enable + // or disable deletion protection for the DB cluster. For more information, + // see CreateDBCluster. DB instances in a DB cluster can be deleted even when + // deletion protection is enabled for the DB cluster. DeletionProtection *bool `type:"boolean"` // The Active Directory directory ID to create the DB instance in. Currently, - // only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can - // be created in an Active Directory Domain. + // you can create only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL + // DB instances in an Active Directory Domain. // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to the following DB instances: + // + // * Amazon Aurora (The domain is managed by the DB cluster.) + // + // * RDS Custom Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The ARN for the Secrets Manager secret with the credentials for the user + // joining the domain. + // + // Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456 + DomainAuthSecretArn *string `type:"string"` + + // The IPv4 DNS IP addresses of your primary and secondary Active Directory + // domain controllers. + // + // Constraints: + // + // * Two IP addresses must be provided. If there isn't a secondary domain + // controller, use the IP address of the primary domain controller for both + // entries in the list. + // + // Example: 123.124.125.126,234.235.236.237 + DomainDnsIps []*string `type:"list"` + + // The fully qualified domain name (FQDN) of an Active Directory domain. + // + // Constraints: + // + // * Can't be longer than 64 characters. + // + // Example: mymanagedADtest.mymanagedAD.mydomain + DomainFqdn *string `type:"string"` + + // The name of the IAM role to use when making API calls to the Directory Service. + // + // This setting doesn't apply to the following DB instances: + // + // * Amazon Aurora (The domain is managed by the DB cluster.) + // + // * RDS Custom DomainIAMRoleName *string `type:"string"` - // The list of log types that need to be enabled for exporting to CloudWatch - // Logs. The values in the list depend on the DB engine being used. For more - // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) - // in the Amazon Relational Database Service User Guide. + // The Active Directory organizational unit for your DB instance to join. // - // Amazon Aurora + // Constraints: // - // Not applicable. CloudWatch Logs exports are managed by the DB cluster. + // * Must be in the distinguished name format. // - // MariaDB + // * Can't be longer than 64 characters. // - // Possible values are audit, error, general, and slowquery. + // Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain + DomainOu *string `type:"string"` + + // The list of log types to enable for exporting to CloudWatch Logs. For more + // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // in the Amazon RDS User Guide. // - // Microsoft SQL Server + // This setting doesn't apply to the following DB instances: // - // Possible values are agent and error. + // * Amazon Aurora (CloudWatch Logs exports are managed by the DB cluster.) // - // MySQL + // * RDS Custom // - // Possible values are audit, error, general, and slowquery. + // The following values are valid for each DB engine: // - // Oracle + // * RDS for Db2 - diag.log | notify.log // - // Possible values are alert, audit, listener, and trace. + // * RDS for MariaDB - audit | error | general | slowquery // - // PostgreSQL + // * RDS for Microsoft SQL Server - agent | error // - // Possible values are postgresql and upgrade. + // * RDS for MySQL - audit | error | general | slowquery + // + // * RDS for Oracle - alert | audit | listener | trace | oemagent + // + // * RDS for PostgreSQL - postgresql | upgrade EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable a customer-owned IP address (CoIP) for an RDS + // on Outposts DB instance. + // + // A CoIP provides local or external connectivity to resources in your Outpost + // subnets through your on-premises network. For some use cases, a CoIP can + // provide lower latency for connections to the DB instance from outside of + // its virtual private cloud (VPC) on your local network. // - // This setting doesn't apply to Amazon Aurora. Mapping AWS IAM accounts to - // database accounts is managed by the DB cluster. + // For more information about RDS on Outposts, see Working with Amazon RDS on + // Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + // + // For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + // in the Amazon Web Services Outposts User Guide. + EnableCustomerOwnedIp *bool `type:"boolean"` + + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication for MySQL and PostgreSQL // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to the following DB instances: + // + // * Amazon Aurora (Mapping Amazon Web Services IAM accounts to database + // accounts is managed by the DB cluster.) + // + // * RDS Custom EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to enable Performance Insights for the DB - // instance. + // Specifies whether to enable Performance Insights for the DB instance. For + // more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + // in the Amazon RDS User Guide. // - // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) - // in the Amazon Relational Database Service User Guide. + // This setting doesn't apply to RDS Custom DB instances. EnablePerformanceInsights *bool `type:"boolean"` - // The name of the database engine to be used for this instance. + // The database engine to use for this DB instance. // - // Not every database engine is available for every AWS Region. + // Not every database engine is available in every Amazon Web Services Region. // // Valid Values: // - // * aurora (for MySQL 5.6-compatible Aurora) + // * aurora-mysql (for Aurora MySQL DB instances) // - // * aurora-mysql (for MySQL 5.7-compatible Aurora) + // * aurora-postgresql (for Aurora PostgreSQL DB instances) // - // * aurora-postgresql + // * custom-oracle-ee (for RDS Custom for Oracle DB instances) + // + // * custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances) + // + // * custom-oracle-se2 (for RDS Custom for Oracle DB instances) + // + // * custom-oracle-se2-cdb (for RDS Custom for Oracle DB instances) + // + // * custom-sqlserver-ee (for RDS Custom for SQL Server DB instances) + // + // * custom-sqlserver-se (for RDS Custom for SQL Server DB instances) + // + // * custom-sqlserver-web (for RDS Custom for SQL Server DB instances) + // + // * db2-ae + // + // * db2-se // // * mariadb // @@ -18304,11 +24040,11 @@ type CreateDBInstanceInput struct { // // * oracle-ee // - // * oracle-se2 + // * oracle-ee-cdb // - // * oracle-se1 + // * oracle-se2 // - // * oracle-se + // * oracle-se2-cdb // // * postgres // @@ -18323,287 +24059,389 @@ type CreateDBInstanceInput struct { // Engine is a required field Engine *string `type:"string" required:"true"` + // The life cycle type for this DB instance. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, creating + // the DB instance will fail if the DB major version is past its end of standard + // support date. + // + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The version number of the database engine to use. // - // For a list of valid engine versions, use the DescribeDBEngineVersions action. + // This setting doesn't apply to Amazon Aurora DB instances. The version number + // of the database engine the DB instance uses is managed by the DB cluster. + // + // For a list of valid engine versions, use the DescribeDBEngineVersions operation. // // The following are the database engines and links to information about the // major and minor versions that are available with Amazon RDS. Not every database - // engine is available for every AWS Region. + // engine is available for every Amazon Web Services Region. // - // Amazon Aurora + // Amazon RDS Custom for Oracle // - // Not applicable. The version number of the database engine to be used by the - // DB instance is managed by the DB cluster. + // A custom engine version (CEV) that you have previously created. This setting + // is required for RDS Custom for Oracle. The CEV name has the following format: + // 19.customized_string. A valid CEV name is 19.my_cev1. For more information, + // see Creating an RDS Custom for Oracle DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-creating.html#custom-creating.create) + // in the Amazon RDS User Guide. // - // MariaDB + // Amazon RDS Custom for SQL Server // - // See MariaDB on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) + // See RDS Custom for SQL Server general requirements (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits-MS.html) // in the Amazon RDS User Guide. // - // Microsoft SQL Server + // RDS for Db2 // - // See Microsoft SQL Server Versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) + // For information, see Db2 on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) // in the Amazon RDS User Guide. // - // MySQL + // RDS for MariaDB // - // See MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + // For information, see MariaDB on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) // in the Amazon RDS User Guide. // - // Oracle + // RDS for Microsoft SQL Server // - // See Oracle Database Engine Release Notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) + // For information, see Microsoft SQL Server versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) // in the Amazon RDS User Guide. // - // PostgreSQL + // RDS for MySQL // - // See Supported PostgreSQL Database Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions) + // For information, see MySQL on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + // in the Amazon RDS User Guide. + // + // RDS for Oracle + // + // For information, see Oracle Database Engine release notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) + // in the Amazon RDS User Guide. + // + // RDS for PostgreSQL + // + // For information, see Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) // in the Amazon RDS User Guide. EngineVersion *string `type:"string"` - // The amount of Provisioned IOPS (input/output operations per second) to be - // initially allocated for the DB instance. For information about valid Iops - // values, see Amazon RDS Provisioned IOPS Storage to Improve Performance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // The amount of Provisioned IOPS (input/output operations per second) to initially + // allocate for the DB instance. For information about valid IOPS values, see + // Amazon RDS DB instance storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html) // in the Amazon RDS User Guide. // - // Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must - // be a multiple between .5 and 50 of the storage amount for the DB instance. - // For SQL Server DB instances, must be a multiple between 1 and 50 of the storage - // amount for the DB instance. + // This setting doesn't apply to Amazon Aurora DB instances. Storage is managed + // by the DB cluster. + // + // Constraints: + // + // * For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a + // multiple between .5 and 50 of the storage amount for the DB instance. + // + // * For RDS for SQL Server - Must be a multiple between 1 and 50 of the + // storage amount for the DB instance. Iops *int64 `type:"integer"` - // The AWS KMS key identifier for an encrypted DB instance. - // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). To use a CMK in a different AWS - // account, specify the key ARN or alias ARN. + // The Amazon Web Services KMS key identifier for an encrypted DB instance. // - // Amazon Aurora + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. // - // Not applicable. The AWS KMS key identifier is managed by the DB cluster. - // For more information, see CreateDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. The Amazon Web + // Services KMS key identifier is managed by the DB cluster. For more information, + // see CreateDBCluster. // // If StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId - // parameter, then Amazon RDS uses your default CMK. There is a default CMK - // for your AWS account. Your AWS account has a different default CMK for each - // AWS Region. + // parameter, then Amazon RDS uses your default KMS key. There is a default + // KMS key for your Amazon Web Services account. Your Amazon Web Services account + // has a different default KMS key for each Amazon Web Services Region. + // + // For Amazon RDS Custom, a KMS key is required for DB instances. For most RDS + // engines, if you leave this parameter empty while enabling StorageEncrypted, + // the engine uses the default KMS key. However, RDS Custom doesn't use the + // default key when this parameter is empty. You must explicitly specify a key. KmsKeyId *string `type:"string"` - // License model information for this DB instance. + // The license model information for this DB instance. // - // Valid values: license-included | bring-your-own-license | general-public-license - LicenseModel *string `type:"string"` - - // The password for the master user. The password can include any printable - // ASCII character except "/", """, or "@". + // License models for RDS for Db2 require additional configuration. The Bring + // Your Own License (BYOL) model requires a custom parameter group. The Db2 + // license through Amazon Web Services Marketplace model requires an Amazon + // Web Services Marketplace subscription. For more information, see RDS for + // Db2 licensing options (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) + // in the Amazon RDS User Guide. // - // Amazon Aurora + // The default for RDS for Db2 is bring-your-own-license. // - // Not applicable. The password for the master user is managed by the DB cluster. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. // - // MariaDB + // Valid Values: // - // Constraints: Must contain from 8 to 41 characters. + // * RDS for Db2 - bring-your-own-license | marketplace-license // - // Microsoft SQL Server + // * RDS for MariaDB - general-public-license // - // Constraints: Must contain from 8 to 128 characters. + // * RDS for Microsoft SQL Server - license-included // - // MySQL + // * RDS for MySQL - general-public-license // - // Constraints: Must contain from 8 to 41 characters. + // * RDS for Oracle - bring-your-own-license | license-included // - // Oracle + // * RDS for PostgreSQL - postgresql-license + LicenseModel *string `type:"string"` + + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. // - // Constraints: Must contain from 8 to 30 characters. + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide. // - // PostgreSQL + // Constraints: // - // Constraints: Must contain from 8 to 128 characters. - MasterUserPassword *string `type:"string"` + // * Can't manage the master user password with Amazon Web Services Secrets + // Manager if MasterUserPassword is specified. + ManageMasterUserPassword *bool `type:"boolean"` - // The name for the master user. - // - // Amazon Aurora + // The password for the master user. // - // Not applicable. The name for the master user is managed by the DB cluster. - // - // MariaDB + // This setting doesn't apply to Amazon Aurora DB instances. The password for + // the master user is managed by the DB cluster. // // Constraints: // - // * Required for MariaDB. + // * Can't be specified if ManageMasterUserPassword is turned on. // - // * Must be 1 to 16 letters or numbers. + // * Can include any printable ASCII character except "/", """, or "@". For + // RDS for Oracle, can't include the "&" (ampersand) or the "'" (single quotes) + // character. // - // * Can't be a reserved word for the chosen database engine. + // Length Constraints: // - // Microsoft SQL Server + // * RDS for Db2 - Must contain from 8 to 255 characters. // - // Constraints: + // * RDS for MariaDB - Must contain from 8 to 41 characters. // - // * Required for SQL Server. + // * RDS for Microsoft SQL Server - Must contain from 8 to 128 characters. // - // * Must be 1 to 128 letters or numbers. + // * RDS for MySQL - Must contain from 8 to 41 characters. // - // * The first character must be a letter. + // * RDS for Oracle - Must contain from 8 to 30 characters. // - // * Can't be a reserved word for the chosen database engine. - // - // MySQL + // * RDS for PostgreSQL - Must contain from 8 to 128 characters. + MasterUserPassword *string `type:"string"` + + // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + // generated and managed in Amazon Web Services Secrets Manager. // - // Constraints: + // This setting is valid only if the master user password is managed by RDS + // in Amazon Web Services Secrets Manager for the DB instance. // - // * Required for MySQL. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. // - // * Must be 1 to 16 letters or numbers. + // If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + // KMS key is used to encrypt the secret. If the secret is in a different Amazon + // Web Services account, then you can't use the aws/secretsmanager KMS key to + // encrypt the secret, and you must use a customer managed KMS key. // - // * First character must be a letter. + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. + MasterUserSecretKmsKeyId *string `type:"string"` + + // The name for the master user. // - // * Can't be a reserved word for the chosen database engine. + // This setting doesn't apply to Amazon Aurora DB instances. The name for the + // master user is managed by the DB cluster. // - // Oracle + // This setting is required for RDS DB instances. // // Constraints: // - // * Required for Oracle. - // - // * Must be 1 to 30 letters or numbers. + // * Must be 1 to 16 letters, numbers, or underscores. // // * First character must be a letter. // // * Can't be a reserved word for the chosen database engine. + MasterUsername *string `type:"string"` + + // The upper limit in gibibytes (GiB) to which Amazon RDS can automatically + // scale the storage of the DB instance. // - // PostgreSQL - // - // Constraints: - // - // * Required for PostgreSQL. + // For more information about this setting, including limitations that apply + // to it, see Managing capacity automatically with Amazon RDS storage autoscaling + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) + // in the Amazon RDS User Guide. // - // * Must be 1 to 63 letters or numbers. + // This setting doesn't apply to the following DB instances: // - // * First character must be a letter. + // * Amazon Aurora (Storage is managed by the DB cluster.) // - // * Can't be a reserved word for the chosen database engine. - MasterUsername *string `type:"string"` - - // The upper limit to which Amazon RDS can automatically scale the storage of - // the DB instance. + // * RDS Custom MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics - // are collected for the DB instance. To disable collecting Enhanced Monitoring - // metrics, specify 0. The default is 0. + // are collected for the DB instance. To disable collection of Enhanced Monitoring + // metrics, specify 0. // - // If MonitoringRoleArn is specified, then you must also set MonitoringInterval - // to a value other than 0. + // If MonitoringRoleArn is specified, then you must set MonitoringInterval to + // a value other than 0. // - // Valid Values: 0, 1, 5, 10, 15, 30, 60 + // This setting doesn't apply to RDS Custom DB instances. + // + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 MonitoringInterval *int64 `type:"integer"` // The ARN for the IAM role that permits RDS to send enhanced monitoring metrics // to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. - // For information on creating a monitoring role, go to Setting Up and Enabling + // For information on creating a monitoring role, see Setting Up and Enabling // Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) // in the Amazon RDS User Guide. // // If MonitoringInterval is set to a value other than 0, then you must supply // a MonitoringRoleArn value. + // + // This setting doesn't apply to RDS Custom DB instances. MonitoringRoleArn *string `type:"string"` - // A value that indicates whether the DB instance is a Multi-AZ deployment. - // You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ - // deployment. + // Specifies whether the DB instance is a Multi-AZ deployment. You can't set + // the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment. + // + // This setting doesn't apply to the following DB instances: + // + // * Amazon Aurora (DB instance Availability Zones (AZs) are managed by the + // DB cluster.) + // + // * RDS Custom MultiAZ *bool `type:"boolean"` + // Specifies whether to use the multi-tenant configuration or the single-tenant + // configuration (default). This parameter only applies to RDS for Oracle container + // database (CDB) engines. + // + // Note the following restrictions: + // + // * The DB engine that you specify in the request must support the multi-tenant + // configuration. If you attempt to enable the multi-tenant configuration + // on a DB engine that doesn't support it, the request fails. + // + // * If you specify the multi-tenant configuration when you create your DB + // instance, you can't later modify this DB instance to use the single-tenant + // configuration. + MultiTenant *bool `type:"boolean"` + // The name of the NCHAR character set for the Oracle DB instance. + // + // This setting doesn't apply to RDS Custom DB instances. NcharCharacterSetName *string `type:"string"` - // Indicates that the DB instance should be associated with the specified option - // group. + // The network type of the DB instance. + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + // + // Valid Values: IPV4 | DUAL + NetworkType *string `type:"string"` + + // The option group to associate the DB instance with. // // Permanent options, such as the TDE option for Oracle Advanced Security TDE, // can't be removed from an option group. Also, that option group can't be removed - // from a DB instance once it is associated with a DB instance + // from a DB instance after it is associated with a DB instance. + // + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. OptionGroupName *string `type:"string"` - // The AWS KMS key identifier for encryption of Performance Insights data. + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. // - // If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon - // RDS uses your default CMK. There is a default CMK for your AWS account. Your - // AWS account has a different default CMK for each AWS Region. + // If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon + // RDS uses your default KMS key. There is a default KMS key for your Amazon + // Web Services account. Your Amazon Web Services account has a different default + // KMS key for each Amazon Web Services Region. + // + // This setting doesn't apply to RDS Custom DB instances. PerformanceInsightsKMSKeyId *string `type:"string"` - // The amount of time, in days, to retain Performance Insights data. Valid values - // are 7 or 731 (2 years). - PerformanceInsightsRetentionPeriod *int64 `type:"integer"` - - // The port number on which the database accepts connections. - // - // MySQL - // - // Default: 3306 + // The number of days to retain Performance Insights data. // - // Valid values: 1150-65535 + // This setting doesn't apply to RDS Custom DB instances. // - // Type: Integer + // Valid Values: // - // MariaDB + // * 7 // - // Default: 3306 + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) // - // Valid values: 1150-65535 + // * 731 // - // Type: Integer - // - // PostgreSQL + // Default: 7 days // - // Default: 5432 - // - // Valid values: 1150-65535 + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // returns an error. + PerformanceInsightsRetentionPeriod *int64 `type:"integer"` + + // The port number on which the database accepts connections. // - // Type: Integer + // This setting doesn't apply to Aurora DB instances. The port number is managed + // by the cluster. // - // Oracle + // Valid Values: 1150-65535 // - // Default: 1521 + // Default: // - // Valid values: 1150-65535 + // * RDS for Db2 - 50000 // - // SQL Server + // * RDS for MariaDB - 3306 // - // Default: 1433 + // * RDS for Microsoft SQL Server - 1433 // - // Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and - // 49152-49156. + // * RDS for MySQL - 3306 // - // Amazon Aurora + // * RDS for Oracle - 1521 // - // Default: 3306 + // * RDS for PostgreSQL - 5432 // - // Valid values: 1150-65535 + // Constraints: // - // Type: Integer + // * For RDS for Microsoft SQL Server, the value can't be 1234, 1434, 3260, + // 3343, 3389, 47001, or 49152-49156. Port *int64 `type:"integer"` // The daily time range during which automated backups are created if automated - // backups are enabled, using the BackupRetentionPeriod parameter. For more - // information, see The Backup Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) + // backups are enabled, using the BackupRetentionPeriod parameter. The default + // is a 30-minute window selected at random from an 8-hour block of time for + // each Amazon Web Services Region. For more information, see Backup window + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) // in the Amazon RDS User Guide. // - // Amazon Aurora - // - // Not applicable. The daily time range for creating automated backups is managed - // by the DB cluster. - // - // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region. To see the time blocks available, see Adjusting - // the Preferred DB Instance Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) - // in the Amazon RDS User Guide. + // This setting doesn't apply to Amazon Aurora DB instances. The daily time + // range for creating automated backups is managed by the DB cluster. // // Constraints: // @@ -18616,42 +24454,54 @@ type CreateDBInstanceInput struct { // * Must be at least 30 minutes. PreferredBackupWindow *string `type:"string"` - // The time range each week during which system maintenance can occur, in Universal - // Coordinated Time (UTC). For more information, see Amazon RDS Maintenance - // Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance). - // - // Format: ddd:hh24:mi-ddd:hh24:mi + // The time range each week during which system maintenance can occur. For more + // information, see Amazon RDS Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance) + // in the Amazon RDS User Guide. // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region, occurring on a random day of the week. + // of time for each Amazon Web Services Region, occurring on a random day of + // the week. // - // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + // Constraints: // - // Constraints: Minimum 30-minute window. + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. + // + // * The day values must be mon | tue | wed | thu | fri | sat | sun. + // + // * Must be in Universal Coordinated Time (UTC). + // + // * Must not conflict with the preferred backup window. + // + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. + // + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that specifies the order in which an Aurora Replica is promoted to - // the primary instance after a failure of the existing primary instance. For - // more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + // The order of priority in which an Aurora Replica is promoted to the primary + // instance after a failure of the existing primary instance. For more information, + // see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) // in the Amazon Aurora User Guide. // + // This setting doesn't apply to RDS Custom DB instances. + // // Default: 1 // // Valid Values: 0 - 15 PromotionTier *int64 `type:"integer"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // - // When the DB instance is publicly accessible, its DNS endpoint resolves to - // the private IP address from within the DB instance's VPC, and to the public - // IP address from outside of the DB instance's VPC. Access to the DB instance - // is ultimately controlled by the security group it uses, and that public access - // is not permitted if the security group assigned to the DB instance doesn't - // permit it. + // When the DB instance is publicly accessible and you connect from outside + // of the DB instance's virtual private cloud (VPC), its Domain Name System + // (DNS) endpoint resolves to the public IP address. When you connect from within + // the same VPC as the DB instance, the endpoint resolves to the private IP + // address. Access to the DB instance is ultimately controlled by the security + // group it uses. That public access is not permitted if the security group + // assigned to the DB instance doesn't permit it. // // When the DB instance isn't publicly accessible, it is an internal DB instance // with a DNS name that resolves to a private IP address. @@ -18662,70 +24512,93 @@ type CreateDBInstanceInput struct { // If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, // the following applies: // - // * If the default VPC in the target region doesn’t have an Internet gateway + // * If the default VPC in the target Region doesn’t have an internet gateway // attached to it, the DB instance is private. // - // * If the default VPC in the target region has an Internet gateway attached + // * If the default VPC in the target Region has an internet gateway attached // to it, the DB instance is public. // // If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, // the following applies: // - // * If the subnets are part of a VPC that doesn’t have an Internet gateway + // * If the subnets are part of a VPC that doesn’t have an internet gateway // attached to it, the DB instance is private. // - // * If the subnets are part of a VPC that has an Internet gateway attached + // * If the subnets are part of a VPC that has an internet gateway attached // to it, the DB instance is public. PubliclyAccessible *bool `type:"boolean"` - // A value that indicates whether the DB instance is encrypted. By default, - // it isn't encrypted. + // Specifes whether the DB instance is encrypted. By default, it isn't encrypted. // - // Amazon Aurora + // For RDS Custom DB instances, either enable this setting or leave it unset. + // Otherwise, Amazon RDS reports an error. // - // Not applicable. The encryption for DB instances is managed by the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The encryption + // for DB instances is managed by the DB cluster. StorageEncrypted *bool `type:"boolean"` - // Specifies the storage type to be associated with the DB instance. + // The storage throughput value for the DB instance. // - // Valid values: standard | gp2 | io1 + // This setting applies only to the gp3 storage type. // - // If you specify io1, you must also include a value for the Iops parameter. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + StorageThroughput *int64 `type:"integer"` + + // The storage type to associate with the DB instance. // - // Default: io1 if the Iops parameter is specified, otherwise gp2 + // If you specify io1, io2, or gp3, you must also include a value for the Iops + // parameter. + // + // This setting doesn't apply to Amazon Aurora DB instances. Storage is managed + // by the DB cluster. + // + // Valid Values: gp2 | gp3 | io1 | io2 | standard + // + // Default: io1, if the Iops parameter is specified. Otherwise, gp2. StorageType *string `type:"string"` // Tags to assign to the DB instance. Tags []*Tag `locationNameList:"Tag" type:"list"` // The ARN from the key store with which to associate the instance for TDE encryption. + // + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. TdeCredentialArn *string `type:"string"` // The password for the given ARN from the key store in order to access the // device. + // + // This setting doesn't apply to RDS Custom DB instances. TdeCredentialPassword *string `type:"string"` // The time zone of the DB instance. The time zone parameter is currently supported - // only by Microsoft SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). + // only by RDS for Db2 (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone) + // and RDS for SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). Timezone *string `type:"string"` // A list of Amazon EC2 VPC security groups to associate with this DB instance. // - // Amazon Aurora - // - // Not applicable. The associated list of EC2 VPC security groups is managed - // by the DB cluster. + // This setting doesn't apply to Amazon Aurora DB instances. The associated + // list of EC2 VPC security groups is managed by the DB cluster. // // Default: The default EC2 VPC security group for the DB subnet group's VPC. VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceInput) GoString() string { return s.String() } @@ -18773,6 +24646,18 @@ func (s *CreateDBInstanceInput) SetBackupRetentionPeriod(v int64) *CreateDBInsta return s } +// SetBackupTarget sets the BackupTarget field's value. +func (s *CreateDBInstanceInput) SetBackupTarget(v string) *CreateDBInstanceInput { + s.BackupTarget = &v + return s +} + +// SetCACertificateIdentifier sets the CACertificateIdentifier field's value. +func (s *CreateDBInstanceInput) SetCACertificateIdentifier(v string) *CreateDBInstanceInput { + s.CACertificateIdentifier = &v + return s +} + // SetCharacterSetName sets the CharacterSetName field's value. func (s *CreateDBInstanceInput) SetCharacterSetName(v string) *CreateDBInstanceInput { s.CharacterSetName = &v @@ -18785,6 +24670,12 @@ func (s *CreateDBInstanceInput) SetCopyTagsToSnapshot(v bool) *CreateDBInstanceI return s } +// SetCustomIamInstanceProfile sets the CustomIamInstanceProfile field's value. +func (s *CreateDBInstanceInput) SetCustomIamInstanceProfile(v string) *CreateDBInstanceInput { + s.CustomIamInstanceProfile = &v + return s +} + // SetDBClusterIdentifier sets the DBClusterIdentifier field's value. func (s *CreateDBInstanceInput) SetDBClusterIdentifier(v string) *CreateDBInstanceInput { s.DBClusterIdentifier = &v @@ -18827,6 +24718,18 @@ func (s *CreateDBInstanceInput) SetDBSubnetGroupName(v string) *CreateDBInstance return s } +// SetDBSystemId sets the DBSystemId field's value. +func (s *CreateDBInstanceInput) SetDBSystemId(v string) *CreateDBInstanceInput { + s.DBSystemId = &v + return s +} + +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *CreateDBInstanceInput) SetDedicatedLogVolume(v bool) *CreateDBInstanceInput { + s.DedicatedLogVolume = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *CreateDBInstanceInput) SetDeletionProtection(v bool) *CreateDBInstanceInput { s.DeletionProtection = &v @@ -18839,18 +24742,48 @@ func (s *CreateDBInstanceInput) SetDomain(v string) *CreateDBInstanceInput { return s } +// SetDomainAuthSecretArn sets the DomainAuthSecretArn field's value. +func (s *CreateDBInstanceInput) SetDomainAuthSecretArn(v string) *CreateDBInstanceInput { + s.DomainAuthSecretArn = &v + return s +} + +// SetDomainDnsIps sets the DomainDnsIps field's value. +func (s *CreateDBInstanceInput) SetDomainDnsIps(v []*string) *CreateDBInstanceInput { + s.DomainDnsIps = v + return s +} + +// SetDomainFqdn sets the DomainFqdn field's value. +func (s *CreateDBInstanceInput) SetDomainFqdn(v string) *CreateDBInstanceInput { + s.DomainFqdn = &v + return s +} + // SetDomainIAMRoleName sets the DomainIAMRoleName field's value. func (s *CreateDBInstanceInput) SetDomainIAMRoleName(v string) *CreateDBInstanceInput { s.DomainIAMRoleName = &v return s } +// SetDomainOu sets the DomainOu field's value. +func (s *CreateDBInstanceInput) SetDomainOu(v string) *CreateDBInstanceInput { + s.DomainOu = &v + return s +} + // SetEnableCloudwatchLogsExports sets the EnableCloudwatchLogsExports field's value. func (s *CreateDBInstanceInput) SetEnableCloudwatchLogsExports(v []*string) *CreateDBInstanceInput { s.EnableCloudwatchLogsExports = v return s } +// SetEnableCustomerOwnedIp sets the EnableCustomerOwnedIp field's value. +func (s *CreateDBInstanceInput) SetEnableCustomerOwnedIp(v bool) *CreateDBInstanceInput { + s.EnableCustomerOwnedIp = &v + return s +} + // SetEnableIAMDatabaseAuthentication sets the EnableIAMDatabaseAuthentication field's value. func (s *CreateDBInstanceInput) SetEnableIAMDatabaseAuthentication(v bool) *CreateDBInstanceInput { s.EnableIAMDatabaseAuthentication = &v @@ -18869,6 +24802,12 @@ func (s *CreateDBInstanceInput) SetEngine(v string) *CreateDBInstanceInput { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *CreateDBInstanceInput) SetEngineLifecycleSupport(v string) *CreateDBInstanceInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *CreateDBInstanceInput) SetEngineVersion(v string) *CreateDBInstanceInput { s.EngineVersion = &v @@ -18893,12 +24832,24 @@ func (s *CreateDBInstanceInput) SetLicenseModel(v string) *CreateDBInstanceInput return s } +// SetManageMasterUserPassword sets the ManageMasterUserPassword field's value. +func (s *CreateDBInstanceInput) SetManageMasterUserPassword(v bool) *CreateDBInstanceInput { + s.ManageMasterUserPassword = &v + return s +} + // SetMasterUserPassword sets the MasterUserPassword field's value. func (s *CreateDBInstanceInput) SetMasterUserPassword(v string) *CreateDBInstanceInput { s.MasterUserPassword = &v return s } +// SetMasterUserSecretKmsKeyId sets the MasterUserSecretKmsKeyId field's value. +func (s *CreateDBInstanceInput) SetMasterUserSecretKmsKeyId(v string) *CreateDBInstanceInput { + s.MasterUserSecretKmsKeyId = &v + return s +} + // SetMasterUsername sets the MasterUsername field's value. func (s *CreateDBInstanceInput) SetMasterUsername(v string) *CreateDBInstanceInput { s.MasterUsername = &v @@ -18929,12 +24880,24 @@ func (s *CreateDBInstanceInput) SetMultiAZ(v bool) *CreateDBInstanceInput { return s } +// SetMultiTenant sets the MultiTenant field's value. +func (s *CreateDBInstanceInput) SetMultiTenant(v bool) *CreateDBInstanceInput { + s.MultiTenant = &v + return s +} + // SetNcharCharacterSetName sets the NcharCharacterSetName field's value. func (s *CreateDBInstanceInput) SetNcharCharacterSetName(v string) *CreateDBInstanceInput { s.NcharCharacterSetName = &v return s } +// SetNetworkType sets the NetworkType field's value. +func (s *CreateDBInstanceInput) SetNetworkType(v string) *CreateDBInstanceInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *CreateDBInstanceInput) SetOptionGroupName(v string) *CreateDBInstanceInput { s.OptionGroupName = &v @@ -18995,6 +24958,12 @@ func (s *CreateDBInstanceInput) SetStorageEncrypted(v bool) *CreateDBInstanceInp return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *CreateDBInstanceInput) SetStorageThroughput(v int64) *CreateDBInstanceInput { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *CreateDBInstanceInput) SetStorageType(v string) *CreateDBInstanceInput { s.StorageType = &v @@ -19036,16 +25005,27 @@ type CreateDBInstanceOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceOutput) GoString() string { return s.String() } @@ -19059,31 +25039,70 @@ func (s *CreateDBInstanceOutput) SetDBInstance(v *DBInstance) *CreateDBInstanceO type CreateDBInstanceReadReplicaInput struct { _ struct{} `type:"structure"` - // A value that indicates whether minor engine upgrades are applied automatically - // to the read replica during the maintenance window. + // The amount of storage (in gibibytes) to allocate initially for the read replica. + // Follow the allocation rules specified in CreateDBInstance. // - // Default: Inherits from the source DB instance + // Be sure to allocate enough storage for your read replica so that the create + // operation can succeed. You can also allocate additional storage for future + // growth. + AllocatedStorage *int64 `type:"integer"` + + // Specifies whether to automatically apply minor engine upgrades to the read + // replica during the maintenance window. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // Default: Inherits the value from the source DB instance. AutoMinorVersionUpgrade *bool `type:"boolean"` // The Availability Zone (AZ) where the read replica will be created. // - // Default: A random, system-chosen Availability Zone in the endpoint's AWS - // Region. + // Default: A random, system-chosen Availability Zone in the endpoint's Amazon + // Web Services Region. // // Example: us-east-1d AvailabilityZone *string `type:"string"` - // A value that indicates whether to copy all tags from the read replica to - // snapshots of the read replica. By default, tags are not copied. + // The CA certificate identifier to use for the read replica's server certificate. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CACertificateIdentifier *string `type:"string"` + + // Specifies whether to copy all tags from the read replica to snapshots of + // the read replica. By default, tags aren't copied. CopyTagsToSnapshot *bool `type:"boolean"` - // The compute and memory capacity of the read replica, for example, db.m4.large. - // Not all DB instance classes are available in all AWS Regions, or for all - // database engines. For the full list of DB instance classes, and availability - // for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // The instance profile associated with the underlying Amazon EC2 instance of + // an RDS Custom DB instance. The instance profile must meet the following requirements: + // + // * The profile must exist in your account. + // + // * The profile must have an IAM role that Amazon EC2 has permissions to + // assume. + // + // * The instance profile name and the associated IAM role name must start + // with the prefix AWSRDSCustom. + // + // For the list of permissions required for the IAM role, see Configure IAM + // and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) // in the Amazon RDS User Guide. // - // Default: Inherits from the source DB instance. + // This setting is required for RDS Custom DB instances. + CustomIamInstanceProfile *string `type:"string"` + + // The compute and memory capacity of the read replica, for example db.m4.large. + // Not all DB instance classes are available in all Amazon Web Services Regions, + // or for all database engines. For the full list of DB instance classes, and + // availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. + // + // Default: Inherits the value from the source DB instance. DBInstanceClass *string `type:"string"` // The DB instance identifier of the read replica. This identifier is the unique @@ -19095,48 +25114,51 @@ type CreateDBInstanceReadReplicaInput struct { // The name of the DB parameter group to associate with this DB instance. // - // If you do not specify a value for DBParameterGroupName, then Amazon RDS uses - // the DBParameterGroup of source DB instance for a same region read replica, - // or the default DBParameterGroup for the specified DB engine for a cross region + // If you don't specify a value for DBParameterGroupName, then Amazon RDS uses + // the DBParameterGroup of the source DB instance for a same Region read replica, + // or the default DBParameterGroup for the specified DB engine for a cross-Region // read replica. // - // Currently, specifying a parameter group for this operation is only supported - // for Oracle DB instances. + // Specifying a parameter group for this operation is only supported for MySQL + // DB instances for cross-Region read replicas and for Oracle DB instances. + // It isn't supported for MySQL DB instances for same Region read replicas or + // for RDS Custom. // // Constraints: // // * Must be 1 to 255 letters, numbers, or hyphens. // - // * First character must be a letter + // * First character must be a letter. // - // * Can't end with a hyphen or contain two consecutive hyphens + // * Can't end with a hyphen or contain two consecutive hyphens. DBParameterGroupName *string `type:"string"` - // Specifies a DB subnet group for the DB instance. The new DB instance is created - // in the VPC associated with the DB subnet group. If no DB subnet group is - // specified, then the new DB instance isn't created in a VPC. + // A DB subnet group for the DB instance. The new DB instance is created in + // the VPC associated with the DB subnet group. If no DB subnet group is specified, + // then the new DB instance isn't created in a VPC. // // Constraints: // - // * Can only be specified if the source DB instance identifier specifies - // a DB instance in another AWS Region. + // * If supplied, must match the name of an existing DB subnet group. // - // * If supplied, must match the name of an existing DBSubnetGroup. + // * The specified DB subnet group must be in the same Amazon Web Services + // Region in which the operation is running. // - // * The specified DB subnet group must be in the same AWS Region in which - // the operation is running. + // * All read replicas in one Amazon Web Services Region that are created + // from the same source DB instance must either: Specify DB subnet groups + // from the same VPC. All these read replicas are created in the same VPC. + // Not specify a DB subnet group. All these read replicas are created outside + // of any VPC. // - // * All read replicas in one AWS Region that are created from the same source - // DB instance must either:> Specify DB subnet groups from the same VPC. - // All these read replicas are created in the same VPC. Not specify a DB - // subnet group. All these read replicas are created outside of any VPC. - // - // Example: mySubnetgroup + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. For more information, see Deleting a DB + // Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DedicatedLogVolume *bool `type:"boolean"` + + // Specifies whether to enable deletion protection for the DB instance. The + // database can't be deleted when deletion protection is enabled. By default, + // deletion protection isn't enabled. For more information, see Deleting a DB // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). DeletionProtection *bool `type:"boolean"` @@ -19149,67 +25171,144 @@ type CreateDBInstanceReadReplicaInput struct { // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The ARN for the Secrets Manager secret with the credentials for the user + // joining the domain. + // + // Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456 + DomainAuthSecretArn *string `type:"string"` + + // The IPv4 DNS IP addresses of your primary and secondary Active Directory + // domain controllers. + // + // Constraints: + // + // * Two IP addresses must be provided. If there isn't a secondary domain + // controller, use the IP address of the primary domain controller for both + // entries in the list. + // + // Example: 123.124.125.126,234.235.236.237 + DomainDnsIps []*string `type:"list"` + + // The fully qualified domain name (FQDN) of an Active Directory domain. + // + // Constraints: + // + // * Can't be longer than 64 characters. + // + // Example: mymanagedADtest.mymanagedAD.mydomain + DomainFqdn *string `type:"string"` + + // The name of the IAM role to use when making API calls to the Directory Service. + // + // This setting doesn't apply to RDS Custom DB instances. DomainIAMRoleName *string `type:"string"` + // The Active Directory organizational unit for your DB instance to join. + // + // Constraints: + // + // * Must be in the distinguished name format. + // + // * Can't be longer than 64 characters. + // + // Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain + DomainOu *string `type:"string"` + // The list of logs that the new DB instance is to export to CloudWatch Logs. // The values in the list depend on the DB engine being used. For more information, // see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable a customer-owned IP address (CoIP) for an RDS + // on Outposts read replica. + // + // A CoIP provides local or external connectivity to resources in your Outpost + // subnets through your on-premises network. For some use cases, a CoIP can + // provide lower latency for connections to the read replica from outside of + // its virtual private cloud (VPC) on your local network. + // + // For more information about RDS on Outposts, see Working with Amazon RDS on + // Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + // + // For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + // in the Amazon Web Services Outposts User Guide. + EnableCustomerOwnedIp *bool `type:"boolean"` + + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information about IAM database authentication, see IAM Database // Authentication for MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to enable Performance Insights for the read - // replica. + // Specifies whether to enable Performance Insights for the read replica. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. EnablePerformanceInsights *bool `type:"boolean"` - // The amount of Provisioned IOPS (input/output operations per second) to be - // initially allocated for the DB instance. + // The amount of Provisioned IOPS (input/output operations per second) to initially + // allocate for the DB instance. Iops *int64 `type:"integer"` - // The AWS KMS key identifier for an encrypted read replica. + // The Amazon Web Services KMS key identifier for an encrypted read replica. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS CMK. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. // - // If you create an encrypted read replica in the same AWS Region as the source - // DB instance, then you do not have to specify a value for this parameter. - // The read replica is encrypted with the same AWS KMS CMK as the source DB - // instance. + // If you create an encrypted read replica in the same Amazon Web Services Region + // as the source DB instance or Multi-AZ DB cluster, don't specify a value for + // this parameter. A read replica in the same Amazon Web Services Region is + // always encrypted with the same KMS key as the source DB instance or cluster. + // + // If you create an encrypted read replica in a different Amazon Web Services + // Region, then you must specify a KMS key identifier for the destination Amazon + // Web Services Region. KMS keys are specific to the Amazon Web Services Region + // that they are created in, and you can't use KMS keys from one Amazon Web + // Services Region in another Amazon Web Services Region. // - // If you create an encrypted read replica in a different AWS Region, then you - // must specify a AWS KMS key identifier for the destination AWS Region. AWS - // KMS CMKs are specific to the AWS Region that they are created in, and you - // can't use CMKs from one AWS Region in another AWS Region. + // You can't create an encrypted read replica from an unencrypted DB instance + // or Multi-AZ DB cluster. // - // You can't create an encrypted read replica from an unencrypted DB instance. + // This setting doesn't apply to RDS Custom, which uses the same KMS key as + // the primary replica. KmsKeyId *string `type:"string"` - // The upper limit to which Amazon RDS can automatically scale the storage of - // the DB instance. + // The upper limit in gibibytes (GiB) to which Amazon RDS can automatically + // scale the storage of the DB instance. + // + // For more information about this setting, including limitations that apply + // to it, see Managing capacity automatically with Amazon RDS storage autoscaling + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) + // in the Amazon RDS User Guide. MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics - // are collected for the read replica. To disable collecting Enhanced Monitoring + // are collected for the read replica. To disable collection of Enhanced Monitoring // metrics, specify 0. The default is 0. // - // If MonitoringRoleArn is specified, then you must also set MonitoringInterval - // to a value other than 0. + // If MonitoringRoleArn is specified, then you must set MonitoringInterval to + // a value other than 0. + // + // This setting doesn't apply to RDS Custom DB instances. // // Valid Values: 0, 1, 5, 10, 15, 30, 60 + // + // Default: 0 MonitoringInterval *int64 `type:"integer"` // The ARN for the IAM role that permits RDS to send enhanced monitoring metrics @@ -19220,103 +25319,164 @@ type CreateDBInstanceReadReplicaInput struct { // // If MonitoringInterval is set to a value other than 0, then you must supply // a MonitoringRoleArn value. + // + // This setting doesn't apply to RDS Custom DB instances. MonitoringRoleArn *string `type:"string"` - // A value that indicates whether the read replica is in a Multi-AZ deployment. + // Specifies whether the read replica is in a Multi-AZ deployment. // // You can create a read replica as a Multi-AZ DB instance. RDS creates a standby // of your replica in another Availability Zone for failover support for the // replica. Creating your read replica as a Multi-AZ DB instance is independent - // of whether the source database is a Multi-AZ DB instance. + // of whether the source is a Multi-AZ DB instance or a Multi-AZ DB cluster. + // + // This setting doesn't apply to RDS Custom DB instances. MultiAZ *bool `type:"boolean"` - // The option group the DB instance is associated with. If omitted, the option - // group associated with the source instance is used. + // The network type of the DB instance. // - // For SQL Server, you must use the option group associated with the source - // instance. + // Valid Values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for read replica. + // A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 + // protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + + // The option group to associate the DB instance with. If not specified, RDS + // uses the option group associated with the source DB instance or cluster. + // + // For SQL Server, you must use the option group associated with the source. + // + // This setting doesn't apply to RDS Custom DB instances. OptionGroupName *string `type:"string"` - // The AWS KMS key identifier for encryption of Performance Insights data. + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. // // If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon - // RDS uses your default CMK. There is a default CMK for your AWS account. Your - // AWS account has a different default CMK for each AWS Region. + // RDS uses your default KMS key. There is a default KMS key for your Amazon + // Web Services account. Your Amazon Web Services account has a different default + // KMS key for each Amazon Web Services Region. + // + // This setting doesn't apply to RDS Custom DB instances. PerformanceInsightsKMSKeyId *string `type:"string"` - // The amount of time, in days, to retain Performance Insights data. Valid values - // are 7 or 731 (2 years). + // The number of days to retain Performance Insights data. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // Valid Values: + // + // * 7 + // + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) + // + // * 731 + // + // Default: 7 days + // + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // returns an error. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The port number that the DB instance uses for connections. // - // Default: Inherits from the source DB instance - // // Valid Values: 1150-65535 + // + // Default: Inherits the value from the source DB instance. Port *int64 `type:"integer"` - // The URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica - // API action in the source AWS Region that contains the source DB instance. + // When you are creating a read replica from one Amazon Web Services GovCloud + // (US) Region to another or from one China Amazon Web Services Region to another, + // the URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica + // API operation in the source Amazon Web Services Region that contains the + // source DB instance. + // + // This setting applies only to Amazon Web Services GovCloud (US) Regions and + // China Amazon Web Services Regions. It's ignored in other Amazon Web Services + // Regions. + // + // This setting applies only when replicating from a source DB instance. Source + // DB clusters aren't supported in Amazon Web Services GovCloud (US) Regions + // and China Amazon Web Services Regions. // // You must specify this parameter when you create an encrypted read replica - // from another AWS Region by using the Amazon RDS API. Don't specify PreSignedUrl - // when you are creating an encrypted read replica in the same AWS Region. + // from another Amazon Web Services Region by using the Amazon RDS API. Don't + // specify PreSignedUrl when you are creating an encrypted read replica in the + // same Amazon Web Services Region. // // The presigned URL must be a valid request for the CreateDBInstanceReadReplica - // API action that can be executed in the source AWS Region that contains the - // encrypted source DB instance. The presigned URL request must contain the - // following parameter values: - // - // * DestinationRegion - The AWS Region that the encrypted read replica is - // created in. This AWS Region is the same one where the CreateDBInstanceReadReplica - // action is called that contains this presigned URL. For example, if you - // create an encrypted DB instance in the us-west-1 AWS Region, from a source - // DB instance in the us-east-2 AWS Region, then you call the CreateDBInstanceReadReplica - // action in the us-east-1 AWS Region and provide a presigned URL that contains - // a call to the CreateDBInstanceReadReplica action in the us-west-2 AWS - // Region. For this example, the DestinationRegion in the presigned URL must - // be set to the us-east-1 AWS Region. - // - // * KmsKeyId - The AWS KMS key identifier for the key to use to encrypt - // the read replica in the destination AWS Region. This is the same identifier - // for both the CreateDBInstanceReadReplica action that is called in the - // destination AWS Region, and the action contained in the presigned URL. + // API operation that can run in the source Amazon Web Services Region that + // contains the encrypted source DB instance. The presigned URL request must + // contain the following parameter values: + // + // * DestinationRegion - The Amazon Web Services Region that the encrypted + // read replica is created in. This Amazon Web Services Region is the same + // one where the CreateDBInstanceReadReplica operation is called that contains + // this presigned URL. For example, if you create an encrypted DB instance + // in the us-west-1 Amazon Web Services Region, from a source DB instance + // in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica + // operation in the us-east-1 Amazon Web Services Region and provide a presigned + // URL that contains a call to the CreateDBInstanceReadReplica operation + // in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion + // in the presigned URL must be set to the us-east-1 Amazon Web Services + // Region. + // + // * KmsKeyId - The KMS key identifier for the key to use to encrypt the + // read replica in the destination Amazon Web Services Region. This is the + // same identifier for both the CreateDBInstanceReadReplica operation that + // is called in the destination Amazon Web Services Region, and the operation + // contained in the presigned URL. // // * SourceDBInstanceIdentifier - The DB instance identifier for the encrypted // DB instance to be replicated. This identifier must be in the Amazon Resource - // Name (ARN) format for the source AWS Region. For example, if you are creating - // an encrypted read replica from a DB instance in the us-west-2 AWS Region, - // then your SourceDBInstanceIdentifier looks like the following example: - // arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115. + // Name (ARN) format for the source Amazon Web Services Region. For example, + // if you are creating an encrypted read replica from a DB instance in the + // us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier + // looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115. // // To learn how to generate a Signature Version 4 signed request, see Authenticating - // Requests: Using Query Parameters (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + // Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + // (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) // and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // - // If you are using an AWS SDK tool or the AWS CLI, you can specify SourceRegion - // (or --source-region for the AWS CLI) instead of specifying PreSignedUrl manually. - // Specifying SourceRegion autogenerates a presigned URL that is a valid request - // for the operation that can be executed in the source AWS Region. + // If you are using an Amazon Web Services SDK tool or the CLI, you can specify + // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl + // manually. Specifying SourceRegion autogenerates a presigned URL that is a + // valid request for the operation that can run in the source Amazon Web Services + // Region. // - // SourceRegion isn't supported for SQL Server, because SQL Server on Amazon - // RDS doesn't support cross-region read replicas. + // SourceRegion isn't supported for SQL Server, because Amazon RDS for SQL Server + // doesn't support cross-Region read replicas. + // + // This setting doesn't apply to RDS Custom DB instances. PreSignedUrl *string `type:"string"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. + // + // This setting doesn't apply to RDS Custom DB instances. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // - // When the DB instance is publicly accessible, its DNS endpoint resolves to - // the private IP address from within the DB instance's VPC, and to the public - // IP address from outside of the DB instance's VPC. Access to the DB instance - // is ultimately controlled by the security group it uses, and that public access - // is not permitted if the security group assigned to the DB instance doesn't - // permit it. + // When the DB cluster is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB cluster's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB cluster's VPC. Access to the DB cluster is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB cluster doesn't permit it. // // When the DB instance isn't publicly accessible, it is an internal DB instance // with a DNS name that resolves to a private IP address. @@ -19328,89 +25488,129 @@ type CreateDBInstanceReadReplicaInput struct { // // This parameter is only supported for Oracle DB instances. // - // Mounted DB replicas are included in Oracle Enterprise Edition. The main use - // case for mounted replicas is cross-Region disaster recovery. The primary - // database doesn't use Active Data Guard to transmit information to the mounted - // replica. Because it doesn't accept user connections, a mounted replica can't - // serve a read-only workload. + // Mounted DB replicas are included in Oracle Database Enterprise Edition. The + // main use case for mounted replicas is cross-Region disaster recovery. The + // primary database doesn't use Active Data Guard to transmit information to + // the mounted replica. Because it doesn't accept user connections, a mounted + // replica can't serve a read-only workload. // // You can create a combination of mounted and read-only DB replicas for the // same primary DB instance. For more information, see Working with Oracle Read // Replicas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) // in the Amazon RDS User Guide. + // + // For RDS Custom, you must specify this parameter and set it to mounted. The + // value won't be set by default. After replica creation, you can manage the + // open mode manually. ReplicaMode *string `type:"string" enum:"ReplicaMode"` + // The identifier of the Multi-AZ DB cluster that will act as the source for + // the read replica. Each DB cluster can have up to 15 read replicas. + // + // Constraints: + // + // * Must be the identifier of an existing Multi-AZ DB cluster. + // + // * Can't be specified if the SourceDBInstanceIdentifier parameter is also + // specified. + // + // * The specified DB cluster must have automatic backups enabled, that is, + // its backup retention period must be greater than 0. + // + // * The source DB cluster must be in the same Amazon Web Services Region + // as the read replica. Cross-Region replication isn't supported. + SourceDBClusterIdentifier *string `type:"string"` + // The identifier of the DB instance that will act as the source for the read - // replica. Each DB instance can have up to five read replicas. + // replica. Each DB instance can have up to 15 read replicas, with the exception + // of Oracle and SQL Server, which can have up to five. // // Constraints: // - // * Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, + // * Must be the identifier of an existing Db2, MariaDB, MySQL, Oracle, PostgreSQL, // or SQL Server DB instance. // - // * Can specify a DB instance that is a MySQL read replica only if the source - // is running MySQL 5.6 or later. + // * Can't be specified if the SourceDBClusterIdentifier parameter is also + // specified. // - // * For the limitations of Oracle read replicas, see Read Replica Limitations - // with Oracle (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) + // * For the limitations of Oracle read replicas, see Version and licensing + // considerations for RDS for Oracle replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.limitations.html#oracle-read-replicas.limitations.versions-and-licenses) // in the Amazon RDS User Guide. // - // * For the limitations of SQL Server read replicas, see Read Replica Limitations - // with Microsoft SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.Limitations.html) + // * For the limitations of SQL Server read replicas, see Read replica limitations + // with SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.html#SQLServer.ReadReplicas.Limitations) // in the Amazon RDS User Guide. // - // * Can specify a PostgreSQL DB instance only if the source is running PostgreSQL - // 9.3.5 or later (9.4.7 and higher for cross-region replication). - // // * The specified DB instance must have automatic backups enabled, that // is, its backup retention period must be greater than 0. // - // * If the source DB instance is in the same AWS Region as the read replica, - // specify a valid DB instance identifier. - // - // * If the source DB instance is in a different AWS Region from the read - // replica, specify a valid DB instance ARN. For more information, see Constructing - // an ARN for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing) - // in the Amazon RDS User Guide. This doesn't apply to SQL Server, which - // doesn't support cross-region replicas. + // * If the source DB instance is in the same Amazon Web Services Region + // as the read replica, specify a valid DB instance identifier. // - // SourceDBInstanceIdentifier is a required field - SourceDBInstanceIdentifier *string `type:"string" required:"true"` + // * If the source DB instance is in a different Amazon Web Services Region + // from the read replica, specify a valid DB instance ARN. For more information, + // see Constructing an ARN for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing) + // in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS + // Custom, which don't support cross-Region replicas. + SourceDBInstanceIdentifier *string `type:"string"` // SourceRegion is the source region where the resource exists. This is not // sent over the wire and is only used for presigning. This value should always // have the same region as the source ARN. SourceRegion *string `type:"string" ignore:"true"` - // Specifies the storage type to be associated with the read replica. + // Specifies the storage throughput value for the read replica. // - // Valid values: standard | gp2 | io1 + // This setting doesn't apply to RDS Custom or Amazon Aurora DB instances. + StorageThroughput *int64 `type:"integer"` + + // The storage type to associate with the read replica. // - // If you specify io1, you must also include a value for the Iops parameter. + // If you specify io1, io2, or gp3, you must also include a value for the Iops + // parameter. // - // Default: io1 if the Iops parameter is specified, otherwise gp2 + // Valid Values: gp2 | gp3 | io1 | io2 | standard + // + // Default: io1 if the Iops parameter is specified. Otherwise, gp2. StorageType *string `type:"string"` // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. Tags []*Tag `locationNameList:"Tag" type:"list"` - // A value that indicates whether the DB instance class of the DB instance uses - // its default processor features. + // Whether to upgrade the storage file system configuration on the read replica. + // This option migrates the read replica from the old storage file system layout + // to the preferred layout. + UpgradeStorageConfig *bool `type:"boolean"` + + // Specifies whether the DB instance class of the DB instance uses its default + // processor features. + // + // This setting doesn't apply to RDS Custom DB instances. UseDefaultProcessorFeatures *bool `type:"boolean"` - // A list of EC2 VPC security groups to associate with the read replica. + // A list of Amazon EC2 VPC security groups to associate with the read replica. + // + // This setting doesn't apply to RDS Custom DB instances. // // Default: The default EC2 VPC security group for the DB subnet group's VPC. VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceReadReplicaInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceReadReplicaInput) GoString() string { return s.String() } @@ -19421,9 +25621,6 @@ func (s *CreateDBInstanceReadReplicaInput) Validate() error { if s.DBInstanceIdentifier == nil { invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) } - if s.SourceDBInstanceIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("SourceDBInstanceIdentifier")) - } if invalidParams.Len() > 0 { return invalidParams @@ -19431,6 +25628,12 @@ func (s *CreateDBInstanceReadReplicaInput) Validate() error { return nil } +// SetAllocatedStorage sets the AllocatedStorage field's value. +func (s *CreateDBInstanceReadReplicaInput) SetAllocatedStorage(v int64) *CreateDBInstanceReadReplicaInput { + s.AllocatedStorage = &v + return s +} + // SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. func (s *CreateDBInstanceReadReplicaInput) SetAutoMinorVersionUpgrade(v bool) *CreateDBInstanceReadReplicaInput { s.AutoMinorVersionUpgrade = &v @@ -19443,12 +25646,24 @@ func (s *CreateDBInstanceReadReplicaInput) SetAvailabilityZone(v string) *Create return s } +// SetCACertificateIdentifier sets the CACertificateIdentifier field's value. +func (s *CreateDBInstanceReadReplicaInput) SetCACertificateIdentifier(v string) *CreateDBInstanceReadReplicaInput { + s.CACertificateIdentifier = &v + return s +} + // SetCopyTagsToSnapshot sets the CopyTagsToSnapshot field's value. func (s *CreateDBInstanceReadReplicaInput) SetCopyTagsToSnapshot(v bool) *CreateDBInstanceReadReplicaInput { s.CopyTagsToSnapshot = &v return s } +// SetCustomIamInstanceProfile sets the CustomIamInstanceProfile field's value. +func (s *CreateDBInstanceReadReplicaInput) SetCustomIamInstanceProfile(v string) *CreateDBInstanceReadReplicaInput { + s.CustomIamInstanceProfile = &v + return s +} + // SetDBInstanceClass sets the DBInstanceClass field's value. func (s *CreateDBInstanceReadReplicaInput) SetDBInstanceClass(v string) *CreateDBInstanceReadReplicaInput { s.DBInstanceClass = &v @@ -19473,6 +25688,12 @@ func (s *CreateDBInstanceReadReplicaInput) SetDBSubnetGroupName(v string) *Creat return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *CreateDBInstanceReadReplicaInput) SetDedicatedLogVolume(v bool) *CreateDBInstanceReadReplicaInput { + s.DedicatedLogVolume = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *CreateDBInstanceReadReplicaInput) SetDeletionProtection(v bool) *CreateDBInstanceReadReplicaInput { s.DeletionProtection = &v @@ -19491,18 +25712,48 @@ func (s *CreateDBInstanceReadReplicaInput) SetDomain(v string) *CreateDBInstance return s } +// SetDomainAuthSecretArn sets the DomainAuthSecretArn field's value. +func (s *CreateDBInstanceReadReplicaInput) SetDomainAuthSecretArn(v string) *CreateDBInstanceReadReplicaInput { + s.DomainAuthSecretArn = &v + return s +} + +// SetDomainDnsIps sets the DomainDnsIps field's value. +func (s *CreateDBInstanceReadReplicaInput) SetDomainDnsIps(v []*string) *CreateDBInstanceReadReplicaInput { + s.DomainDnsIps = v + return s +} + +// SetDomainFqdn sets the DomainFqdn field's value. +func (s *CreateDBInstanceReadReplicaInput) SetDomainFqdn(v string) *CreateDBInstanceReadReplicaInput { + s.DomainFqdn = &v + return s +} + // SetDomainIAMRoleName sets the DomainIAMRoleName field's value. func (s *CreateDBInstanceReadReplicaInput) SetDomainIAMRoleName(v string) *CreateDBInstanceReadReplicaInput { s.DomainIAMRoleName = &v return s } +// SetDomainOu sets the DomainOu field's value. +func (s *CreateDBInstanceReadReplicaInput) SetDomainOu(v string) *CreateDBInstanceReadReplicaInput { + s.DomainOu = &v + return s +} + // SetEnableCloudwatchLogsExports sets the EnableCloudwatchLogsExports field's value. func (s *CreateDBInstanceReadReplicaInput) SetEnableCloudwatchLogsExports(v []*string) *CreateDBInstanceReadReplicaInput { s.EnableCloudwatchLogsExports = v return s } +// SetEnableCustomerOwnedIp sets the EnableCustomerOwnedIp field's value. +func (s *CreateDBInstanceReadReplicaInput) SetEnableCustomerOwnedIp(v bool) *CreateDBInstanceReadReplicaInput { + s.EnableCustomerOwnedIp = &v + return s +} + // SetEnableIAMDatabaseAuthentication sets the EnableIAMDatabaseAuthentication field's value. func (s *CreateDBInstanceReadReplicaInput) SetEnableIAMDatabaseAuthentication(v bool) *CreateDBInstanceReadReplicaInput { s.EnableIAMDatabaseAuthentication = &v @@ -19551,6 +25802,12 @@ func (s *CreateDBInstanceReadReplicaInput) SetMultiAZ(v bool) *CreateDBInstanceR return s } +// SetNetworkType sets the NetworkType field's value. +func (s *CreateDBInstanceReadReplicaInput) SetNetworkType(v string) *CreateDBInstanceReadReplicaInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *CreateDBInstanceReadReplicaInput) SetOptionGroupName(v string) *CreateDBInstanceReadReplicaInput { s.OptionGroupName = &v @@ -19599,6 +25856,12 @@ func (s *CreateDBInstanceReadReplicaInput) SetReplicaMode(v string) *CreateDBIns return s } +// SetSourceDBClusterIdentifier sets the SourceDBClusterIdentifier field's value. +func (s *CreateDBInstanceReadReplicaInput) SetSourceDBClusterIdentifier(v string) *CreateDBInstanceReadReplicaInput { + s.SourceDBClusterIdentifier = &v + return s +} + // SetSourceDBInstanceIdentifier sets the SourceDBInstanceIdentifier field's value. func (s *CreateDBInstanceReadReplicaInput) SetSourceDBInstanceIdentifier(v string) *CreateDBInstanceReadReplicaInput { s.SourceDBInstanceIdentifier = &v @@ -19611,6 +25874,12 @@ func (s *CreateDBInstanceReadReplicaInput) SetSourceRegion(v string) *CreateDBIn return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *CreateDBInstanceReadReplicaInput) SetStorageThroughput(v int64) *CreateDBInstanceReadReplicaInput { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *CreateDBInstanceReadReplicaInput) SetStorageType(v string) *CreateDBInstanceReadReplicaInput { s.StorageType = &v @@ -19623,6 +25892,12 @@ func (s *CreateDBInstanceReadReplicaInput) SetTags(v []*Tag) *CreateDBInstanceRe return s } +// SetUpgradeStorageConfig sets the UpgradeStorageConfig field's value. +func (s *CreateDBInstanceReadReplicaInput) SetUpgradeStorageConfig(v bool) *CreateDBInstanceReadReplicaInput { + s.UpgradeStorageConfig = &v + return s +} + // SetUseDefaultProcessorFeatures sets the UseDefaultProcessorFeatures field's value. func (s *CreateDBInstanceReadReplicaInput) SetUseDefaultProcessorFeatures(v bool) *CreateDBInstanceReadReplicaInput { s.UseDefaultProcessorFeatures = &v @@ -19640,16 +25915,27 @@ type CreateDBInstanceReadReplicaOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceReadReplicaOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBInstanceReadReplicaOutput) GoString() string { return s.String() } @@ -19668,13 +25954,50 @@ type CreateDBParameterGroupInput struct { // to a DB instance running a database engine and engine version compatible // with that DB parameter group family. // - // To list all of the available parameter group families, use the following - // command: + // To list all of the available parameter group families for a DB engine, use + // the following command: // // aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + // --engine + // + // For example, to list all of the available parameter group families for the + // MySQL DB engine, use the following command: + // + // aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + // --engine mysql // // The output contains duplicates. // + // The following are the valid DB engine values: + // + // * aurora-mysql + // + // * aurora-postgresql + // + // * db2-ae + // + // * db2-se + // + // * mysql + // + // * oracle-ee + // + // * oracle-ee-cdb + // + // * oracle-se2 + // + // * oracle-se2-cdb + // + // * postgres + // + // * sqlserver-ee + // + // * sqlserver-se + // + // * sqlserver-ex + // + // * sqlserver-web + // // DBParameterGroupFamily is a required field DBParameterGroupFamily *string `type:"string" required:"true"` @@ -19702,12 +26025,20 @@ type CreateDBParameterGroupInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBParameterGroupInput) GoString() string { return s.String() } @@ -19765,12 +26096,20 @@ type CreateDBParameterGroupOutput struct { DBParameterGroup *DBParameterGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBParameterGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBParameterGroupOutput) GoString() string { return s.String() } @@ -19781,6 +26120,152 @@ func (s *CreateDBParameterGroupOutput) SetDBParameterGroup(v *DBParameterGroup) return s } +type CreateDBProxyEndpointInput struct { + _ struct{} `type:"structure"` + + // The name of the DB proxy endpoint to create. + // + // DBProxyEndpointName is a required field + DBProxyEndpointName *string `min:"1" type:"string" required:"true"` + + // The name of the DB proxy associated with the DB proxy endpoint that you create. + // + // DBProxyName is a required field + DBProxyName *string `min:"1" type:"string" required:"true"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // The role of the DB proxy endpoint. The role determines whether the endpoint + // can be used for read/write or only read operations. The default is READ_WRITE. + // The only role that proxies for RDS for Microsoft SQL Server support is READ_WRITE. + TargetRole *string `type:"string" enum:"DBProxyEndpointTargetRole"` + + // The VPC security group IDs for the DB proxy endpoint that you create. You + // can specify a different set of security group IDs than for the original DB + // proxy. The default is the default security group for the VPC. + VpcSecurityGroupIds []*string `type:"list"` + + // The VPC subnet IDs for the DB proxy endpoint that you create. You can specify + // a different set of subnet IDs than for the original DB proxy. + // + // VpcSubnetIds is a required field + VpcSubnetIds []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBProxyEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBProxyEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateDBProxyEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateDBProxyEndpointInput"} + if s.DBProxyEndpointName == nil { + invalidParams.Add(request.NewErrParamRequired("DBProxyEndpointName")) + } + if s.DBProxyEndpointName != nil && len(*s.DBProxyEndpointName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBProxyEndpointName", 1)) + } + if s.DBProxyName == nil { + invalidParams.Add(request.NewErrParamRequired("DBProxyName")) + } + if s.DBProxyName != nil && len(*s.DBProxyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBProxyName", 1)) + } + if s.VpcSubnetIds == nil { + invalidParams.Add(request.NewErrParamRequired("VpcSubnetIds")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBProxyEndpointName sets the DBProxyEndpointName field's value. +func (s *CreateDBProxyEndpointInput) SetDBProxyEndpointName(v string) *CreateDBProxyEndpointInput { + s.DBProxyEndpointName = &v + return s +} + +// SetDBProxyName sets the DBProxyName field's value. +func (s *CreateDBProxyEndpointInput) SetDBProxyName(v string) *CreateDBProxyEndpointInput { + s.DBProxyName = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateDBProxyEndpointInput) SetTags(v []*Tag) *CreateDBProxyEndpointInput { + s.Tags = v + return s +} + +// SetTargetRole sets the TargetRole field's value. +func (s *CreateDBProxyEndpointInput) SetTargetRole(v string) *CreateDBProxyEndpointInput { + s.TargetRole = &v + return s +} + +// SetVpcSecurityGroupIds sets the VpcSecurityGroupIds field's value. +func (s *CreateDBProxyEndpointInput) SetVpcSecurityGroupIds(v []*string) *CreateDBProxyEndpointInput { + s.VpcSecurityGroupIds = v + return s +} + +// SetVpcSubnetIds sets the VpcSubnetIds field's value. +func (s *CreateDBProxyEndpointInput) SetVpcSubnetIds(v []*string) *CreateDBProxyEndpointInput { + s.VpcSubnetIds = v + return s +} + +type CreateDBProxyEndpointOutput struct { + _ struct{} `type:"structure"` + + // The DBProxyEndpoint object that is created by the API operation. The DB proxy + // endpoint that you create might provide capabilities such as read/write or + // read-only operations, or using a different VPC than the proxy's default VPC. + DBProxyEndpoint *DBProxyEndpoint `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBProxyEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBProxyEndpointOutput) GoString() string { + return s.String() +} + +// SetDBProxyEndpoint sets the DBProxyEndpoint field's value. +func (s *CreateDBProxyEndpointOutput) SetDBProxyEndpoint(v *DBProxyEndpoint) *CreateDBProxyEndpointOutput { + s.DBProxyEndpoint = v + return s +} + type CreateDBProxyInput struct { _ struct{} `type:"structure"` @@ -19790,16 +26275,17 @@ type CreateDBProxyInput struct { Auth []*UserAuthConfig `type:"list" required:"true"` // The identifier for the proxy. This name must be unique for all proxies owned - // by your AWS account in the specified AWS Region. An identifier must begin - // with a letter and must contain only ASCII letters, digits, and hyphens; it - // can't end with a hyphen or contain two consecutive hyphens. + // by your Amazon Web Services account in the specified Amazon Web Services + // Region. An identifier must begin with a letter and must contain only ASCII + // letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive + // hyphens. // // DBProxyName is a required field DBProxyName *string `type:"string" required:"true"` - // Whether the proxy includes detailed information about SQL statements in its - // logs. This information helps you to debug issues involving SQL behavior or - // the performance and scalability of the proxy connections. The debug information + // Specifies whether the proxy includes detailed information about SQL statements + // in its logs. This information helps you to debug issues involving SQL behavior + // or the performance and scalability of the proxy connections. The debug information // includes the text of SQL statements that you submit through the proxy. Thus, // only enable this setting when needed for debugging, and only when you have // security measures in place to safeguard any sensitive information that appears @@ -19808,8 +26294,10 @@ type CreateDBProxyInput struct { // The kinds of databases that the proxy can connect to. This value determines // which database network protocol the proxy recognizes when it interprets network - // traffic to and from the database. The engine family applies to MySQL and - // PostgreSQL for both RDS and Aurora. + // traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and + // RDS for MySQL databases, specify MYSQL. For Aurora PostgreSQL and RDS for + // PostgreSQL databases, specify POSTGRESQL. For RDS for Microsoft SQL Server, + // specify SQLSERVER. // // EngineFamily is a required field EngineFamily *string `type:"string" required:"true" enum:"EngineFamily"` @@ -19819,13 +26307,13 @@ type CreateDBProxyInput struct { // connection timeout limit for the associated database. IdleClientTimeout *int64 `type:"integer"` - // A Boolean parameter that specifies whether Transport Layer Security (TLS) - // encryption is required for connections to the proxy. By enabling this setting, - // you can enforce encrypted TLS connections to the proxy. + // Specifies whether Transport Layer Security (TLS) encryption is required for + // connections to the proxy. By enabling this setting, you can enforce encrypted + // TLS connections to the proxy. RequireTLS *bool `type:"boolean"` // The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access - // secrets in AWS Secrets Manager. + // secrets in Amazon Web Services Secrets Manager. // // RoleArn is a required field RoleArn *string `type:"string" required:"true"` @@ -19843,12 +26331,20 @@ type CreateDBProxyInput struct { VpcSubnetIds []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBProxyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBProxyInput) GoString() string { return s.String() } @@ -19945,12 +26441,20 @@ type CreateDBProxyOutput struct { DBProxy *DBProxy `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBProxyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBProxyOutput) GoString() string { return s.String() } @@ -19990,12 +26494,20 @@ type CreateDBSecurityGroupInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSecurityGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSecurityGroupInput) GoString() string { return s.String() } @@ -20044,12 +26556,20 @@ type CreateDBSecurityGroupOutput struct { DBSecurityGroup *DBSecurityGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSecurityGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSecurityGroupOutput) GoString() string { return s.String() } @@ -20060,6 +26580,258 @@ func (s *CreateDBSecurityGroupOutput) SetDBSecurityGroup(v *DBSecurityGroup) *Cr return s } +type CreateDBShardGroupInput struct { + _ struct{} `type:"structure"` + + // Specifies whether to create standby instances for the DB shard group. Valid + // values are the following: + // + // * 0 - Creates a single, primary DB instance for each physical shard. This + // is the default value, and the only one supported for the preview. + // + // * 1 - Creates a primary DB instance and a standby instance in a different + // Availability Zone (AZ) for each physical shard. + // + // * 2 - Creates a primary DB instance and two standby instances in different + // AZs for each physical shard. + ComputeRedundancy *int64 `type:"integer"` + + // The name of the primary DB cluster for the DB shard group. + // + // DBClusterIdentifier is a required field + DBClusterIdentifier *string `type:"string" required:"true"` + + // The name of the DB shard group. + // + // DBShardGroupIdentifier is a required field + DBShardGroupIdentifier *string `type:"string" required:"true"` + + // The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + // + // MaxACU is a required field + MaxACU *float64 `type:"double" required:"true"` + + // Specifies whether the DB shard group is publicly accessible. + // + // When the DB shard group is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB shard group's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB shard group's VPC. Access to the DB shard group is ultimately controlled + // by the security group it uses. That public access is not permitted if the + // security group assigned to the DB shard group doesn't permit it. + // + // When the DB shard group isn't publicly accessible, it is an internal DB shard + // group with a DNS name that resolves to a private IP address. + // + // Default: The default behavior varies depending on whether DBSubnetGroupName + // is specified. + // + // If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the default VPC in the target Region doesn’t have an internet gateway + // attached to it, the DB shard group is private. + // + // * If the default VPC in the target Region has an internet gateway attached + // to it, the DB shard group is public. + // + // If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the subnets are part of a VPC that doesn’t have an internet gateway + // attached to it, the DB shard group is private. + // + // * If the subnets are part of a VPC that has an internet gateway attached + // to it, the DB shard group is public. + PubliclyAccessible *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBShardGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBShardGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateDBShardGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateDBShardGroupInput"} + if s.DBClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBClusterIdentifier")) + } + if s.DBShardGroupIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBShardGroupIdentifier")) + } + if s.MaxACU == nil { + invalidParams.Add(request.NewErrParamRequired("MaxACU")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetComputeRedundancy sets the ComputeRedundancy field's value. +func (s *CreateDBShardGroupInput) SetComputeRedundancy(v int64) *CreateDBShardGroupInput { + s.ComputeRedundancy = &v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *CreateDBShardGroupInput) SetDBClusterIdentifier(v string) *CreateDBShardGroupInput { + s.DBClusterIdentifier = &v + return s +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *CreateDBShardGroupInput) SetDBShardGroupIdentifier(v string) *CreateDBShardGroupInput { + s.DBShardGroupIdentifier = &v + return s +} + +// SetMaxACU sets the MaxACU field's value. +func (s *CreateDBShardGroupInput) SetMaxACU(v float64) *CreateDBShardGroupInput { + s.MaxACU = &v + return s +} + +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *CreateDBShardGroupInput) SetPubliclyAccessible(v bool) *CreateDBShardGroupInput { + s.PubliclyAccessible = &v + return s +} + +type CreateDBShardGroupOutput struct { + _ struct{} `type:"structure"` + + // Specifies whether to create standby instances for the DB shard group. Valid + // values are the following: + // + // * 0 - Creates a single, primary DB instance for each physical shard. This + // is the default value, and the only one supported for the preview. + // + // * 1 - Creates a primary DB instance and a standby instance in a different + // Availability Zone (AZ) for each physical shard. + // + // * 2 - Creates a primary DB instance and two standby instances in different + // AZs for each physical shard. + ComputeRedundancy *int64 `type:"integer"` + + // The name of the primary DB cluster for the DB shard group. + DBClusterIdentifier *string `type:"string"` + + // The name of the DB shard group. + DBShardGroupIdentifier *string `min:"1" type:"string"` + + // The Amazon Web Services Region-unique, immutable identifier for the DB shard + // group. + DBShardGroupResourceId *string `type:"string"` + + // The connection endpoint for the DB shard group. + Endpoint *string `type:"string"` + + // The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + MaxACU *float64 `type:"double"` + + // Indicates whether the DB shard group is publicly accessible. + // + // When the DB shard group is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB shard group's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB shard group's VPC. Access to the DB shard group is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB shard group doesn't permit it. + // + // When the DB shard group isn't publicly accessible, it is an internal DB shard + // group with a DNS name that resolves to a private IP address. + // + // For more information, see CreateDBShardGroup. + // + // This setting is only for Aurora Limitless Database. + PubliclyAccessible *bool `type:"boolean"` + + // The status of the DB shard group. + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBShardGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateDBShardGroupOutput) GoString() string { + return s.String() +} + +// SetComputeRedundancy sets the ComputeRedundancy field's value. +func (s *CreateDBShardGroupOutput) SetComputeRedundancy(v int64) *CreateDBShardGroupOutput { + s.ComputeRedundancy = &v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *CreateDBShardGroupOutput) SetDBClusterIdentifier(v string) *CreateDBShardGroupOutput { + s.DBClusterIdentifier = &v + return s +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *CreateDBShardGroupOutput) SetDBShardGroupIdentifier(v string) *CreateDBShardGroupOutput { + s.DBShardGroupIdentifier = &v + return s +} + +// SetDBShardGroupResourceId sets the DBShardGroupResourceId field's value. +func (s *CreateDBShardGroupOutput) SetDBShardGroupResourceId(v string) *CreateDBShardGroupOutput { + s.DBShardGroupResourceId = &v + return s +} + +// SetEndpoint sets the Endpoint field's value. +func (s *CreateDBShardGroupOutput) SetEndpoint(v string) *CreateDBShardGroupOutput { + s.Endpoint = &v + return s +} + +// SetMaxACU sets the MaxACU field's value. +func (s *CreateDBShardGroupOutput) SetMaxACU(v float64) *CreateDBShardGroupOutput { + s.MaxACU = &v + return s +} + +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *CreateDBShardGroupOutput) SetPubliclyAccessible(v bool) *CreateDBShardGroupOutput { + s.PubliclyAccessible = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *CreateDBShardGroupOutput) SetStatus(v string) *CreateDBShardGroupOutput { + s.Status = &v + return s +} + type CreateDBSnapshotInput struct { _ struct{} `type:"structure"` @@ -20094,12 +26866,20 @@ type CreateDBSnapshotInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSnapshotInput) GoString() string { return s.String() } @@ -20147,12 +26927,20 @@ type CreateDBSnapshotOutput struct { DBSnapshot *DBSnapshot `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSnapshotOutput) GoString() string { return s.String() } @@ -20173,10 +26961,16 @@ type CreateDBSubnetGroupInput struct { // The name for the DB subnet group. This value is stored as a lowercase string. // - // Constraints: Must contain no more than 255 letters, numbers, periods, underscores, - // spaces, or hyphens. Must not be default. + // Constraints: + // + // * Must contain no more than 255 letters, numbers, periods, underscores, + // spaces, or hyphens. + // + // * Must not be default. + // + // * First character must be a letter. // - // Example: mySubnetgroup + // Example: mydbsubnetgroup // // DBSubnetGroupName is a required field DBSubnetGroupName *string `type:"string" required:"true"` @@ -20190,12 +26984,20 @@ type CreateDBSubnetGroupInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSubnetGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSubnetGroupInput) GoString() string { return s.String() } @@ -20253,12 +27055,20 @@ type CreateDBSubnetGroupOutput struct { DBSubnetGroup *DBSubnetGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSubnetGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateDBSubnetGroupOutput) GoString() string { return s.String() } @@ -20272,21 +27082,26 @@ func (s *CreateDBSubnetGroupOutput) SetDBSubnetGroup(v *DBSubnetGroup) *CreateDB type CreateEventSubscriptionInput struct { _ struct{} `type:"structure"` - // A value that indicates whether to activate the subscription. If the event - // notification subscription isn't activated, the subscription is created but - // not active. + // Specifies whether to activate the subscription. If the event notification + // subscription isn't activated, the subscription is created but not active. Enabled *bool `type:"boolean"` // A list of event categories for a particular source type (SourceType) that // you want to subscribe to. You can see a list of the categories for a given - // source type in Events (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html) - // in the Amazon RDS User Guide or by using the DescribeEventCategories operation. + // source type in the "Amazon RDS event categories and event messages" section + // of the Amazon RDS User Guide (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html) + // or the Amazon Aurora User Guide (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html). + // You can also see this list by using the DescribeEventCategories operation. EventCategories []*string `locationNameList:"EventCategory" type:"list"` // The Amazon Resource Name (ARN) of the SNS topic created for event notification. - // The ARN is created by Amazon SNS when you create a topic and subscribe to + // SNS automatically creates the ARN when you create a topic and subscribe to // it. // + // RDS doesn't support FIFO (first in, first out) topics. For more information, + // see Message ordering and deduplication (FIFO topics) (https://docs.aws.amazon.com/sns/latest/dg/sns-fifo-topics.html) + // in the Amazon Simple Notification Service Developer Guide. + // // SnsTopicArn is a required field SnsTopicArn *string `type:"string" required:"true"` @@ -20297,7 +27112,7 @@ type CreateEventSubscriptionInput struct { // // Constraints: // - // * If a SourceIds value is supplied, SourceType must also be provided. + // * If SourceIds are supplied, SourceType must also be provided. // // * If the source type is a DB instance, a DBInstanceIdentifier value must // be supplied. @@ -20316,14 +27131,18 @@ type CreateEventSubscriptionInput struct { // // * If the source type is a DB cluster snapshot, a DBClusterSnapshotIdentifier // value must be supplied. + // + // * If the source type is an RDS Proxy, a DBProxyName value must be supplied. SourceIds []*string `locationNameList:"SourceId" type:"list"` // The type of source that is generating the events. For example, if you want // to be notified of events generated by a DB instance, you set this parameter - // to db-instance. If this value isn't specified, all events are returned. + // to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't + // specified, all events are returned. // - // Valid values: db-instance | db-cluster | db-parameter-group | db-security-group - // | db-snapshot | db-cluster-snapshot + // Valid Values:db-instance | db-cluster | db-parameter-group | db-security-group + // | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version + // | blue-green-deployment SourceType *string `type:"string"` // The name of the subscription. @@ -20338,12 +27157,20 @@ type CreateEventSubscriptionInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateEventSubscriptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateEventSubscriptionInput) GoString() string { return s.String() } @@ -20414,12 +27241,20 @@ type CreateEventSubscriptionOutput struct { EventSubscription *EventSubscription `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateEventSubscriptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateEventSubscriptionOutput) GoString() string { return s.String() } @@ -20433,38 +27268,106 @@ func (s *CreateEventSubscriptionOutput) SetEventSubscription(v *EventSubscriptio type CreateGlobalClusterInput struct { _ struct{} `type:"structure"` - // The name for your database of up to 64 alpha-numeric characters. If you do - // not provide a name, Amazon Aurora will not create a database in the global - // database cluster you are creating. + // The name for your database of up to 64 alphanumeric characters. If you don't + // specify a name, Amazon Aurora doesn't create a database in the global database + // cluster. + // + // Constraints: + // + // * Can't be specified if SourceDBClusterIdentifier is specified. In this + // case, Amazon Aurora uses the database name from the source DB cluster. DatabaseName *string `type:"string"` - // The deletion protection setting for the new global database. The global database - // can't be deleted when deletion protection is enabled. + // Specifies whether to enable deletion protection for the new global database + // cluster. The global database can't be deleted when deletion protection is + // enabled. DeletionProtection *bool `type:"boolean"` - // The name of the database engine to be used for this DB cluster. + // The database engine to use for this global database cluster. + // + // Valid Values: aurora-mysql | aurora-postgresql + // + // Constraints: + // + // * Can't be specified if SourceDBClusterIdentifier is specified. In this + // case, Amazon Aurora uses the engine of the source DB cluster. Engine *string `type:"string"` - // The engine version of the Aurora global database. + // The life cycle type for this global database cluster. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your global cluster into Amazon RDS Extended Support. At the end + // of standard support, you can avoid charges for Extended Support by setting + // the value to open-source-rds-extended-support-disabled. In this case, creating + // the global cluster will fail if the DB major version is past its end of standard + // support date. + // + // This setting only applies to Aurora PostgreSQL-based global databases. + // + // You can use this setting to enroll your global cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your global cluster past the end of standard support for that + // engine version. For more information, see Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + + // The engine version to use for this global database cluster. + // + // Constraints: + // + // * Can't be specified if SourceDBClusterIdentifier is specified. In this + // case, Amazon Aurora uses the engine version of the source DB cluster. EngineVersion *string `type:"string"` - // The cluster identifier of the new global database cluster. + // The cluster identifier for this global database cluster. This parameter is + // stored as a lowercase string. GlobalClusterIdentifier *string `type:"string"` // The Amazon Resource Name (ARN) to use as the primary cluster of the global - // database. This parameter is optional. + // database. + // + // If you provide a value for this parameter, don't specify values for the following + // settings because Amazon Aurora uses the values from the specified source + // DB cluster: + // + // * DatabaseName + // + // * Engine + // + // * EngineVersion + // + // * StorageEncrypted SourceDBClusterIdentifier *string `type:"string"` - // The storage encryption setting for the new global database cluster. + // Specifies whether to enable storage encryption for the new global database + // cluster. + // + // Constraints: + // + // * Can't be specified if SourceDBClusterIdentifier is specified. In this + // case, Amazon Aurora uses the setting from the source DB cluster. StorageEncrypted *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGlobalClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGlobalClusterInput) GoString() string { return s.String() } @@ -20487,6 +27390,12 @@ func (s *CreateGlobalClusterInput) SetEngine(v string) *CreateGlobalClusterInput return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *CreateGlobalClusterInput) SetEngineLifecycleSupport(v string) *CreateGlobalClusterInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *CreateGlobalClusterInput) SetEngineVersion(v string) *CreateGlobalClusterInput { s.EngineVersion = &v @@ -20518,12 +27427,20 @@ type CreateGlobalClusterOutput struct { GlobalCluster *GlobalCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGlobalClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateGlobalClusterOutput) GoString() string { return s.String() } @@ -20534,11 +27451,317 @@ func (s *CreateGlobalClusterOutput) SetGlobalCluster(v *GlobalCluster) *CreateGl return s } +type CreateIntegrationInput struct { + _ struct{} `type:"structure"` + + // An optional set of non-secret key–value pairs that contains additional + // contextual information about the data. For more information, see Encryption + // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Amazon Web Services Key Management Service Developer Guide. + // + // You can only include this parameter if you specify the KMSKeyId parameter. + AdditionalEncryptionContext map[string]*string `type:"map"` + + // Data filtering options for the integration. For more information, see Data + // filtering for Aurora zero-ETL integrations with Amazon Redshift (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/zero-etl.filtering.html). + // + // Valid for: Integrations with Aurora MySQL source DB clusters only + DataFilter *string `min:"1" type:"string"` + + // A description of the integration. + Description *string `type:"string"` + + // The name of the integration. + // + // IntegrationName is a required field + IntegrationName *string `min:"1" type:"string" required:"true"` + + // The Amazon Web Services Key Management System (Amazon Web Services KMS) key + // identifier for the key to use to encrypt the integration. If you don't specify + // an encryption key, RDS uses a default Amazon Web Services owned key. + KMSKeyId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the database to use as the source for replication. + // + // SourceArn is a required field + SourceArn *string `min:"1" type:"string" required:"true"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // The ARN of the Redshift data warehouse to use as the target for replication. + // + // TargetArn is a required field + TargetArn *string `min:"20" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIntegrationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIntegrationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateIntegrationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateIntegrationInput"} + if s.DataFilter != nil && len(*s.DataFilter) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DataFilter", 1)) + } + if s.IntegrationName == nil { + invalidParams.Add(request.NewErrParamRequired("IntegrationName")) + } + if s.IntegrationName != nil && len(*s.IntegrationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IntegrationName", 1)) + } + if s.SourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("SourceArn")) + } + if s.SourceArn != nil && len(*s.SourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SourceArn", 1)) + } + if s.TargetArn == nil { + invalidParams.Add(request.NewErrParamRequired("TargetArn")) + } + if s.TargetArn != nil && len(*s.TargetArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("TargetArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAdditionalEncryptionContext sets the AdditionalEncryptionContext field's value. +func (s *CreateIntegrationInput) SetAdditionalEncryptionContext(v map[string]*string) *CreateIntegrationInput { + s.AdditionalEncryptionContext = v + return s +} + +// SetDataFilter sets the DataFilter field's value. +func (s *CreateIntegrationInput) SetDataFilter(v string) *CreateIntegrationInput { + s.DataFilter = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateIntegrationInput) SetDescription(v string) *CreateIntegrationInput { + s.Description = &v + return s +} + +// SetIntegrationName sets the IntegrationName field's value. +func (s *CreateIntegrationInput) SetIntegrationName(v string) *CreateIntegrationInput { + s.IntegrationName = &v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *CreateIntegrationInput) SetKMSKeyId(v string) *CreateIntegrationInput { + s.KMSKeyId = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *CreateIntegrationInput) SetSourceArn(v string) *CreateIntegrationInput { + s.SourceArn = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateIntegrationInput) SetTags(v []*Tag) *CreateIntegrationInput { + s.Tags = v + return s +} + +// SetTargetArn sets the TargetArn field's value. +func (s *CreateIntegrationInput) SetTargetArn(v string) *CreateIntegrationInput { + s.TargetArn = &v + return s +} + +// A zero-ETL integration with Amazon Redshift. +type CreateIntegrationOutput struct { + _ struct{} `type:"structure"` + + // The encryption context for the integration. For more information, see Encryption + // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Amazon Web Services Key Management Service Developer Guide. + AdditionalEncryptionContext map[string]*string `type:"map"` + + // The time when the integration was created, in Universal Coordinated Time + // (UTC). + CreateTime *time.Time `type:"timestamp"` + + // Data filters for the integration. These filters determine which tables from + // the source database are sent to the target Amazon Redshift data warehouse. + DataFilter *string `min:"1" type:"string"` + + // A description of the integration. + Description *string `type:"string"` + + // Any errors associated with the integration. + Errors []*IntegrationError `locationNameList:"IntegrationError" type:"list"` + + // The ARN of the integration. + IntegrationArn *string `min:"1" type:"string"` + + // The name of the integration. + IntegrationName *string `min:"1" type:"string"` + + // The Amazon Web Services Key Management System (Amazon Web Services KMS) key + // identifier for the key used to to encrypt the integration. + KMSKeyId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the database used as the source for replication. + SourceArn *string `min:"1" type:"string"` + + // The current status of the integration. + Status *string `type:"string" enum:"IntegrationStatus"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // The ARN of the Redshift data warehouse used as the target for replication. + TargetArn *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIntegrationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateIntegrationOutput) GoString() string { + return s.String() +} + +// SetAdditionalEncryptionContext sets the AdditionalEncryptionContext field's value. +func (s *CreateIntegrationOutput) SetAdditionalEncryptionContext(v map[string]*string) *CreateIntegrationOutput { + s.AdditionalEncryptionContext = v + return s +} + +// SetCreateTime sets the CreateTime field's value. +func (s *CreateIntegrationOutput) SetCreateTime(v time.Time) *CreateIntegrationOutput { + s.CreateTime = &v + return s +} + +// SetDataFilter sets the DataFilter field's value. +func (s *CreateIntegrationOutput) SetDataFilter(v string) *CreateIntegrationOutput { + s.DataFilter = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateIntegrationOutput) SetDescription(v string) *CreateIntegrationOutput { + s.Description = &v + return s +} + +// SetErrors sets the Errors field's value. +func (s *CreateIntegrationOutput) SetErrors(v []*IntegrationError) *CreateIntegrationOutput { + s.Errors = v + return s +} + +// SetIntegrationArn sets the IntegrationArn field's value. +func (s *CreateIntegrationOutput) SetIntegrationArn(v string) *CreateIntegrationOutput { + s.IntegrationArn = &v + return s +} + +// SetIntegrationName sets the IntegrationName field's value. +func (s *CreateIntegrationOutput) SetIntegrationName(v string) *CreateIntegrationOutput { + s.IntegrationName = &v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *CreateIntegrationOutput) SetKMSKeyId(v string) *CreateIntegrationOutput { + s.KMSKeyId = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *CreateIntegrationOutput) SetSourceArn(v string) *CreateIntegrationOutput { + s.SourceArn = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *CreateIntegrationOutput) SetStatus(v string) *CreateIntegrationOutput { + s.Status = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateIntegrationOutput) SetTags(v []*Tag) *CreateIntegrationOutput { + s.Tags = v + return s +} + +// SetTargetArn sets the TargetArn field's value. +func (s *CreateIntegrationOutput) SetTargetArn(v string) *CreateIntegrationOutput { + s.TargetArn = &v + return s +} + type CreateOptionGroupInput struct { _ struct{} `type:"structure"` - // Specifies the name of the engine that this option group should be associated - // with. + // The name of the engine to associate this option group with. + // + // Valid Values: + // + // * db2-ae + // + // * db2-se + // + // * mariadb + // + // * mysql + // + // * oracle-ee + // + // * oracle-ee-cdb + // + // * oracle-se2 + // + // * oracle-se2-cdb + // + // * postgres + // + // * sqlserver-ee + // + // * sqlserver-se + // + // * sqlserver-ex + // + // * sqlserver-web // // EngineName is a required field EngineName *string `type:"string" required:"true"` @@ -20573,12 +27796,20 @@ type CreateOptionGroupInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateOptionGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateOptionGroupInput) GoString() string { return s.String() } @@ -20641,12 +27872,20 @@ type CreateOptionGroupOutput struct { OptionGroup *OptionGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateOptionGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateOptionGroupOutput) GoString() string { return s.String() } @@ -20657,68 +27896,237 @@ func (s *CreateOptionGroupOutput) SetOptionGroup(v *OptionGroup) *CreateOptionGr return s } -// A custom Availability Zone (AZ) is an on-premises AZ that is integrated with -// a VMware vSphere cluster. -// -// For more information about RDS on VMware, see the RDS on VMware User Guide. -// (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) -type CustomAvailabilityZone struct { +type CreateTenantDatabaseInput struct { _ struct{} `type:"structure"` - // The identifier of the custom AZ. + // The character set for your tenant database. If you don't specify a value, + // the character set name defaults to AL32UTF8. + CharacterSetName *string `type:"string"` + + // The user-supplied DB instance identifier. RDS creates your tenant database + // in this DB instance. This parameter isn't case-sensitive. + // + // DBInstanceIdentifier is a required field + DBInstanceIdentifier *string `type:"string" required:"true"` + + // The password for the master user in your tenant database. + // + // Constraints: + // + // * Must be 8 to 30 characters. + // + // * Can include any printable ASCII character except forward slash (/), + // double quote ("), at symbol (@), ampersand (&), or single quote ('). + // + // MasterUserPassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTenantDatabaseInput's + // String and GoString methods. + // + // MasterUserPassword is a required field + MasterUserPassword *string `type:"string" required:"true" sensitive:"true"` + + // The name for the master user account in your tenant database. RDS creates + // this user account in the tenant database and grants privileges to the master + // user. This parameter is case-sensitive. + // + // Constraints: + // + // * Must be 1 to 16 letters, numbers, or underscores. // - // Amazon RDS generates a unique identifier when a custom AZ is created. - CustomAvailabilityZoneId *string `type:"string"` + // * First character must be a letter. + // + // * Can't be a reserved word for the chosen database engine. + // + // MasterUsername is a required field + MasterUsername *string `type:"string" required:"true"` - // The name of the custom AZ. - CustomAvailabilityZoneName *string `type:"string"` + // The NCHAR value for the tenant database. + NcharCharacterSetName *string `type:"string"` - // The status of the custom AZ. - CustomAvailabilityZoneStatus *string `type:"string"` + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` - // Information about the virtual private network (VPN) between the VMware vSphere - // cluster and the AWS website. - VpnDetails *VpnDetails `type:"structure"` + // The user-supplied name of the tenant database that you want to create in + // your DB instance. This parameter has the same constraints as DBName in CreateDBInstance. + // + // TenantDBName is a required field + TenantDBName *string `type:"string" required:"true"` } -// String returns the string representation -func (s CustomAvailabilityZone) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTenantDatabaseInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s CustomAvailabilityZone) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTenantDatabaseInput) GoString() string { return s.String() } -// SetCustomAvailabilityZoneId sets the CustomAvailabilityZoneId field's value. -func (s *CustomAvailabilityZone) SetCustomAvailabilityZoneId(v string) *CustomAvailabilityZone { - s.CustomAvailabilityZoneId = &v +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTenantDatabaseInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTenantDatabaseInput"} + if s.DBInstanceIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) + } + if s.MasterUserPassword == nil { + invalidParams.Add(request.NewErrParamRequired("MasterUserPassword")) + } + if s.MasterUsername == nil { + invalidParams.Add(request.NewErrParamRequired("MasterUsername")) + } + if s.TenantDBName == nil { + invalidParams.Add(request.NewErrParamRequired("TenantDBName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCharacterSetName sets the CharacterSetName field's value. +func (s *CreateTenantDatabaseInput) SetCharacterSetName(v string) *CreateTenantDatabaseInput { + s.CharacterSetName = &v + return s +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *CreateTenantDatabaseInput) SetDBInstanceIdentifier(v string) *CreateTenantDatabaseInput { + s.DBInstanceIdentifier = &v + return s +} + +// SetMasterUserPassword sets the MasterUserPassword field's value. +func (s *CreateTenantDatabaseInput) SetMasterUserPassword(v string) *CreateTenantDatabaseInput { + s.MasterUserPassword = &v + return s +} + +// SetMasterUsername sets the MasterUsername field's value. +func (s *CreateTenantDatabaseInput) SetMasterUsername(v string) *CreateTenantDatabaseInput { + s.MasterUsername = &v + return s +} + +// SetNcharCharacterSetName sets the NcharCharacterSetName field's value. +func (s *CreateTenantDatabaseInput) SetNcharCharacterSetName(v string) *CreateTenantDatabaseInput { + s.NcharCharacterSetName = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateTenantDatabaseInput) SetTags(v []*Tag) *CreateTenantDatabaseInput { + s.Tags = v + return s +} + +// SetTenantDBName sets the TenantDBName field's value. +func (s *CreateTenantDatabaseInput) SetTenantDBName(v string) *CreateTenantDatabaseInput { + s.TenantDBName = &v return s } -// SetCustomAvailabilityZoneName sets the CustomAvailabilityZoneName field's value. -func (s *CustomAvailabilityZone) SetCustomAvailabilityZoneName(v string) *CustomAvailabilityZone { - s.CustomAvailabilityZoneName = &v +type CreateTenantDatabaseOutput struct { + _ struct{} `type:"structure"` + + // A tenant database in the DB instance. This data type is an element in the + // response to the DescribeTenantDatabases action. + TenantDatabase *TenantDatabase `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTenantDatabaseOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTenantDatabaseOutput) GoString() string { + return s.String() +} + +// SetTenantDatabase sets the TenantDatabase field's value. +func (s *CreateTenantDatabaseOutput) SetTenantDatabase(v *TenantDatabase) *CreateTenantDatabaseOutput { + s.TenantDatabase = v return s } -// SetCustomAvailabilityZoneStatus sets the CustomAvailabilityZoneStatus field's value. -func (s *CustomAvailabilityZone) SetCustomAvailabilityZoneStatus(v string) *CustomAvailabilityZone { - s.CustomAvailabilityZoneStatus = &v +// A value that indicates the AMI information. +type CustomDBEngineVersionAMI struct { + _ struct{} `type:"structure"` + + // A value that indicates the ID of the AMI. + ImageId *string `type:"string"` + + // A value that indicates the status of a custom engine version (CEV). + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CustomDBEngineVersionAMI) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CustomDBEngineVersionAMI) GoString() string { + return s.String() +} + +// SetImageId sets the ImageId field's value. +func (s *CustomDBEngineVersionAMI) SetImageId(v string) *CustomDBEngineVersionAMI { + s.ImageId = &v return s } -// SetVpnDetails sets the VpnDetails field's value. -func (s *CustomAvailabilityZone) SetVpnDetails(v *VpnDetails) *CustomAvailabilityZone { - s.VpnDetails = v +// SetStatus sets the Status field's value. +func (s *CustomDBEngineVersionAMI) SetStatus(v string) *CustomDBEngineVersionAMI { + s.Status = &v return s } -// Contains the details of an Amazon Aurora DB cluster. +// Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. +// +// For an Amazon Aurora DB cluster, this data type is used as a response element +// in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, +// ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, +// RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. +// +// For a Multi-AZ DB cluster, this data type is used as a response element in +// the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, +// ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. +// +// For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) +// in the Amazon Aurora User Guide. // -// This data type is used as a response element in the DescribeDBClusters, StopDBCluster, -// and StartDBCluster actions. +// For more information on Multi-AZ DB clusters, see Multi-AZ deployments with +// two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) +// in the Amazon RDS User Guide. type DBCluster struct { _ struct{} `type:"structure"` @@ -20726,11 +28134,11 @@ type DBCluster struct { // stream. ActivityStreamKinesisStreamName *string `type:"string"` - // The AWS KMS key identifier used for encrypting messages in the database activity - // stream. + // The Amazon Web Services KMS key identifier used for encrypting messages in + // the database activity stream. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. ActivityStreamKmsKeyId *string `type:"string"` // The mode of the database activity stream. Database events such as a change @@ -20747,16 +28155,28 @@ type DBCluster struct { // instead automatically adjusts as needed. AllocatedStorage *int64 `type:"integer"` - // Provides a list of the AWS Identity and Access Management (IAM) roles that - // are associated with the DB cluster. IAM roles that are associated with a - // DB cluster grant permission for the DB cluster to access other AWS services - // on your behalf. + // A list of the Amazon Web Services Identity and Access Management (IAM) roles + // that are associated with the DB cluster. IAM roles that are associated with + // a DB cluster grant permission for the DB cluster to access other Amazon Web + // Services on your behalf. AssociatedRoles []*DBClusterRole `locationNameList:"DBClusterRole" type:"list"` - // Provides the list of Availability Zones (AZs) where instances in the DB cluster - // can be created. + // Indicates whether minor version patches are applied automatically. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + AutoMinorVersionUpgrade *bool `type:"boolean"` + + // The time when a stopped DB cluster is restarted automatically. + AutomaticRestartTime *time.Time `type:"timestamp"` + + // The list of Availability Zones (AZs) where instances in the DB cluster can + // be created. AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` + // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services + // Backup. + AwsBackupRecoveryPointArn *string `type:"string"` + // The number of change records stored for Backtrack. BacktrackConsumedChangeRecords *int64 `type:"long"` @@ -20764,70 +28184,86 @@ type DBCluster struct { // is disabled for the DB cluster. Otherwise, backtracking is enabled. BacktrackWindow *int64 `type:"long"` - // Specifies the number of days for which automatic DB snapshots are retained. + // The number of days for which automatic DB snapshots are retained. BackupRetentionPeriod *int64 `type:"integer"` - // The current capacity of an Aurora Serverless DB cluster. The capacity is - // 0 (zero) when the cluster is paused. + // The current capacity of an Aurora Serverless v1 DB cluster. The capacity + // is 0 (zero) when the cluster is paused. // - // For more information about Aurora Serverless, see Using Amazon Aurora Serverless - // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) + // For more information about Aurora Serverless v1, see Using Amazon Aurora + // Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) // in the Amazon Aurora User Guide. Capacity *int64 `type:"integer"` + // The details of the DB instance’s server certificate. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CertificateDetails *CertificateDetails `type:"structure"` + // If present, specifies the name of the character set that this cluster is // associated with. CharacterSetName *string `type:"string"` - // Identifies the clone group to which the DB cluster is associated. + // The ID of the clone group with which the DB cluster is associated. CloneGroupId *string `type:"string"` - // Specifies the time when the DB cluster was created, in Universal Coordinated - // Time (UTC). + // The time when the DB cluster was created, in Universal Coordinated Time (UTC). ClusterCreateTime *time.Time `type:"timestamp"` - // Specifies whether tags are copied from the DB cluster to snapshots of the + // Indicates whether tags are copied from the DB cluster to snapshots of the // DB cluster. CopyTagsToSnapshot *bool `type:"boolean"` - // Specifies whether the DB cluster is a clone of a DB cluster owned by a different - // AWS account. + // Indicates whether the DB cluster is a clone of a DB cluster owned by a different + // Amazon Web Services account. CrossAccountClone *bool `type:"boolean"` - // Identifies all custom endpoints associated with the cluster. + // The custom endpoints associated with the DB cluster. CustomEndpoints []*string `type:"list"` // The Amazon Resource Name (ARN) for the DB cluster. DBClusterArn *string `type:"string"` - // Contains a user-supplied DB cluster identifier. This identifier is the unique + // The user-supplied identifier for the DB cluster. This identifier is the unique // key that identifies a DB cluster. DBClusterIdentifier *string `type:"string"` - // Provides the list of instances that make up the DB cluster. + // The name of the compute and memory capacity class of the DB instance. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + DBClusterInstanceClass *string `type:"string"` + + // The list of DB instances that make up the DB cluster. DBClusterMembers []*DBClusterMember `locationNameList:"DBClusterMember" type:"list"` - // Provides the list of option group memberships for this DB cluster. + // The list of option group memberships for this DB cluster. DBClusterOptionGroupMemberships []*DBClusterOptionGroupStatus `locationNameList:"DBClusterOptionGroup" type:"list"` - // Specifies the name of the DB cluster parameter group for the DB cluster. + // The name of the DB cluster parameter group for the DB cluster. DBClusterParameterGroup *string `type:"string"` - // Specifies information on the subnet group associated with the DB cluster, - // including the name, description, and subnets in the subnet group. + // Information about the subnet group associated with the DB cluster, including + // the name, description, and subnets in the subnet group. DBSubnetGroup *string `type:"string"` - // Contains the name of the initial database of this DB cluster that was provided - // at create time, if one was specified when the DB cluster was created. This - // same name is returned for the life of the DB cluster. + // Reserved for future use. + DBSystemId *string `type:"string"` + + // The name of the initial database that was specified for the DB cluster when + // it was created, if one was provided. This same name is returned for the life + // of the DB cluster. DatabaseName *string `type:"string"` - // The AWS Region-unique, immutable identifier for the DB cluster. This identifier - // is found in AWS CloudTrail log entries whenever the AWS KMS CMK for the DB - // cluster is accessed. + // The Amazon Web Services Region-unique, immutable identifier for the DB cluster. + // This identifier is found in Amazon Web Services CloudTrail log entries whenever + // the KMS key for the DB cluster is accessed. DbClusterResourceId *string `type:"string"` - // Indicates if the DB cluster has deletion protection enabled. The database + // Indicates whether the DB cluster has deletion protection enabled. The database // can't be deleted when deletion protection is enabled. DeletionProtection *bool `type:"boolean"` @@ -20849,81 +28285,192 @@ type DBCluster struct { // in the Amazon Aurora User Guide. EnabledCloudwatchLogsExports []*string `type:"list"` - // Specifies the connection endpoint for the primary instance of the DB cluster. + // The connection endpoint for the primary instance of the DB cluster. Endpoint *string `type:"string"` - // The name of the database engine to be used for this DB cluster. + // The database engine used for this DB cluster. Engine *string `type:"string"` - // The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, - // global, or multimaster. + // The life cycle type for the DB cluster. // - // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). - EngineMode *string `type:"string"` + // For more information, see CreateDBCluster. + EngineLifecycleSupport *string `type:"string"` - // Indicates the database engine version. + // The DB engine mode of the DB cluster, either provisioned or serverless. + // + // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). + EngineMode *string `type:"string"` + + // The version of the database engine. EngineVersion *string `type:"string"` - // Specifies whether you have requested to enable write forwarding for a secondary - // cluster in an Aurora global database. Because write forwarding takes time - // to enable, check the value of GlobalWriteForwardingStatus to confirm that - // the request has completed before using the write forwarding feature for this - // cluster. + // Indicates whether write forwarding is enabled for a secondary cluster in + // an Aurora global database. Because write forwarding takes time to enable, + // check the value of GlobalWriteForwardingStatus to confirm that the request + // has completed before using the write forwarding feature for this cluster. GlobalWriteForwardingRequested *bool `type:"boolean"` - // Specifies whether a secondary cluster in an Aurora global database has write - // forwarding enabled, not enabled, or is in the process of enabling it. + // The status of write forwarding for a secondary cluster in an Aurora global + // database. GlobalWriteForwardingStatus *string `type:"string" enum:"WriteForwardingStatus"` - // Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. + // The ID that Amazon Route 53 assigns when you create a hosted zone. HostedZoneId *string `type:"string"` - // A value that indicates whether the HTTP endpoint for an Aurora Serverless - // DB cluster is enabled. + // Indicates whether the HTTP endpoint is enabled for an Aurora DB cluster. // // When enabled, the HTTP endpoint provides a connectionless web service API - // for running SQL queries on the Aurora Serverless DB cluster. You can also - // query your database from inside the RDS console with the query editor. + // (RDS Data API) for running SQL queries on the DB cluster. You can also query + // your database from inside the RDS console with the RDS query editor. // - // For more information, see Using the Data API for Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) + // For more information, see Using RDS Data API (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) // in the Amazon Aurora User Guide. HttpEndpointEnabled *bool `type:"boolean"` - // A value that indicates whether the mapping of AWS Identity and Access Management - // (IAM) accounts to database accounts is enabled. + // Indicates whether the mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts is enabled. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` - // If StorageEncrypted is enabled, the AWS KMS key identifier for the encrypted - // DB cluster. + // The next time you can modify the DB cluster to use the aurora-iopt1 storage + // type. + // + // This setting is only for Aurora DB clusters. + IOOptimizedNextAllowedModificationTime *time.Time `type:"timestamp"` + + // The Provisioned IOPS (I/O operations per second) value. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // This setting is only for non-Aurora Multi-AZ DB clusters. + Iops *int64 `type:"integer"` + + // If StorageEncrypted is enabled, the Amazon Web Services KMS key identifier + // for the encrypted DB cluster. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` - // Specifies the latest time to which a database can be restored with point-in-time - // restore. + // The latest time to which a database can be restored with point-in-time restore. LatestRestorableTime *time.Time `type:"timestamp"` - // Contains the master username for the DB cluster. + // The details for Aurora Limitless Database. + LimitlessDatabase *LimitlessDatabase `type:"structure"` + + // Indicates whether an Aurora DB cluster has in-cluster write forwarding enabled, + // not enabled, requested, or is in the process of enabling it. + LocalWriteForwardingStatus *string `type:"string" enum:"LocalWriteForwardingStatus"` + + // The secret managed by RDS in Amazon Web Services Secrets Manager for the + // master user password. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide and Password management with Amazon Web Services + // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + // in the Amazon Aurora User Guide. + MasterUserSecret *MasterUserSecret `type:"structure"` + + // The master username for the DB cluster. MasterUsername *string `type:"string"` - // Specifies whether the DB cluster has instances in multiple Availability Zones. + // The interval, in seconds, between points when Enhanced Monitoring metrics + // are collected for the DB cluster. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + MonitoringInterval *int64 `type:"integer"` + + // The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics + // to Amazon CloudWatch Logs. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + MonitoringRoleArn *string `type:"string"` + + // Indicates whether the DB cluster has instances in multiple Availability Zones. MultiAZ *bool `type:"boolean"` - // Specifies the progress of the operation as a percentage. + // The network type of the DB instance. + // + // The network type is determined by the DBSubnetGroup specified for the DB + // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and + // the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + // + // This setting is only for Aurora DB clusters. + // + // Valid Values: IPV4 | DUAL + NetworkType *string `type:"string"` + + // Information about pending changes to the DB cluster. This information is + // returned only when there are pending changes. Specific changes are identified + // by subelements. + PendingModifiedValues *ClusterPendingModifiedValues `type:"structure"` + + // The progress of the operation as a percentage. PercentProgress *string `type:"string"` - // Specifies the port that the database engine is listening on. + // Indicates whether Performance Insights is enabled for the DB cluster. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + PerformanceInsightsEnabled *bool `type:"boolean"` + + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + PerformanceInsightsKMSKeyId *string `type:"string"` + + // The number of days to retain Performance Insights data. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + // + // Valid Values: + // + // * 7 + // + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) + // + // * 731 + // + // Default: 7 days + PerformanceInsightsRetentionPeriod *int64 `type:"integer"` + + // The port that the database engine is listening on. Port *int64 `type:"integer"` - // Specifies the daily time range during which automated backups are created - // if automated backups are enabled, as determined by the BackupRetentionPeriod. + // The daily time range during which automated backups are created if automated + // backups are enabled, as determined by the BackupRetentionPeriod. PreferredBackupWindow *string `type:"string"` - // Specifies the weekly time range during which system maintenance can occur, - // in Universal Coordinated Time (UTC). + // The weekly time range during which system maintenance can occur, in Universal + // Coordinated Time (UTC). PreferredMaintenanceWindow *string `type:"string"` + // Indicates whether the DB cluster is publicly accessible. + // + // When the DB cluster is publicly accessible and you connect from outside of + // the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) + // endpoint resolves to the public IP address. When you connect from within + // the same VPC as the DB cluster, the endpoint resolves to the private IP address. + // Access to the DB cluster is ultimately controlled by the security group it + // uses. That public access isn't permitted if the security group assigned to + // the DB cluster doesn't permit it. + // + // When the DB cluster isn't publicly accessible, it is an internal DB cluster + // with a DNS name that resolves to a private IP address. + // + // For more information, see CreateDBCluster. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + PubliclyAccessible *bool `type:"boolean"` + + // Reserved for future use. + RdsCustomClusterConfiguration *RdsCustomClusterConfiguration `type:"structure"` + // Contains one or more identifiers of the read replicas associated with this // DB cluster. ReadReplicaIdentifiers []*string `locationNameList:"ReadReplicaIdentifier" type:"list"` @@ -20941,37 +28488,62 @@ type DBCluster struct { // then reconnect to the reader endpoint. ReaderEndpoint *string `type:"string"` - // Contains the identifier of the source DB cluster if this DB cluster is a - // read replica. + // The identifier of the source DB cluster if this DB cluster is a read replica. ReplicationSourceIdentifier *string `type:"string"` - // Shows the scaling configuration for an Aurora DB cluster in serverless DB - // engine mode. + // The scaling configuration for an Aurora DB cluster in serverless DB engine + // mode. // - // For more information, see Using Amazon Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) + // For more information, see Using Amazon Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) // in the Amazon Aurora User Guide. ScalingConfigurationInfo *ScalingConfigurationInfo `type:"structure"` - // Specifies the current state of this DB cluster. + // The scaling configuration for an Aurora Serverless v2 DB cluster. + // + // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) + // in the Amazon Aurora User Guide. + ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfigurationInfo `type:"structure"` + + // The current state of this DB cluster. Status *string `type:"string"` - // Specifies whether the DB cluster is encrypted. + // Reserved for future use. + StatusInfos []*DBClusterStatusInfo `locationNameList:"DBClusterStatusInfo" type:"list"` + + // Indicates whether the DB cluster is encrypted. StorageEncrypted *bool `type:"boolean"` + // The storage throughput for the DB cluster. The throughput is automatically + // set based on the IOPS that you provision, and is not configurable. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + StorageThroughput *int64 `type:"integer"` + + // The storage type associated with the DB cluster. + StorageType *string `type:"string"` + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. TagList []*Tag `locationNameList:"Tag" type:"list"` - // Provides a list of VPC security groups that the DB cluster belongs to. + // The list of VPC security groups that the DB cluster belongs to. VpcSecurityGroups []*VpcSecurityGroupMembership `locationNameList:"VpcSecurityGroupMembership" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBCluster) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBCluster) GoString() string { return s.String() } @@ -21012,12 +28584,30 @@ func (s *DBCluster) SetAssociatedRoles(v []*DBClusterRole) *DBCluster { return s } +// SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. +func (s *DBCluster) SetAutoMinorVersionUpgrade(v bool) *DBCluster { + s.AutoMinorVersionUpgrade = &v + return s +} + +// SetAutomaticRestartTime sets the AutomaticRestartTime field's value. +func (s *DBCluster) SetAutomaticRestartTime(v time.Time) *DBCluster { + s.AutomaticRestartTime = &v + return s +} + // SetAvailabilityZones sets the AvailabilityZones field's value. func (s *DBCluster) SetAvailabilityZones(v []*string) *DBCluster { s.AvailabilityZones = v return s } +// SetAwsBackupRecoveryPointArn sets the AwsBackupRecoveryPointArn field's value. +func (s *DBCluster) SetAwsBackupRecoveryPointArn(v string) *DBCluster { + s.AwsBackupRecoveryPointArn = &v + return s +} + // SetBacktrackConsumedChangeRecords sets the BacktrackConsumedChangeRecords field's value. func (s *DBCluster) SetBacktrackConsumedChangeRecords(v int64) *DBCluster { s.BacktrackConsumedChangeRecords = &v @@ -21042,6 +28632,12 @@ func (s *DBCluster) SetCapacity(v int64) *DBCluster { return s } +// SetCertificateDetails sets the CertificateDetails field's value. +func (s *DBCluster) SetCertificateDetails(v *CertificateDetails) *DBCluster { + s.CertificateDetails = v + return s +} + // SetCharacterSetName sets the CharacterSetName field's value. func (s *DBCluster) SetCharacterSetName(v string) *DBCluster { s.CharacterSetName = &v @@ -21090,6 +28686,12 @@ func (s *DBCluster) SetDBClusterIdentifier(v string) *DBCluster { return s } +// SetDBClusterInstanceClass sets the DBClusterInstanceClass field's value. +func (s *DBCluster) SetDBClusterInstanceClass(v string) *DBCluster { + s.DBClusterInstanceClass = &v + return s +} + // SetDBClusterMembers sets the DBClusterMembers field's value. func (s *DBCluster) SetDBClusterMembers(v []*DBClusterMember) *DBCluster { s.DBClusterMembers = v @@ -21114,6 +28716,12 @@ func (s *DBCluster) SetDBSubnetGroup(v string) *DBCluster { return s } +// SetDBSystemId sets the DBSystemId field's value. +func (s *DBCluster) SetDBSystemId(v string) *DBCluster { + s.DBSystemId = &v + return s +} + // SetDatabaseName sets the DatabaseName field's value. func (s *DBCluster) SetDatabaseName(v string) *DBCluster { s.DatabaseName = &v @@ -21168,6 +28776,12 @@ func (s *DBCluster) SetEngine(v string) *DBCluster { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *DBCluster) SetEngineLifecycleSupport(v string) *DBCluster { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineMode sets the EngineMode field's value. func (s *DBCluster) SetEngineMode(v string) *DBCluster { s.EngineMode = &v @@ -21210,6 +28824,18 @@ func (s *DBCluster) SetIAMDatabaseAuthenticationEnabled(v bool) *DBCluster { return s } +// SetIOOptimizedNextAllowedModificationTime sets the IOOptimizedNextAllowedModificationTime field's value. +func (s *DBCluster) SetIOOptimizedNextAllowedModificationTime(v time.Time) *DBCluster { + s.IOOptimizedNextAllowedModificationTime = &v + return s +} + +// SetIops sets the Iops field's value. +func (s *DBCluster) SetIops(v int64) *DBCluster { + s.Iops = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *DBCluster) SetKmsKeyId(v string) *DBCluster { s.KmsKeyId = &v @@ -21222,24 +28848,84 @@ func (s *DBCluster) SetLatestRestorableTime(v time.Time) *DBCluster { return s } +// SetLimitlessDatabase sets the LimitlessDatabase field's value. +func (s *DBCluster) SetLimitlessDatabase(v *LimitlessDatabase) *DBCluster { + s.LimitlessDatabase = v + return s +} + +// SetLocalWriteForwardingStatus sets the LocalWriteForwardingStatus field's value. +func (s *DBCluster) SetLocalWriteForwardingStatus(v string) *DBCluster { + s.LocalWriteForwardingStatus = &v + return s +} + +// SetMasterUserSecret sets the MasterUserSecret field's value. +func (s *DBCluster) SetMasterUserSecret(v *MasterUserSecret) *DBCluster { + s.MasterUserSecret = v + return s +} + // SetMasterUsername sets the MasterUsername field's value. func (s *DBCluster) SetMasterUsername(v string) *DBCluster { s.MasterUsername = &v return s } +// SetMonitoringInterval sets the MonitoringInterval field's value. +func (s *DBCluster) SetMonitoringInterval(v int64) *DBCluster { + s.MonitoringInterval = &v + return s +} + +// SetMonitoringRoleArn sets the MonitoringRoleArn field's value. +func (s *DBCluster) SetMonitoringRoleArn(v string) *DBCluster { + s.MonitoringRoleArn = &v + return s +} + // SetMultiAZ sets the MultiAZ field's value. func (s *DBCluster) SetMultiAZ(v bool) *DBCluster { s.MultiAZ = &v return s } +// SetNetworkType sets the NetworkType field's value. +func (s *DBCluster) SetNetworkType(v string) *DBCluster { + s.NetworkType = &v + return s +} + +// SetPendingModifiedValues sets the PendingModifiedValues field's value. +func (s *DBCluster) SetPendingModifiedValues(v *ClusterPendingModifiedValues) *DBCluster { + s.PendingModifiedValues = v + return s +} + // SetPercentProgress sets the PercentProgress field's value. func (s *DBCluster) SetPercentProgress(v string) *DBCluster { s.PercentProgress = &v return s } +// SetPerformanceInsightsEnabled sets the PerformanceInsightsEnabled field's value. +func (s *DBCluster) SetPerformanceInsightsEnabled(v bool) *DBCluster { + s.PerformanceInsightsEnabled = &v + return s +} + +// SetPerformanceInsightsKMSKeyId sets the PerformanceInsightsKMSKeyId field's value. +func (s *DBCluster) SetPerformanceInsightsKMSKeyId(v string) *DBCluster { + s.PerformanceInsightsKMSKeyId = &v + return s +} + +// SetPerformanceInsightsRetentionPeriod sets the PerformanceInsightsRetentionPeriod field's value. +func (s *DBCluster) SetPerformanceInsightsRetentionPeriod(v int64) *DBCluster { + s.PerformanceInsightsRetentionPeriod = &v + return s +} + // SetPort sets the Port field's value. func (s *DBCluster) SetPort(v int64) *DBCluster { s.Port = &v @@ -21258,6 +28944,18 @@ func (s *DBCluster) SetPreferredMaintenanceWindow(v string) *DBCluster { return s } +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *DBCluster) SetPubliclyAccessible(v bool) *DBCluster { + s.PubliclyAccessible = &v + return s +} + +// SetRdsCustomClusterConfiguration sets the RdsCustomClusterConfiguration field's value. +func (s *DBCluster) SetRdsCustomClusterConfiguration(v *RdsCustomClusterConfiguration) *DBCluster { + s.RdsCustomClusterConfiguration = v + return s +} + // SetReadReplicaIdentifiers sets the ReadReplicaIdentifiers field's value. func (s *DBCluster) SetReadReplicaIdentifiers(v []*string) *DBCluster { s.ReadReplicaIdentifiers = v @@ -21282,18 +28980,42 @@ func (s *DBCluster) SetScalingConfigurationInfo(v *ScalingConfigurationInfo) *DB return s } +// SetServerlessV2ScalingConfiguration sets the ServerlessV2ScalingConfiguration field's value. +func (s *DBCluster) SetServerlessV2ScalingConfiguration(v *ServerlessV2ScalingConfigurationInfo) *DBCluster { + s.ServerlessV2ScalingConfiguration = v + return s +} + // SetStatus sets the Status field's value. func (s *DBCluster) SetStatus(v string) *DBCluster { s.Status = &v return s } +// SetStatusInfos sets the StatusInfos field's value. +func (s *DBCluster) SetStatusInfos(v []*DBClusterStatusInfo) *DBCluster { + s.StatusInfos = v + return s +} + // SetStorageEncrypted sets the StorageEncrypted field's value. func (s *DBCluster) SetStorageEncrypted(v bool) *DBCluster { s.StorageEncrypted = &v return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *DBCluster) SetStorageThroughput(v int64) *DBCluster { + s.StorageThroughput = &v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *DBCluster) SetStorageType(v string) *DBCluster { + s.StorageType = &v + return s +} + // SetTagList sets the TagList field's value. func (s *DBCluster) SetTagList(v []*Tag) *DBCluster { s.TagList = v @@ -21306,17 +29028,292 @@ func (s *DBCluster) SetVpcSecurityGroups(v []*VpcSecurityGroupMembership) *DBClu return s } +// An automated backup of a DB cluster. It consists of system backups, transaction +// logs, and the database cluster properties that existed at the time you deleted +// the source cluster. +type DBClusterAutomatedBackup struct { + _ struct{} `type:"structure"` + + // For all database engines except Amazon Aurora, AllocatedStorage specifies + // the allocated storage size in gibibytes (GiB). For Aurora, AllocatedStorage + // always returns 1, because Aurora DB cluster storage size isn't fixed, but + // instead automatically adjusts as needed. + AllocatedStorage *int64 `type:"integer"` + + // The Availability Zones where instances in the DB cluster can be created. + // For information on Amazon Web Services Regions and Availability Zones, see + // Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html). + AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` + + // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services + // Backup. + AwsBackupRecoveryPointArn *string `type:"string"` + + // The retention period for the automated backups. + BackupRetentionPeriod *int64 `type:"integer"` + + // The time when the DB cluster was created, in Universal Coordinated Time (UTC). + ClusterCreateTime *time.Time `type:"timestamp"` + + // The Amazon Resource Name (ARN) for the source DB cluster. + DBClusterArn *string `type:"string"` + + // The Amazon Resource Name (ARN) for the automated backups. + DBClusterAutomatedBackupsArn *string `type:"string"` + + // The identifier for the source DB cluster, which can't be changed and which + // is unique to an Amazon Web Services Region. + DBClusterIdentifier *string `type:"string"` + + // The resource ID for the source DB cluster, which can't be changed and which + // is unique to an Amazon Web Services Region. + DbClusterResourceId *string `type:"string"` + + // The name of the database engine for this automated backup. + Engine *string `type:"string"` + + // The engine mode of the database engine for the automated backup. + EngineMode *string `type:"string"` + + // The version of the database engine for the automated backup. + EngineVersion *string `type:"string"` + + // Indicates whether mapping of Amazon Web Services Identity and Access Management + // (IAM) accounts to database accounts is enabled. + IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` + + // The IOPS (I/O operations per second) value for the automated backup. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + Iops *int64 `type:"integer"` + + // The Amazon Web Services KMS key ID for an automated backup. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. + KmsKeyId *string `type:"string"` + + // The license model information for this DB cluster automated backup. + LicenseModel *string `type:"string"` + + // The master user name of the automated backup. + MasterUsername *string `type:"string"` + + // The port number that the automated backup used for connections. + // + // Default: Inherits from the source DB cluster + // + // Valid Values: 1150-65535 + Port *int64 `type:"integer"` + + // The Amazon Web Services Region associated with the automated backup. + Region *string `type:"string"` + + // Earliest and latest time an instance can be restored to: + RestoreWindow *RestoreWindow `type:"structure"` + + // A list of status information for an automated backup: + // + // * retained - Automated backups for deleted clusters. + Status *string `type:"string"` + + // Indicates whether the source DB cluster is encrypted. + StorageEncrypted *bool `type:"boolean"` + + // The storage throughput for the automated backup. The throughput is automatically + // set based on the IOPS that you provision, and is not configurable. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + StorageThroughput *int64 `type:"integer"` + + // The storage type associated with the DB cluster. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + StorageType *string `type:"string"` + + // The VPC ID associated with the DB cluster. + VpcId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBClusterAutomatedBackup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBClusterAutomatedBackup) GoString() string { + return s.String() +} + +// SetAllocatedStorage sets the AllocatedStorage field's value. +func (s *DBClusterAutomatedBackup) SetAllocatedStorage(v int64) *DBClusterAutomatedBackup { + s.AllocatedStorage = &v + return s +} + +// SetAvailabilityZones sets the AvailabilityZones field's value. +func (s *DBClusterAutomatedBackup) SetAvailabilityZones(v []*string) *DBClusterAutomatedBackup { + s.AvailabilityZones = v + return s +} + +// SetAwsBackupRecoveryPointArn sets the AwsBackupRecoveryPointArn field's value. +func (s *DBClusterAutomatedBackup) SetAwsBackupRecoveryPointArn(v string) *DBClusterAutomatedBackup { + s.AwsBackupRecoveryPointArn = &v + return s +} + +// SetBackupRetentionPeriod sets the BackupRetentionPeriod field's value. +func (s *DBClusterAutomatedBackup) SetBackupRetentionPeriod(v int64) *DBClusterAutomatedBackup { + s.BackupRetentionPeriod = &v + return s +} + +// SetClusterCreateTime sets the ClusterCreateTime field's value. +func (s *DBClusterAutomatedBackup) SetClusterCreateTime(v time.Time) *DBClusterAutomatedBackup { + s.ClusterCreateTime = &v + return s +} + +// SetDBClusterArn sets the DBClusterArn field's value. +func (s *DBClusterAutomatedBackup) SetDBClusterArn(v string) *DBClusterAutomatedBackup { + s.DBClusterArn = &v + return s +} + +// SetDBClusterAutomatedBackupsArn sets the DBClusterAutomatedBackupsArn field's value. +func (s *DBClusterAutomatedBackup) SetDBClusterAutomatedBackupsArn(v string) *DBClusterAutomatedBackup { + s.DBClusterAutomatedBackupsArn = &v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *DBClusterAutomatedBackup) SetDBClusterIdentifier(v string) *DBClusterAutomatedBackup { + s.DBClusterIdentifier = &v + return s +} + +// SetDbClusterResourceId sets the DbClusterResourceId field's value. +func (s *DBClusterAutomatedBackup) SetDbClusterResourceId(v string) *DBClusterAutomatedBackup { + s.DbClusterResourceId = &v + return s +} + +// SetEngine sets the Engine field's value. +func (s *DBClusterAutomatedBackup) SetEngine(v string) *DBClusterAutomatedBackup { + s.Engine = &v + return s +} + +// SetEngineMode sets the EngineMode field's value. +func (s *DBClusterAutomatedBackup) SetEngineMode(v string) *DBClusterAutomatedBackup { + s.EngineMode = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *DBClusterAutomatedBackup) SetEngineVersion(v string) *DBClusterAutomatedBackup { + s.EngineVersion = &v + return s +} + +// SetIAMDatabaseAuthenticationEnabled sets the IAMDatabaseAuthenticationEnabled field's value. +func (s *DBClusterAutomatedBackup) SetIAMDatabaseAuthenticationEnabled(v bool) *DBClusterAutomatedBackup { + s.IAMDatabaseAuthenticationEnabled = &v + return s +} + +// SetIops sets the Iops field's value. +func (s *DBClusterAutomatedBackup) SetIops(v int64) *DBClusterAutomatedBackup { + s.Iops = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *DBClusterAutomatedBackup) SetKmsKeyId(v string) *DBClusterAutomatedBackup { + s.KmsKeyId = &v + return s +} + +// SetLicenseModel sets the LicenseModel field's value. +func (s *DBClusterAutomatedBackup) SetLicenseModel(v string) *DBClusterAutomatedBackup { + s.LicenseModel = &v + return s +} + +// SetMasterUsername sets the MasterUsername field's value. +func (s *DBClusterAutomatedBackup) SetMasterUsername(v string) *DBClusterAutomatedBackup { + s.MasterUsername = &v + return s +} + +// SetPort sets the Port field's value. +func (s *DBClusterAutomatedBackup) SetPort(v int64) *DBClusterAutomatedBackup { + s.Port = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *DBClusterAutomatedBackup) SetRegion(v string) *DBClusterAutomatedBackup { + s.Region = &v + return s +} + +// SetRestoreWindow sets the RestoreWindow field's value. +func (s *DBClusterAutomatedBackup) SetRestoreWindow(v *RestoreWindow) *DBClusterAutomatedBackup { + s.RestoreWindow = v + return s +} + +// SetStatus sets the Status field's value. +func (s *DBClusterAutomatedBackup) SetStatus(v string) *DBClusterAutomatedBackup { + s.Status = &v + return s +} + +// SetStorageEncrypted sets the StorageEncrypted field's value. +func (s *DBClusterAutomatedBackup) SetStorageEncrypted(v bool) *DBClusterAutomatedBackup { + s.StorageEncrypted = &v + return s +} + +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *DBClusterAutomatedBackup) SetStorageThroughput(v int64) *DBClusterAutomatedBackup { + s.StorageThroughput = &v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *DBClusterAutomatedBackup) SetStorageType(v string) *DBClusterAutomatedBackup { + s.StorageType = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *DBClusterAutomatedBackup) SetVpcId(v string) *DBClusterAutomatedBackup { + s.VpcId = &v + return s +} + // This data type represents the information you need to connect to an Amazon // Aurora DB cluster. This data type is used as a response element in the following // actions: // -// * CreateDBClusterEndpoint +// - CreateDBClusterEndpoint // -// * DescribeDBClusterEndpoints +// - DescribeDBClusterEndpoints // -// * ModifyDBClusterEndpoint +// - ModifyDBClusterEndpoint // -// * DeleteDBClusterEndpoint +// - DeleteDBClusterEndpoint // // For the data structure that represents Amazon RDS DB instance endpoints, // see Endpoint. @@ -21362,12 +29359,20 @@ type DBClusterEndpoint struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterEndpoint) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterEndpoint) GoString() string { return s.String() } @@ -21443,8 +29448,8 @@ type DBClusterMember struct { // Specifies the instance identifier for this member of the DB cluster. DBInstanceIdentifier *string `type:"string"` - // Value that is true if the cluster member is the primary instance for the - // DB cluster and false otherwise. + // Indicates whether the cluster member is the primary DB instance for the DB + // cluster. IsClusterWriter *bool `type:"boolean"` // A value that specifies the order in which an Aurora Replica is promoted to @@ -21454,12 +29459,20 @@ type DBClusterMember struct { PromotionTier *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterMember) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterMember) GoString() string { return s.String() } @@ -21499,12 +29512,20 @@ type DBClusterOptionGroupStatus struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterOptionGroupStatus) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterOptionGroupStatus) GoString() string { return s.String() } @@ -21543,12 +29564,20 @@ type DBClusterParameterGroup struct { Description *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterParameterGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterParameterGroup) GoString() string { return s.String() } @@ -21594,12 +29623,20 @@ type DBClusterParameterGroupNameMessage struct { DBClusterParameterGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterParameterGroupNameMessage) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterParameterGroupNameMessage) GoString() string { return s.String() } @@ -21610,13 +29647,14 @@ func (s *DBClusterParameterGroupNameMessage) SetDBClusterParameterGroupName(v st return s } -// Describes an AWS Identity and Access Management (IAM) role that is associated -// with a DB cluster. +// Describes an Amazon Web Services Identity and Access Management (IAM) role +// that is associated with a DB cluster. type DBClusterRole struct { _ struct{} `type:"structure"` - // The name of the feature associated with the AWS Identity and Access Management - // (IAM) role. For the list of supported feature names, see DBEngineVersion. + // The name of the feature associated with the Amazon Web Services Identity + // and Access Management (IAM) role. For information about supported feature + // names, see DBEngineVersion. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role that is associated with the @@ -21627,22 +29665,30 @@ type DBClusterRole struct { // The Status property returns one of the following values: // // * ACTIVE - the IAM role ARN is associated with the DB cluster and can - // be used to access other AWS services on your behalf. + // be used to access other Amazon Web Services on your behalf. // // * PENDING - the IAM role ARN is being associated with the DB cluster. // // * INVALID - the IAM role ARN is associated with the DB cluster, but the - // DB cluster is unable to assume the IAM role in order to access other AWS - // services on your behalf. + // DB cluster is unable to assume the IAM role in order to access other Amazon + // Web Services on your behalf. Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterRole) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterRole) GoString() string { return s.String() } @@ -21672,62 +29718,69 @@ func (s *DBClusterRole) SetStatus(v string) *DBClusterRole { type DBClusterSnapshot struct { _ struct{} `type:"structure"` - // Specifies the allocated storage size in gibibytes (GiB). + // The allocated storage size of the DB cluster snapshot in gibibytes (GiB). AllocatedStorage *int64 `type:"integer"` - // Provides the list of Availability Zones (AZs) where instances in the DB cluster - // snapshot can be restored. + // The list of Availability Zones (AZs) where instances in the DB cluster snapshot + // can be restored. AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` - // Specifies the time when the DB cluster was created, in Universal Coordinated - // Time (UTC). + // The time when the DB cluster was created, in Universal Coordinated Time (UTC). ClusterCreateTime *time.Time `type:"timestamp"` - // Specifies the DB cluster identifier of the DB cluster that this DB cluster - // snapshot was created from. + // The DB cluster identifier of the DB cluster that this DB cluster snapshot + // was created from. DBClusterIdentifier *string `type:"string"` // The Amazon Resource Name (ARN) for the DB cluster snapshot. DBClusterSnapshotArn *string `type:"string"` - // Specifies the identifier for the DB cluster snapshot. + // The identifier for the DB cluster snapshot. DBClusterSnapshotIdentifier *string `type:"string"` - // Specifies the name of the database engine. + // Reserved for future use. + DBSystemId *string `type:"string"` + + // The resource ID of the DB cluster that this DB cluster snapshot was created + // from. + DbClusterResourceId *string `type:"string"` + + // The name of the database engine for this DB cluster snapshot. Engine *string `type:"string"` - // Provides the version of the database engine for this DB cluster snapshot. + // The engine mode of the database engine for this DB cluster snapshot. + EngineMode *string `type:"string"` + + // The version of the database engine for this DB cluster snapshot. EngineVersion *string `type:"string"` - // True if mapping of AWS Identity and Access Management (IAM) accounts to database - // accounts is enabled, and otherwise false. + // Indicates whether mapping of Amazon Web Services Identity and Access Management + // (IAM) accounts to database accounts is enabled. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` - // If StorageEncrypted is true, the AWS KMS key identifier for the encrypted - // DB cluster snapshot. + // If StorageEncrypted is true, the Amazon Web Services KMS key identifier for + // the encrypted DB cluster snapshot. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` - // Provides the license model information for this DB cluster snapshot. + // The license model information for this DB cluster snapshot. LicenseModel *string `type:"string"` - // Provides the master username for the DB cluster snapshot. + // The master username for this DB cluster snapshot. MasterUsername *string `type:"string"` - // Specifies the percentage of the estimated data that has been transferred. + // The percentage of the estimated data that has been transferred. PercentProgress *int64 `type:"integer"` - // Specifies the port that the DB cluster was listening on at the time of the - // snapshot. + // The port that the DB cluster was listening on at the time of the snapshot. Port *int64 `type:"integer"` - // Provides the time when the snapshot was taken, in Universal Coordinated Time - // (UTC). + // The time when the snapshot was taken, in Universal Coordinated Time (UTC). SnapshotCreateTime *time.Time `type:"timestamp"` - // Provides the type of the DB cluster snapshot. + // The type of the DB cluster snapshot. SnapshotType *string `type:"string"` // If the DB cluster snapshot was copied from a source DB cluster snapshot, @@ -21735,26 +29788,51 @@ type DBClusterSnapshot struct { // a null value. SourceDBClusterSnapshotArn *string `type:"string"` - // Specifies the status of this DB cluster snapshot. + // The status of this DB cluster snapshot. Valid statuses are the following: + // + // * available + // + // * copying + // + // * creating Status *string `type:"string"` - // Specifies whether the DB cluster snapshot is encrypted. + // Indicates whether the DB cluster snapshot is encrypted. StorageEncrypted *bool `type:"boolean"` + // The storage throughput for the DB cluster snapshot. The throughput is automatically + // set based on the IOPS that you provision, and is not configurable. + // + // This setting is only for non-Aurora Multi-AZ DB clusters. + StorageThroughput *int64 `type:"integer"` + + // The storage type associated with the DB cluster snapshot. + // + // This setting is only for Aurora DB clusters. + StorageType *string `type:"string"` + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. TagList []*Tag `locationNameList:"Tag" type:"list"` - // Provides the VPC ID associated with the DB cluster snapshot. + // The VPC ID associated with the DB cluster snapshot. VpcId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterSnapshot) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterSnapshot) GoString() string { return s.String() } @@ -21795,12 +29873,30 @@ func (s *DBClusterSnapshot) SetDBClusterSnapshotIdentifier(v string) *DBClusterS return s } +// SetDBSystemId sets the DBSystemId field's value. +func (s *DBClusterSnapshot) SetDBSystemId(v string) *DBClusterSnapshot { + s.DBSystemId = &v + return s +} + +// SetDbClusterResourceId sets the DbClusterResourceId field's value. +func (s *DBClusterSnapshot) SetDbClusterResourceId(v string) *DBClusterSnapshot { + s.DbClusterResourceId = &v + return s +} + // SetEngine sets the Engine field's value. func (s *DBClusterSnapshot) SetEngine(v string) *DBClusterSnapshot { s.Engine = &v return s } +// SetEngineMode sets the EngineMode field's value. +func (s *DBClusterSnapshot) SetEngineMode(v string) *DBClusterSnapshot { + s.EngineMode = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *DBClusterSnapshot) SetEngineVersion(v string) *DBClusterSnapshot { s.EngineVersion = &v @@ -21873,6 +29969,18 @@ func (s *DBClusterSnapshot) SetStorageEncrypted(v bool) *DBClusterSnapshot { return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *DBClusterSnapshot) SetStorageThroughput(v int64) *DBClusterSnapshot { + s.StorageThroughput = &v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *DBClusterSnapshot) SetStorageType(v string) *DBClusterSnapshot { + s.StorageType = &v + return s +} + // SetTagList sets the TagList field's value. func (s *DBClusterSnapshot) SetTagList(v []*Tag) *DBClusterSnapshot { s.TagList = v @@ -21887,35 +29995,43 @@ func (s *DBClusterSnapshot) SetVpcId(v string) *DBClusterSnapshot { // Contains the name and values of a manual DB cluster snapshot attribute. // -// Manual DB cluster snapshot attributes are used to authorize other AWS accounts -// to restore a manual DB cluster snapshot. For more information, see the ModifyDBClusterSnapshotAttribute -// API action. +// Manual DB cluster snapshot attributes are used to authorize other Amazon +// Web Services accounts to restore a manual DB cluster snapshot. For more information, +// see the ModifyDBClusterSnapshotAttribute API action. type DBClusterSnapshotAttribute struct { _ struct{} `type:"structure"` // The name of the manual DB cluster snapshot attribute. // - // The attribute named restore refers to the list of AWS accounts that have - // permission to copy or restore the manual DB cluster snapshot. For more information, - // see the ModifyDBClusterSnapshotAttribute API action. + // The attribute named restore refers to the list of Amazon Web Services accounts + // that have permission to copy or restore the manual DB cluster snapshot. For + // more information, see the ModifyDBClusterSnapshotAttribute API action. AttributeName *string `type:"string"` // The value(s) for the manual DB cluster snapshot attribute. // // If the AttributeName field is set to restore, then this element returns a - // list of IDs of the AWS accounts that are authorized to copy or restore the - // manual DB cluster snapshot. If a value of all is in the list, then the manual - // DB cluster snapshot is public and available for any AWS account to copy or - // restore. + // list of IDs of the Amazon Web Services accounts that are authorized to copy + // or restore the manual DB cluster snapshot. If a value of all is in the list, + // then the manual DB cluster snapshot is public and available for any Amazon + // Web Services account to copy or restore. AttributeValues []*string `locationNameList:"AttributeValue" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterSnapshotAttribute) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterSnapshotAttribute) GoString() string { return s.String() } @@ -21935,9 +30051,9 @@ func (s *DBClusterSnapshotAttribute) SetAttributeValues(v []*string) *DBClusterS // Contains the results of a successful call to the DescribeDBClusterSnapshotAttributes // API action. // -// Manual DB cluster snapshot attributes are used to authorize other AWS accounts -// to copy or restore a manual DB cluster snapshot. For more information, see -// the ModifyDBClusterSnapshotAttribute API action. +// Manual DB cluster snapshot attributes are used to authorize other Amazon +// Web Services accounts to copy or restore a manual DB cluster snapshot. For +// more information, see the ModifyDBClusterSnapshotAttribute API action. type DBClusterSnapshotAttributesResult struct { _ struct{} `type:"structure"` @@ -21949,12 +30065,20 @@ type DBClusterSnapshotAttributesResult struct { DBClusterSnapshotIdentifier *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterSnapshotAttributesResult) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBClusterSnapshotAttributesResult) GoString() string { return s.String() } @@ -21971,19 +30095,104 @@ func (s *DBClusterSnapshotAttributesResult) SetDBClusterSnapshotIdentifier(v str return s } +// Reserved for future use. +type DBClusterStatusInfo struct { + _ struct{} `type:"structure"` + + // Reserved for future use. + Message *string `type:"string"` + + // Reserved for future use. + Normal *bool `type:"boolean"` + + // Reserved for future use. + Status *string `type:"string"` + + // Reserved for future use. + StatusType *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBClusterStatusInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBClusterStatusInfo) GoString() string { + return s.String() +} + +// SetMessage sets the Message field's value. +func (s *DBClusterStatusInfo) SetMessage(v string) *DBClusterStatusInfo { + s.Message = &v + return s +} + +// SetNormal sets the Normal field's value. +func (s *DBClusterStatusInfo) SetNormal(v bool) *DBClusterStatusInfo { + s.Normal = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *DBClusterStatusInfo) SetStatus(v string) *DBClusterStatusInfo { + s.Status = &v + return s +} + +// SetStatusType sets the StatusType field's value. +func (s *DBClusterStatusInfo) SetStatusType(v string) *DBClusterStatusInfo { + s.StatusType = &v + return s +} + // This data type is used as a response element in the action DescribeDBEngineVersions. type DBEngineVersion struct { _ struct{} `type:"structure"` + // The creation time of the DB engine version. + CreateTime *time.Time `type:"timestamp"` + + // JSON string that lists the installation files and parameters that RDS Custom + // uses to create a custom engine version (CEV). RDS Custom applies the patches + // in the order in which they're listed in the manifest. You can set the Oracle + // home, Oracle base, and UNIX/Linux user and group using the installation parameters. + // For more information, see JSON fields in the CEV manifest (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.preparing.html#custom-cev.preparing.manifest.fields) + // in the Amazon RDS User Guide. + CustomDBEngineVersionManifest *string `min:"1" type:"string"` + // The description of the database engine. DBEngineDescription *string `type:"string"` + // A value that indicates the source media provider of the AMI based on the + // usage operation. Applicable for RDS Custom for SQL Server. + DBEngineMediaType *string `type:"string"` + + // The ARN of the custom engine version. + DBEngineVersionArn *string `type:"string"` + // The description of the database engine version. DBEngineVersionDescription *string `type:"string"` // The name of the DB parameter group family for the database engine. DBParameterGroupFamily *string `type:"string"` + // The name of the Amazon S3 bucket that contains your database installation + // files. + DatabaseInstallationFilesS3BucketName *string `type:"string"` + + // The Amazon S3 directory that contains the database installation files. If + // not specified, then no prefix is assumed. + DatabaseInstallationFilesS3Prefix *string `type:"string"` + // The default character set for new instances of this engine version, if the // CharacterSetName parameter of the CreateDBInstance API isn't specified. DefaultCharacterSet *CharacterSet `type:"structure"` @@ -21998,9 +30207,28 @@ type DBEngineVersion struct { // Logs. ExportableLogTypes []*string `type:"list"` + // The EC2 image + Image *CustomDBEngineVersionAMI `type:"structure"` + + // The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter + // is required for RDS Custom, but optional for Amazon RDS. + KMSKeyId *string `type:"string"` + + // The major engine version of the CEV. + MajorEngineVersion *string `type:"string"` + // The status of the DB engine version, either available or deprecated. Status *string `type:"string"` + // A list of the supported CA certificate identifiers. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + SupportedCACertificateIdentifiers []*string `type:"list"` + // A list of the character sets supported by this engine for the CharacterSetName // parameter of the CreateDBInstance operation. SupportedCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` @@ -22008,10 +30236,22 @@ type DBEngineVersion struct { // A list of the supported DB engine modes. SupportedEngineModes []*string `type:"list"` - // A list of features supported by the DB engine. Supported feature names include - // the following. + // A list of features supported by the DB engine. + // + // The supported features vary by DB engine and DB engine version. // - // * s3Import + // To determine the supported features for a specific DB engine and DB engine + // version using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine --engine-version + // + // + // For example, to determine the supported features for RDS for PostgreSQL version + // 13.3 using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine postgres --engine-version 13.3 + // + // The supported features are listed under SupportedFeatureNames in the output. SupportedFeatureNames []*string `type:"list"` // A list of the character sets supported by the Oracle DB engine for the NcharCharacterSetName @@ -22022,42 +30262,99 @@ type DBEngineVersion struct { // of the CreateDBInstance action. SupportedTimezones []*Timezone `locationNameList:"Timezone" type:"list"` - // A value that indicates whether you can use Aurora global databases with a - // specific DB engine version. + // Indicates whether the engine version supports Babelfish for Aurora PostgreSQL. + SupportsBabelfish *bool `type:"boolean"` + + // Indicates whether the engine version supports rotating the server certificate + // without rebooting the DB instance. + SupportsCertificateRotationWithoutRestart *bool `type:"boolean"` + + // Indicates whether you can use Aurora global databases with a specific DB + // engine version. SupportsGlobalDatabases *bool `type:"boolean"` - // A value that indicates whether the engine version supports exporting the - // log types specified by ExportableLogTypes to CloudWatch Logs. + // Indicates whether the DB engine version supports zero-ETL integrations with + // Amazon Redshift. + SupportsIntegrations *bool `type:"boolean"` + + // Indicates whether the DB engine version supports Aurora Limitless Database. + SupportsLimitlessDatabase *bool `type:"boolean"` + + // Indicates whether the DB engine version supports forwarding write operations + // from reader DB instances to the writer DB instance in the DB cluster. By + // default, write operations aren't allowed on reader DB instances. + // + // Valid for: Aurora DB clusters only + SupportsLocalWriteForwarding *bool `type:"boolean"` + + // Indicates whether the engine version supports exporting the log types specified + // by ExportableLogTypes to CloudWatch Logs. SupportsLogExportsToCloudwatchLogs *bool `type:"boolean"` - // A value that indicates whether you can use Aurora parallel query with a specific - // DB engine version. + // Indicates whether you can use Aurora parallel query with a specific DB engine + // version. SupportsParallelQuery *bool `type:"boolean"` // Indicates whether the database engine version supports read replicas. SupportsReadReplica *bool `type:"boolean"` + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + TagList []*Tag `locationNameList:"Tag" type:"list"` + // A list of engine versions that this database engine version can be upgraded // to. ValidUpgradeTarget []*UpgradeTarget `locationNameList:"UpgradeTarget" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBEngineVersion) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBEngineVersion) GoString() string { return s.String() } +// SetCreateTime sets the CreateTime field's value. +func (s *DBEngineVersion) SetCreateTime(v time.Time) *DBEngineVersion { + s.CreateTime = &v + return s +} + +// SetCustomDBEngineVersionManifest sets the CustomDBEngineVersionManifest field's value. +func (s *DBEngineVersion) SetCustomDBEngineVersionManifest(v string) *DBEngineVersion { + s.CustomDBEngineVersionManifest = &v + return s +} + // SetDBEngineDescription sets the DBEngineDescription field's value. func (s *DBEngineVersion) SetDBEngineDescription(v string) *DBEngineVersion { s.DBEngineDescription = &v return s } +// SetDBEngineMediaType sets the DBEngineMediaType field's value. +func (s *DBEngineVersion) SetDBEngineMediaType(v string) *DBEngineVersion { + s.DBEngineMediaType = &v + return s +} + +// SetDBEngineVersionArn sets the DBEngineVersionArn field's value. +func (s *DBEngineVersion) SetDBEngineVersionArn(v string) *DBEngineVersion { + s.DBEngineVersionArn = &v + return s +} + // SetDBEngineVersionDescription sets the DBEngineVersionDescription field's value. func (s *DBEngineVersion) SetDBEngineVersionDescription(v string) *DBEngineVersion { s.DBEngineVersionDescription = &v @@ -22070,6 +30367,18 @@ func (s *DBEngineVersion) SetDBParameterGroupFamily(v string) *DBEngineVersion { return s } +// SetDatabaseInstallationFilesS3BucketName sets the DatabaseInstallationFilesS3BucketName field's value. +func (s *DBEngineVersion) SetDatabaseInstallationFilesS3BucketName(v string) *DBEngineVersion { + s.DatabaseInstallationFilesS3BucketName = &v + return s +} + +// SetDatabaseInstallationFilesS3Prefix sets the DatabaseInstallationFilesS3Prefix field's value. +func (s *DBEngineVersion) SetDatabaseInstallationFilesS3Prefix(v string) *DBEngineVersion { + s.DatabaseInstallationFilesS3Prefix = &v + return s +} + // SetDefaultCharacterSet sets the DefaultCharacterSet field's value. func (s *DBEngineVersion) SetDefaultCharacterSet(v *CharacterSet) *DBEngineVersion { s.DefaultCharacterSet = v @@ -22094,12 +30403,36 @@ func (s *DBEngineVersion) SetExportableLogTypes(v []*string) *DBEngineVersion { return s } +// SetImage sets the Image field's value. +func (s *DBEngineVersion) SetImage(v *CustomDBEngineVersionAMI) *DBEngineVersion { + s.Image = v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *DBEngineVersion) SetKMSKeyId(v string) *DBEngineVersion { + s.KMSKeyId = &v + return s +} + +// SetMajorEngineVersion sets the MajorEngineVersion field's value. +func (s *DBEngineVersion) SetMajorEngineVersion(v string) *DBEngineVersion { + s.MajorEngineVersion = &v + return s +} + // SetStatus sets the Status field's value. func (s *DBEngineVersion) SetStatus(v string) *DBEngineVersion { s.Status = &v return s } +// SetSupportedCACertificateIdentifiers sets the SupportedCACertificateIdentifiers field's value. +func (s *DBEngineVersion) SetSupportedCACertificateIdentifiers(v []*string) *DBEngineVersion { + s.SupportedCACertificateIdentifiers = v + return s +} + // SetSupportedCharacterSets sets the SupportedCharacterSets field's value. func (s *DBEngineVersion) SetSupportedCharacterSets(v []*CharacterSet) *DBEngineVersion { s.SupportedCharacterSets = v @@ -22130,12 +30463,42 @@ func (s *DBEngineVersion) SetSupportedTimezones(v []*Timezone) *DBEngineVersion return s } +// SetSupportsBabelfish sets the SupportsBabelfish field's value. +func (s *DBEngineVersion) SetSupportsBabelfish(v bool) *DBEngineVersion { + s.SupportsBabelfish = &v + return s +} + +// SetSupportsCertificateRotationWithoutRestart sets the SupportsCertificateRotationWithoutRestart field's value. +func (s *DBEngineVersion) SetSupportsCertificateRotationWithoutRestart(v bool) *DBEngineVersion { + s.SupportsCertificateRotationWithoutRestart = &v + return s +} + // SetSupportsGlobalDatabases sets the SupportsGlobalDatabases field's value. func (s *DBEngineVersion) SetSupportsGlobalDatabases(v bool) *DBEngineVersion { s.SupportsGlobalDatabases = &v return s } +// SetSupportsIntegrations sets the SupportsIntegrations field's value. +func (s *DBEngineVersion) SetSupportsIntegrations(v bool) *DBEngineVersion { + s.SupportsIntegrations = &v + return s +} + +// SetSupportsLimitlessDatabase sets the SupportsLimitlessDatabase field's value. +func (s *DBEngineVersion) SetSupportsLimitlessDatabase(v bool) *DBEngineVersion { + s.SupportsLimitlessDatabase = &v + return s +} + +// SetSupportsLocalWriteForwarding sets the SupportsLocalWriteForwarding field's value. +func (s *DBEngineVersion) SetSupportsLocalWriteForwarding(v bool) *DBEngineVersion { + s.SupportsLocalWriteForwarding = &v + return s +} + // SetSupportsLogExportsToCloudwatchLogs sets the SupportsLogExportsToCloudwatchLogs field's value. func (s *DBEngineVersion) SetSupportsLogExportsToCloudwatchLogs(v bool) *DBEngineVersion { s.SupportsLogExportsToCloudwatchLogs = &v @@ -22154,6 +30517,12 @@ func (s *DBEngineVersion) SetSupportsReadReplica(v bool) *DBEngineVersion { return s } +// SetTagList sets the TagList field's value. +func (s *DBEngineVersion) SetTagList(v []*Tag) *DBEngineVersion { + s.TagList = v + return s +} + // SetValidUpgradeTarget sets the ValidUpgradeTarget field's value. func (s *DBEngineVersion) SetValidUpgradeTarget(v []*UpgradeTarget) *DBEngineVersion { s.ValidUpgradeTarget = v @@ -22162,44 +30531,127 @@ func (s *DBEngineVersion) SetValidUpgradeTarget(v []*UpgradeTarget) *DBEngineVer // Contains the details of an Amazon RDS DB instance. // -// This data type is used as a response element in the DescribeDBInstances action. +// This data type is used as a response element in the operations CreateDBInstance, +// CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, +// PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, +// RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. type DBInstance struct { _ struct{} `type:"structure"` - // Specifies the allocated storage size specified in gibibytes. + // Indicates whether engine-native audit fields are included in the database + // activity stream. + ActivityStreamEngineNativeAuditFieldsIncluded *bool `type:"boolean"` + + // The name of the Amazon Kinesis data stream used for the database activity + // stream. + ActivityStreamKinesisStreamName *string `type:"string"` + + // The Amazon Web Services KMS key identifier used for encrypting messages in + // the database activity stream. The Amazon Web Services KMS key identifier + // is the key ARN, key ID, alias ARN, or alias name for the KMS key. + ActivityStreamKmsKeyId *string `type:"string"` + + // The mode of the database activity stream. Database events such as a change + // or access generate an activity stream event. RDS for Oracle always handles + // these events asynchronously. + ActivityStreamMode *string `type:"string" enum:"ActivityStreamMode"` + + // The status of the policy state of the activity stream. + ActivityStreamPolicyStatus *string `type:"string" enum:"ActivityStreamPolicyStatus"` + + // The status of the database activity stream. + ActivityStreamStatus *string `type:"string" enum:"ActivityStreamStatus"` + + // The amount of storage in gibibytes (GiB) allocated for the DB instance. AllocatedStorage *int64 `type:"integer"` - // The AWS Identity and Access Management (IAM) roles associated with the DB - // instance. + // The Amazon Web Services Identity and Access Management (IAM) roles associated + // with the DB instance. AssociatedRoles []*DBInstanceRole `locationNameList:"DBInstanceRole" type:"list"` - // Indicates that minor version patches are applied automatically. + // Indicates whether minor version patches are applied automatically. AutoMinorVersionUpgrade *bool `type:"boolean"` - // Specifies the name of the Availability Zone the DB instance is located in. + // The time when a stopped DB instance is restarted automatically. + AutomaticRestartTime *time.Time `type:"timestamp"` + + // The automation mode of the RDS Custom DB instance: full or all paused. If + // full, the DB instance automates monitoring and instance recovery. If all + // paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes. + AutomationMode *string `type:"string" enum:"AutomationMode"` + + // The name of the Availability Zone where the DB instance is located. AvailabilityZone *string `type:"string"` - // Specifies the number of days for which automatic DB snapshots are retained. + // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services + // Backup. + AwsBackupRecoveryPointArn *string `type:"string"` + + // The number of days for which automatic DB snapshots are retained. BackupRetentionPeriod *int64 `type:"integer"` + // The location where automated backups and manual snapshots are stored: Amazon + // Web Services Outposts or the Amazon Web Services Region. + BackupTarget *string `type:"string"` + // The identifier of the CA certificate for this DB instance. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. CACertificateIdentifier *string `type:"string"` + // The details of the DB instance's server certificate. + CertificateDetails *CertificateDetails `type:"structure"` + // If present, specifies the name of the character set that this instance is // associated with. CharacterSetName *string `type:"string"` - // Specifies whether tags are copied from the DB instance to snapshots of the + // Indicates whether tags are copied from the DB instance to snapshots of the // DB instance. // - // Amazon Aurora - // - // Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting - // this value for an Aurora DB instance has no effect on the DB cluster setting. - // For more information, see DBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. Copying tags to + // snapshots is managed by the DB cluster. Setting this value for an Aurora + // DB instance has no effect on the DB cluster setting. For more information, + // see DBCluster. CopyTagsToSnapshot *bool `type:"boolean"` - // If the DB instance is a member of a DB cluster, contains the name of the + // The instance profile associated with the underlying Amazon EC2 instance of + // an RDS Custom DB instance. The instance profile must meet the following requirements: + // + // * The profile must exist in your account. + // + // * The profile must have an IAM role that Amazon EC2 has permissions to + // assume. + // + // * The instance profile name and the associated IAM role name must start + // with the prefix AWSRDSCustom. + // + // For the list of permissions required for the IAM role, see Configure IAM + // and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) + // in the Amazon RDS User Guide. + CustomIamInstanceProfile *string `type:"string"` + + // Indicates whether a customer-owned IP address (CoIP) is enabled for an RDS + // on Outposts DB instance. + // + // A CoIP provides local or external connectivity to resources in your Outpost + // subnets through your on-premises network. For some use cases, a CoIP can + // provide lower latency for connections to the DB instance from outside of + // its virtual private cloud (VPC) on your local network. + // + // For more information about RDS on Outposts, see Working with Amazon RDS on + // Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + // + // For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + // in the Amazon Web Services Outposts User Guide. + CustomerOwnedIpEnabled *bool `type:"boolean"` + + // If the DB instance is a member of a DB cluster, indicates the name of the // DB cluster that the DB instance is a member of. DBClusterIdentifier *string `type:"string"` @@ -22209,57 +30661,55 @@ type DBInstance struct { // The list of replicated automated backups associated with the DB instance. DBInstanceAutomatedBackupsReplications []*DBInstanceAutomatedBackupsReplication `locationNameList:"DBInstanceAutomatedBackupsReplication" type:"list"` - // Contains the name of the compute and memory capacity class of the DB instance. + // The name of the compute and memory capacity class of the DB instance. DBInstanceClass *string `type:"string"` - // Contains a user-supplied database identifier. This identifier is the unique - // key that identifies a DB instance. + // The user-supplied database identifier. This identifier is the unique key + // that identifies a DB instance. DBInstanceIdentifier *string `type:"string"` - // Specifies the current state of this database. + // The current state of this database. // - // For information about DB instance statuses, see DB Instance Status (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Status.html) + // For information about DB instance statuses, see Viewing DB instance status + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/accessing-monitoring.html#Overview.DBInstance.Status) // in the Amazon RDS User Guide. DBInstanceStatus *string `type:"string"` - // The meaning of this parameter differs according to the database engine you - // use. - // - // MySQL, MariaDB, SQL Server, PostgreSQL - // - // Contains the name of the initial database of this instance that was provided - // at create time, if one was specified when the DB instance was created. This - // same name is returned for the life of the DB instance. - // - // Type: String - // - // Oracle - // - // Contains the Oracle System ID (SID) of the created DB instance. Not shown - // when the returned parameters do not apply to an Oracle DB instance. + // The initial database name that you provided (if required) when you created + // the DB instance. This name is returned for the life of your DB instance. + // For an RDS for Oracle CDB instance, the name identifies the PDB rather than + // the CDB. DBName *string `type:"string"` - // Provides the list of DB parameter groups applied to this DB instance. + // The list of DB parameter groups applied to this DB instance. DBParameterGroups []*DBParameterGroupStatus `locationNameList:"DBParameterGroup" type:"list"` // A list of DB security group elements containing DBSecurityGroup.Name and // DBSecurityGroup.Status subelements. DBSecurityGroups []*DBSecurityGroupMembership `locationNameList:"DBSecurityGroup" type:"list"` - // Specifies information on the subnet group associated with the DB instance, - // including the name, description, and subnets in the subnet group. + // Information about the subnet group associated with the DB instance, including + // the name, description, and subnets in the subnet group. DBSubnetGroup *DBSubnetGroup `type:"structure"` - // Specifies the port that the DB instance listens on. If the DB instance is - // part of a DB cluster, this can be a different port than the DB cluster port. + // The Oracle system ID (Oracle SID) for a container database (CDB). The Oracle + // SID is also the name of the CDB. This setting is only valid for RDS Custom + // DB instances. + DBSystemId *string `type:"string"` + + // The port that the DB instance listens on. If the DB instance is part of a + // DB cluster, this can be a different port than the DB cluster port. DbInstancePort *int64 `type:"integer"` - // The AWS Region-unique, immutable identifier for the DB instance. This identifier - // is found in AWS CloudTrail log entries whenever the AWS KMS customer master - // key (CMK) for the DB instance is accessed. + // The Amazon Web Services Region-unique, immutable identifier for the DB instance. + // This identifier is found in Amazon Web Services CloudTrail log entries whenever + // the Amazon Web Services KMS key for the DB instance is accessed. DbiResourceId *string `type:"string"` - // Indicates if the DB instance has deletion protection enabled. The database + // Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DedicatedLogVolume *bool `type:"boolean"` + + // Indicates whether the DB instance has deletion protection enabled. The database // can't be deleted when deletion protection is enabled. For more information, // see Deleting a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). DeletionProtection *bool `type:"boolean"` @@ -22271,64 +30721,83 @@ type DBInstance struct { // Logs. // // Log types vary by DB engine. For information about the log types for each - // DB engine, see Amazon RDS Database Log Files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html) + // DB engine, see Monitoring Amazon RDS log files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html) // in the Amazon RDS User Guide. EnabledCloudwatchLogsExports []*string `type:"list"` - // Specifies the connection endpoint. + // The connection endpoint for the DB instance. + // + // The endpoint might not be shown for instances with the status of creating. Endpoint *Endpoint `type:"structure"` - // The name of the database engine to be used for this DB instance. + // The database engine used for this DB instance. Engine *string `type:"string"` - // Indicates the database engine version. + // The life cycle type for the DB instance. + // + // For more information, see CreateDBInstance. + EngineLifecycleSupport *string `type:"string"` + + // The version of the database engine. EngineVersion *string `type:"string"` // The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log stream that // receives the Enhanced Monitoring metrics data for the DB instance. EnhancedMonitoringResourceArn *string `type:"string"` - // True if mapping of AWS Identity and Access Management (IAM) accounts to database - // accounts is enabled, and otherwise false. - // - // IAM database authentication can be enabled for the following database engines - // - // * For MySQL 5.6, minor version 5.6.34 or higher + // Indicates whether mapping of Amazon Web Services Identity and Access Management + // (IAM) accounts to database accounts is enabled for the DB instance. // - // * For MySQL 5.7, minor version 5.7.16 or higher - // - // * Aurora 5.6 or higher. To enable IAM database authentication for Aurora, - // see DBCluster Type. + // For a list of engine versions that support IAM database authentication, see + // IAM database authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RDS_Fea_Regions_DB-eng.Feature.IamDatabaseAuthentication.html) + // in the Amazon RDS User Guide and IAM database authentication in Aurora (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.Aurora_Fea_Regions_DB-eng.Feature.IAMdbauth.html) + // in the Amazon Aurora User Guide. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` - // Provides the date and time the DB instance was created. + // The date and time when the DB instance was created. InstanceCreateTime *time.Time `type:"timestamp"` - // Specifies the Provisioned IOPS (I/O operations per second) value. + // The Provisioned IOPS (I/O operations per second) value for the DB instance. Iops *int64 `type:"integer"` - // If StorageEncrypted is true, the AWS KMS key identifier for the encrypted - // DB instance. + // Indicates whether an upgrade is recommended for the storage file system configuration + // on the DB instance. To migrate to the preferred configuration, you can either + // create a blue/green deployment, or create a read replica from the DB instance. + // For more information, see Upgrading the storage file system for a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.UpgradeFileSystem). + IsStorageConfigUpgradeAvailable *bool `type:"boolean"` + + // If StorageEncrypted is enabled, the Amazon Web Services KMS key identifier + // for the encrypted DB instance. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` - // Specifies the latest time to which a database can be restored with point-in-time - // restore. + // The latest time to which a database in this DB instance can be restored with + // point-in-time restore. LatestRestorableTime *time.Time `type:"timestamp"` - // License model information for this DB instance. + // The license model information for this DB instance. This setting doesn't + // apply to Amazon Aurora or RDS Custom DB instances. LicenseModel *string `type:"string"` - // Specifies the listener connection endpoint for SQL Server Always On. + // The listener connection endpoint for SQL Server Always On. ListenerEndpoint *Endpoint `type:"structure"` - // Contains the master username for the DB instance. + // The secret managed by RDS in Amazon Web Services Secrets Manager for the + // master user password. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide. + MasterUserSecret *MasterUserSecret `type:"structure"` + + // The master username for the DB instance. MasterUsername *string `type:"string"` - // The upper limit to which Amazon RDS can automatically scale the storage of - // the DB instance. + // The upper limit in gibibytes (GiB) to which Amazon RDS can automatically + // scale the storage of the DB instance. MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics @@ -22339,61 +30808,94 @@ type DBInstance struct { // to Amazon CloudWatch Logs. MonitoringRoleArn *string `type:"string"` - // Specifies if the DB instance is a Multi-AZ deployment. + // Indicates whether the DB instance is a Multi-AZ deployment. This setting + // doesn't apply to RDS Custom DB instances. MultiAZ *bool `type:"boolean"` + // Specifies whether the DB instance is in the multi-tenant configuration (TRUE) + // or the single-tenant configuration (FALSE). + MultiTenant *bool `type:"boolean"` + // The name of the NCHAR character set for the Oracle DB instance. This character // set specifies the Unicode encoding for data stored in table columns of type // NCHAR, NCLOB, or NVARCHAR2. NcharCharacterSetName *string `type:"string"` - // Provides the list of option group memberships for this DB instance. + // The network type of the DB instance. + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide and Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + // + // Valid Values: IPV4 | DUAL + NetworkType *string `type:"string"` + + // The list of option group memberships for this DB instance. OptionGroupMemberships []*OptionGroupMembership `locationNameList:"OptionGroupMembership" type:"list"` - // Specifies that changes to the DB instance are pending. This element is only - // included when changes are pending. Specific changes are identified by subelements. + // Information about pending changes to the DB instance. This information is + // returned only when there are pending changes. Specific changes are identified + // by subelements. PendingModifiedValues *PendingModifiedValues `type:"structure"` - // True if Performance Insights is enabled for the DB instance, and otherwise - // false. + // The progress of the storage optimization operation as a percentage. + PercentProgress *string `type:"string"` + + // Indicates whether Performance Insights is enabled for the DB instance. PerformanceInsightsEnabled *bool `type:"boolean"` - // The AWS KMS key identifier for encryption of Performance Insights data. + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. PerformanceInsightsKMSKeyId *string `type:"string"` - // The amount of time, in days, to retain Performance Insights data. Valid values - // are 7 or 731 (2 years). + // The number of days to retain Performance Insights data. + // + // Valid Values: + // + // * 7 + // + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) + // + // * 731 + // + // Default: 7 days PerformanceInsightsRetentionPeriod *int64 `type:"integer"` - // Specifies the daily time range during which automated backups are created - // if automated backups are enabled, as determined by the BackupRetentionPeriod. + // The daily time range during which automated backups are created if automated + // backups are enabled, as determined by the BackupRetentionPeriod. PreferredBackupWindow *string `type:"string"` - // Specifies the weekly time range during which system maintenance can occur, - // in Universal Coordinated Time (UTC). + // The weekly time range during which system maintenance can occur, in Universal + // Coordinated Time (UTC). PreferredMaintenanceWindow *string `type:"string"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that specifies the order in which an Aurora Replica is promoted to - // the primary instance after a failure of the existing primary instance. For - // more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + // The order of priority in which an Aurora Replica is promoted to the primary + // instance after a failure of the existing primary instance. For more information, + // see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) // in the Amazon Aurora User Guide. PromotionTier *int64 `type:"integer"` - // Specifies the accessibility options for the DB instance. + // Indicates whether the DB instance is publicly accessible. // - // When the DB instance is publicly accessible, its DNS endpoint resolves to - // the private IP address from within the DB instance's VPC, and to the public - // IP address from outside of the DB instance's VPC. Access to the DB instance - // is ultimately controlled by the security group it uses, and that public access - // is not permitted if the security group assigned to the DB instance doesn't - // permit it. + // When the DB instance is publicly accessible and you connect from outside + // of the DB instance's virtual private cloud (VPC), its Domain Name System + // (DNS) endpoint resolves to the public IP address. When you connect from within + // the same VPC as the DB instance, the endpoint resolves to the private IP + // address. Access to the DB cluster is ultimately controlled by the security + // group it uses. That public access isn't permitted if the security group assigned + // to the DB cluster doesn't permit it. // // When the DB instance isn't publicly accessible, it is an internal DB instance // with a DNS name that resolves to a private IP address. @@ -22401,21 +30903,22 @@ type DBInstance struct { // For more information, see CreateDBInstance. PubliclyAccessible *bool `type:"boolean"` - // Contains one or more identifiers of Aurora DB clusters to which the RDS DB - // instance is replicated as a read replica. For example, when you create an - // Aurora read replica of an RDS MySQL DB instance, the Aurora MySQL DB cluster - // for the Aurora read replica is shown. This output does not contain information - // about cross region Aurora read replicas. + // The identifiers of Aurora DB clusters to which the RDS DB instance is replicated + // as a read replica. For example, when you create an Aurora read replica of + // an RDS for MySQL DB instance, the Aurora MySQL DB cluster for the Aurora + // read replica is shown. This output doesn't contain information about cross-Region + // Aurora read replicas. // // Currently, each RDS DB instance can have only one Aurora read replica. ReadReplicaDBClusterIdentifiers []*string `locationNameList:"ReadReplicaDBClusterIdentifier" type:"list"` - // Contains one or more identifiers of the read replicas associated with this - // DB instance. + // The identifiers of the read replicas associated with this DB instance. ReadReplicaDBInstanceIdentifiers []*string `locationNameList:"ReadReplicaDBInstanceIdentifier" type:"list"` - // Contains the identifier of the source DB instance if this DB instance is - // a read replica. + // The identifier of the source DB cluster if this DB instance is a read replica. + ReadReplicaSourceDBClusterIdentifier *string `type:"string"` + + // The identifier of the source DB instance if this DB instance is a read replica. ReadReplicaSourceDBInstanceIdentifier *string `type:"string"` // The open mode of an Oracle read replica. The default is open-read-only. For @@ -22425,18 +30928,28 @@ type DBInstance struct { // This attribute is only supported in RDS for Oracle. ReplicaMode *string `type:"string" enum:"ReplicaMode"` + // The number of minutes to pause the automation. When the time period ends, + // RDS Custom resumes full automation. The minimum value is 60 (default). The + // maximum value is 1,440. + ResumeFullAutomationModeTime *time.Time `type:"timestamp"` + // If present, specifies the name of the secondary Availability Zone for a DB // instance with multi-AZ support. SecondaryAvailabilityZone *string `type:"string"` - // The status of a read replica. If the instance isn't a read replica, this - // is blank. + // The status of a read replica. If the DB instance isn't a read replica, the + // value is blank. StatusInfos []*DBInstanceStatusInfo `locationNameList:"DBInstanceStatusInfo" type:"list"` - // Specifies whether the DB instance is encrypted. + // Indicates whether the DB instance is encrypted. StorageEncrypted *bool `type:"boolean"` - // Specifies the storage type associated with DB instance. + // The storage throughput for the DB instance. + // + // This setting applies only to the gp3 storage type. + StorageThroughput *int64 `type:"integer"` + + // The storage type associated with the DB instance. StorageType *string `type:"string"` // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) @@ -22448,25 +30961,68 @@ type DBInstance struct { TdeCredentialArn *string `type:"string"` // The time zone of the DB instance. In most cases, the Timezone element is - // empty. Timezone content appears only for Microsoft SQL Server DB instances - // that were created with a time zone specified. + // empty. Timezone content appears only for RDS for Db2 and RDS for SQL Server + // DB instances that were created with a time zone specified. Timezone *string `type:"string"` - // Provides a list of VPC security group elements that the DB instance belongs - // to. + // The list of Amazon EC2 VPC security groups that the DB instance belongs to. VpcSecurityGroups []*VpcSecurityGroupMembership `locationNameList:"VpcSecurityGroupMembership" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstance) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstance) GoString() string { return s.String() } +// SetActivityStreamEngineNativeAuditFieldsIncluded sets the ActivityStreamEngineNativeAuditFieldsIncluded field's value. +func (s *DBInstance) SetActivityStreamEngineNativeAuditFieldsIncluded(v bool) *DBInstance { + s.ActivityStreamEngineNativeAuditFieldsIncluded = &v + return s +} + +// SetActivityStreamKinesisStreamName sets the ActivityStreamKinesisStreamName field's value. +func (s *DBInstance) SetActivityStreamKinesisStreamName(v string) *DBInstance { + s.ActivityStreamKinesisStreamName = &v + return s +} + +// SetActivityStreamKmsKeyId sets the ActivityStreamKmsKeyId field's value. +func (s *DBInstance) SetActivityStreamKmsKeyId(v string) *DBInstance { + s.ActivityStreamKmsKeyId = &v + return s +} + +// SetActivityStreamMode sets the ActivityStreamMode field's value. +func (s *DBInstance) SetActivityStreamMode(v string) *DBInstance { + s.ActivityStreamMode = &v + return s +} + +// SetActivityStreamPolicyStatus sets the ActivityStreamPolicyStatus field's value. +func (s *DBInstance) SetActivityStreamPolicyStatus(v string) *DBInstance { + s.ActivityStreamPolicyStatus = &v + return s +} + +// SetActivityStreamStatus sets the ActivityStreamStatus field's value. +func (s *DBInstance) SetActivityStreamStatus(v string) *DBInstance { + s.ActivityStreamStatus = &v + return s +} + // SetAllocatedStorage sets the AllocatedStorage field's value. func (s *DBInstance) SetAllocatedStorage(v int64) *DBInstance { s.AllocatedStorage = &v @@ -22485,24 +31041,54 @@ func (s *DBInstance) SetAutoMinorVersionUpgrade(v bool) *DBInstance { return s } +// SetAutomaticRestartTime sets the AutomaticRestartTime field's value. +func (s *DBInstance) SetAutomaticRestartTime(v time.Time) *DBInstance { + s.AutomaticRestartTime = &v + return s +} + +// SetAutomationMode sets the AutomationMode field's value. +func (s *DBInstance) SetAutomationMode(v string) *DBInstance { + s.AutomationMode = &v + return s +} + // SetAvailabilityZone sets the AvailabilityZone field's value. func (s *DBInstance) SetAvailabilityZone(v string) *DBInstance { s.AvailabilityZone = &v return s } +// SetAwsBackupRecoveryPointArn sets the AwsBackupRecoveryPointArn field's value. +func (s *DBInstance) SetAwsBackupRecoveryPointArn(v string) *DBInstance { + s.AwsBackupRecoveryPointArn = &v + return s +} + // SetBackupRetentionPeriod sets the BackupRetentionPeriod field's value. func (s *DBInstance) SetBackupRetentionPeriod(v int64) *DBInstance { s.BackupRetentionPeriod = &v return s } +// SetBackupTarget sets the BackupTarget field's value. +func (s *DBInstance) SetBackupTarget(v string) *DBInstance { + s.BackupTarget = &v + return s +} + // SetCACertificateIdentifier sets the CACertificateIdentifier field's value. func (s *DBInstance) SetCACertificateIdentifier(v string) *DBInstance { s.CACertificateIdentifier = &v return s } +// SetCertificateDetails sets the CertificateDetails field's value. +func (s *DBInstance) SetCertificateDetails(v *CertificateDetails) *DBInstance { + s.CertificateDetails = v + return s +} + // SetCharacterSetName sets the CharacterSetName field's value. func (s *DBInstance) SetCharacterSetName(v string) *DBInstance { s.CharacterSetName = &v @@ -22515,6 +31101,18 @@ func (s *DBInstance) SetCopyTagsToSnapshot(v bool) *DBInstance { return s } +// SetCustomIamInstanceProfile sets the CustomIamInstanceProfile field's value. +func (s *DBInstance) SetCustomIamInstanceProfile(v string) *DBInstance { + s.CustomIamInstanceProfile = &v + return s +} + +// SetCustomerOwnedIpEnabled sets the CustomerOwnedIpEnabled field's value. +func (s *DBInstance) SetCustomerOwnedIpEnabled(v bool) *DBInstance { + s.CustomerOwnedIpEnabled = &v + return s +} + // SetDBClusterIdentifier sets the DBClusterIdentifier field's value. func (s *DBInstance) SetDBClusterIdentifier(v string) *DBInstance { s.DBClusterIdentifier = &v @@ -22575,6 +31173,12 @@ func (s *DBInstance) SetDBSubnetGroup(v *DBSubnetGroup) *DBInstance { return s } +// SetDBSystemId sets the DBSystemId field's value. +func (s *DBInstance) SetDBSystemId(v string) *DBInstance { + s.DBSystemId = &v + return s +} + // SetDbInstancePort sets the DbInstancePort field's value. func (s *DBInstance) SetDbInstancePort(v int64) *DBInstance { s.DbInstancePort = &v @@ -22587,6 +31191,12 @@ func (s *DBInstance) SetDbiResourceId(v string) *DBInstance { return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *DBInstance) SetDedicatedLogVolume(v bool) *DBInstance { + s.DedicatedLogVolume = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *DBInstance) SetDeletionProtection(v bool) *DBInstance { s.DeletionProtection = &v @@ -22617,6 +31227,12 @@ func (s *DBInstance) SetEngine(v string) *DBInstance { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *DBInstance) SetEngineLifecycleSupport(v string) *DBInstance { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *DBInstance) SetEngineVersion(v string) *DBInstance { s.EngineVersion = &v @@ -22647,6 +31263,12 @@ func (s *DBInstance) SetIops(v int64) *DBInstance { return s } +// SetIsStorageConfigUpgradeAvailable sets the IsStorageConfigUpgradeAvailable field's value. +func (s *DBInstance) SetIsStorageConfigUpgradeAvailable(v bool) *DBInstance { + s.IsStorageConfigUpgradeAvailable = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *DBInstance) SetKmsKeyId(v string) *DBInstance { s.KmsKeyId = &v @@ -22671,6 +31293,12 @@ func (s *DBInstance) SetListenerEndpoint(v *Endpoint) *DBInstance { return s } +// SetMasterUserSecret sets the MasterUserSecret field's value. +func (s *DBInstance) SetMasterUserSecret(v *MasterUserSecret) *DBInstance { + s.MasterUserSecret = v + return s +} + // SetMasterUsername sets the MasterUsername field's value. func (s *DBInstance) SetMasterUsername(v string) *DBInstance { s.MasterUsername = &v @@ -22701,12 +31329,24 @@ func (s *DBInstance) SetMultiAZ(v bool) *DBInstance { return s } +// SetMultiTenant sets the MultiTenant field's value. +func (s *DBInstance) SetMultiTenant(v bool) *DBInstance { + s.MultiTenant = &v + return s +} + // SetNcharCharacterSetName sets the NcharCharacterSetName field's value. func (s *DBInstance) SetNcharCharacterSetName(v string) *DBInstance { s.NcharCharacterSetName = &v return s } +// SetNetworkType sets the NetworkType field's value. +func (s *DBInstance) SetNetworkType(v string) *DBInstance { + s.NetworkType = &v + return s +} + // SetOptionGroupMemberships sets the OptionGroupMemberships field's value. func (s *DBInstance) SetOptionGroupMemberships(v []*OptionGroupMembership) *DBInstance { s.OptionGroupMemberships = v @@ -22719,6 +31359,12 @@ func (s *DBInstance) SetPendingModifiedValues(v *PendingModifiedValues) *DBInsta return s } +// SetPercentProgress sets the PercentProgress field's value. +func (s *DBInstance) SetPercentProgress(v string) *DBInstance { + s.PercentProgress = &v + return s +} + // SetPerformanceInsightsEnabled sets the PerformanceInsightsEnabled field's value. func (s *DBInstance) SetPerformanceInsightsEnabled(v bool) *DBInstance { s.PerformanceInsightsEnabled = &v @@ -22779,6 +31425,12 @@ func (s *DBInstance) SetReadReplicaDBInstanceIdentifiers(v []*string) *DBInstanc return s } +// SetReadReplicaSourceDBClusterIdentifier sets the ReadReplicaSourceDBClusterIdentifier field's value. +func (s *DBInstance) SetReadReplicaSourceDBClusterIdentifier(v string) *DBInstance { + s.ReadReplicaSourceDBClusterIdentifier = &v + return s +} + // SetReadReplicaSourceDBInstanceIdentifier sets the ReadReplicaSourceDBInstanceIdentifier field's value. func (s *DBInstance) SetReadReplicaSourceDBInstanceIdentifier(v string) *DBInstance { s.ReadReplicaSourceDBInstanceIdentifier = &v @@ -22791,6 +31443,12 @@ func (s *DBInstance) SetReplicaMode(v string) *DBInstance { return s } +// SetResumeFullAutomationModeTime sets the ResumeFullAutomationModeTime field's value. +func (s *DBInstance) SetResumeFullAutomationModeTime(v time.Time) *DBInstance { + s.ResumeFullAutomationModeTime = &v + return s +} + // SetSecondaryAvailabilityZone sets the SecondaryAvailabilityZone field's value. func (s *DBInstance) SetSecondaryAvailabilityZone(v string) *DBInstance { s.SecondaryAvailabilityZone = &v @@ -22809,6 +31467,12 @@ func (s *DBInstance) SetStorageEncrypted(v bool) *DBInstance { return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *DBInstance) SetStorageThroughput(v int64) *DBInstance { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *DBInstance) SetStorageType(v string) *DBInstance { s.StorageType = &v @@ -22845,36 +31509,47 @@ func (s *DBInstance) SetVpcSecurityGroups(v []*VpcSecurityGroupMembership) *DBIn type DBInstanceAutomatedBackup struct { _ struct{} `type:"structure"` - // Specifies the allocated storage size in gibibytes (GiB). + // The allocated storage size for the the automated backup in gibibytes (GiB). AllocatedStorage *int64 `type:"integer"` // The Availability Zone that the automated backup was created in. For information - // on AWS Regions and Availability Zones, see Regions and Availability Zones - // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). + // on Amazon Web Services Regions and Availability Zones, see Regions and Availability + // Zones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). AvailabilityZone *string `type:"string"` + // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services + // Backup. + AwsBackupRecoveryPointArn *string `type:"string"` + // The retention period for the automated backups. BackupRetentionPeriod *int64 `type:"integer"` + // The location where automated backups are stored: Amazon Web Services Outposts + // or the Amazon Web Services Region. + BackupTarget *string `type:"string"` + // The Amazon Resource Name (ARN) for the automated backups. DBInstanceArn *string `type:"string"` // The Amazon Resource Name (ARN) for the replicated automated backups. DBInstanceAutomatedBackupsArn *string `type:"string"` - // The list of replications to different AWS Regions associated with the automated - // backup. + // The list of replications to different Amazon Web Services Regions associated + // with the automated backup. DBInstanceAutomatedBackupsReplications []*DBInstanceAutomatedBackupsReplication `locationNameList:"DBInstanceAutomatedBackupsReplication" type:"list"` - // The customer id of the instance that is/was associated with the automated - // backup. + // The identifier for the source DB instance, which can't be changed and which + // is unique to an Amazon Web Services Region. DBInstanceIdentifier *string `type:"string"` - // The identifier for the source DB instance, which can't be changed and which - // is unique to an AWS Region. + // The resource ID for the source DB instance, which can't be changed and which + // is unique to an Amazon Web Services Region. DbiResourceId *string `type:"string"` - // Specifies whether the automated backup is encrypted. + // Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DedicatedLogVolume *bool `type:"boolean"` + + // Indicates whether the automated backup is encrypted. Encrypted *bool `type:"boolean"` // The name of the database engine for this automated backup. @@ -22883,28 +31558,32 @@ type DBInstanceAutomatedBackup struct { // The version of the database engine for the automated backup. EngineVersion *string `type:"string"` - // True if mapping of AWS Identity and Access Management (IAM) accounts to database - // accounts is enabled, and otherwise false. + // True if mapping of Amazon Web Services Identity and Access Management (IAM) + // accounts to database accounts is enabled, and otherwise false. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` - // Provides the date and time that the DB instance was created. + // The date and time when the DB instance was created. InstanceCreateTime *time.Time `type:"timestamp"` // The IOPS (I/O operations per second) value for the automated backup. Iops *int64 `type:"integer"` - // The AWS KMS key ID for an automated backup. + // The Amazon Web Services KMS key ID for an automated backup. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` - // License model information for the automated backup. + // The license model information for the automated backup. LicenseModel *string `type:"string"` - // The license model of an automated backup. + // The master user name of an automated backup. MasterUsername *string `type:"string"` + // Specifies whether the automatic backup is for a DB instance in the multi-tenant + // configuration (TRUE) or the single-tenant configuration (FALSE). + MultiTenant *bool `type:"boolean"` + // The option group the automated backup is associated with. If omitted, the // default option group for the engine specified is used. OptionGroupName *string `type:"string"` @@ -22916,23 +31595,26 @@ type DBInstanceAutomatedBackup struct { // Valid Values: 1150-65535 Port *int64 `type:"integer"` - // The AWS Region associated with the automated backup. + // The Amazon Web Services Region associated with the automated backup. Region *string `type:"string"` - // Earliest and latest time an instance can be restored to. + // The earliest and latest time a DB instance can be restored to. RestoreWindow *RestoreWindow `type:"structure"` - // Provides a list of status information for an automated backup: + // A list of status information for an automated backup: // - // * active - automated backups for current instances + // * active - Automated backups for current instances. // - // * retained - automated backups for deleted instances + // * retained - Automated backups for deleted instances. // - // * creating - automated backups that are waiting for the first automated + // * creating - Automated backups that are waiting for the first automated // snapshot to be available. Status *string `type:"string"` - // Specifies the storage type associated with the automated backup. + // The storage throughput for the automated backup. + StorageThroughput *int64 `type:"integer"` + + // The storage type associated with the automated backup. StorageType *string `type:"string"` // The ARN from the key store with which the automated backup is associated @@ -22944,16 +31626,24 @@ type DBInstanceAutomatedBackup struct { // that were created with a time zone specified. Timezone *string `type:"string"` - // Provides the VPC ID associated with the DB instance + // The VPC ID associated with the DB instance. VpcId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceAutomatedBackup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceAutomatedBackup) GoString() string { return s.String() } @@ -22970,12 +31660,24 @@ func (s *DBInstanceAutomatedBackup) SetAvailabilityZone(v string) *DBInstanceAut return s } +// SetAwsBackupRecoveryPointArn sets the AwsBackupRecoveryPointArn field's value. +func (s *DBInstanceAutomatedBackup) SetAwsBackupRecoveryPointArn(v string) *DBInstanceAutomatedBackup { + s.AwsBackupRecoveryPointArn = &v + return s +} + // SetBackupRetentionPeriod sets the BackupRetentionPeriod field's value. func (s *DBInstanceAutomatedBackup) SetBackupRetentionPeriod(v int64) *DBInstanceAutomatedBackup { s.BackupRetentionPeriod = &v return s } +// SetBackupTarget sets the BackupTarget field's value. +func (s *DBInstanceAutomatedBackup) SetBackupTarget(v string) *DBInstanceAutomatedBackup { + s.BackupTarget = &v + return s +} + // SetDBInstanceArn sets the DBInstanceArn field's value. func (s *DBInstanceAutomatedBackup) SetDBInstanceArn(v string) *DBInstanceAutomatedBackup { s.DBInstanceArn = &v @@ -23006,6 +31708,12 @@ func (s *DBInstanceAutomatedBackup) SetDbiResourceId(v string) *DBInstanceAutoma return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *DBInstanceAutomatedBackup) SetDedicatedLogVolume(v bool) *DBInstanceAutomatedBackup { + s.DedicatedLogVolume = &v + return s +} + // SetEncrypted sets the Encrypted field's value. func (s *DBInstanceAutomatedBackup) SetEncrypted(v bool) *DBInstanceAutomatedBackup { s.Encrypted = &v @@ -23060,6 +31768,12 @@ func (s *DBInstanceAutomatedBackup) SetMasterUsername(v string) *DBInstanceAutom return s } +// SetMultiTenant sets the MultiTenant field's value. +func (s *DBInstanceAutomatedBackup) SetMultiTenant(v bool) *DBInstanceAutomatedBackup { + s.MultiTenant = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *DBInstanceAutomatedBackup) SetOptionGroupName(v string) *DBInstanceAutomatedBackup { s.OptionGroupName = &v @@ -23090,6 +31804,12 @@ func (s *DBInstanceAutomatedBackup) SetStatus(v string) *DBInstanceAutomatedBack return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *DBInstanceAutomatedBackup) SetStorageThroughput(v int64) *DBInstanceAutomatedBackup { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *DBInstanceAutomatedBackup) SetStorageType(v string) *DBInstanceAutomatedBackup { s.StorageType = &v @@ -23114,8 +31834,9 @@ func (s *DBInstanceAutomatedBackup) SetVpcId(v string) *DBInstanceAutomatedBacku return s } -// Automated backups of a DB instance replicated to another AWS Region. They -// consist of system backups, transaction logs, and database instance properties. +// Automated backups of a DB instance replicated to another Amazon Web Services +// Region. They consist of system backups, transaction logs, and database instance +// properties. type DBInstanceAutomatedBackupsReplication struct { _ struct{} `type:"structure"` @@ -23123,12 +31844,20 @@ type DBInstanceAutomatedBackupsReplication struct { DBInstanceAutomatedBackupsArn *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceAutomatedBackupsReplication) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceAutomatedBackupsReplication) GoString() string { return s.String() } @@ -23139,39 +31868,48 @@ func (s *DBInstanceAutomatedBackupsReplication) SetDBInstanceAutomatedBackupsArn return s } -// Describes an AWS Identity and Access Management (IAM) role that is associated -// with a DB instance. +// Information about an Amazon Web Services Identity and Access Management (IAM) +// role that is associated with a DB instance. type DBInstanceRole struct { _ struct{} `type:"structure"` - // The name of the feature associated with the AWS Identity and Access Management - // (IAM) role. For the list of supported feature names, see DBEngineVersion. + // The name of the feature associated with the Amazon Web Services Identity + // and Access Management (IAM) role. For information about supported feature + // names, see DBEngineVersion. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role that is associated with the // DB instance. RoleArn *string `type:"string"` - // Describes the state of association between the IAM role and the DB instance. - // The Status property returns one of the following values: + // Information about the state of association between the IAM role and the DB + // instance. The Status property returns one of the following values: // // * ACTIVE - the IAM role ARN is associated with the DB instance and can - // be used to access other AWS services on your behalf. + // be used to access other Amazon Web Services services on your behalf. // // * PENDING - the IAM role ARN is being associated with the DB instance. // // * INVALID - the IAM role ARN is associated with the DB instance, but the // DB instance is unable to assume the IAM role in order to access other - // AWS services on your behalf. + // Amazon Web Services services on your behalf. Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceRole) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceRole) GoString() string { return s.String() } @@ -23202,12 +31940,12 @@ type DBInstanceStatusInfo struct { // isn't in an error state, this value is blank. Message *string `type:"string"` - // Boolean value that is true if the instance is operating normally, or false - // if the instance is in an error state. + // Indicates whether the instance is operating normally (TRUE) or is in an error + // state (FALSE). Normal *bool `type:"boolean"` - // Status of the DB instance. For a StatusType of read replica, the values can - // be replicating, replication stop point set, replication stop point reached, + // The status of the DB instance. For a StatusType of read replica, the values + // can be replicating, replication stop point set, replication stop point reached, // error, stopped, or terminated. Status *string `type:"string"` @@ -23215,12 +31953,20 @@ type DBInstanceStatusInfo struct { StatusType *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceStatusInfo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBInstanceStatusInfo) GoString() string { return s.String() } @@ -23270,12 +32016,20 @@ type DBParameterGroup struct { Description *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBParameterGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBParameterGroup) GoString() string { return s.String() } @@ -23305,7 +32059,7 @@ func (s *DBParameterGroup) SetDescription(v string) *DBParameterGroup { } // Contains the result of a successful invocation of the ModifyDBParameterGroup -// or ResetDBParameterGroup action. +// or ResetDBParameterGroup operation. type DBParameterGroupNameMessage struct { _ struct{} `type:"structure"` @@ -23313,12 +32067,20 @@ type DBParameterGroupNameMessage struct { DBParameterGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBParameterGroupNameMessage) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBParameterGroupNameMessage) GoString() string { return s.String() } @@ -23333,17 +32095,17 @@ func (s *DBParameterGroupNameMessage) SetDBParameterGroupName(v string) *DBParam // // This data type is used as a response element in the following actions: // -// * CreateDBInstance +// - CreateDBInstance // -// * CreateDBInstanceReadReplica +// - CreateDBInstanceReadReplica // -// * DeleteDBInstance +// - DeleteDBInstance // -// * ModifyDBInstance +// - ModifyDBInstance // -// * RebootDBInstance +// - RebootDBInstance // -// * RestoreDBInstanceFromDBSnapshot +// - RestoreDBInstanceFromDBSnapshot type DBParameterGroupStatus struct { _ struct{} `type:"structure"` @@ -23354,12 +32116,20 @@ type DBParameterGroupStatus struct { ParameterApplyStatus *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBParameterGroupStatus) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBParameterGroupStatus) GoString() string { return s.String() } @@ -23393,23 +32163,29 @@ type DBProxy struct { DBProxyArn *string `type:"string"` // The identifier for the proxy. This name must be unique for all proxies owned - // by your AWS account in the specified AWS Region. + // by your Amazon Web Services account in the specified Amazon Web Services + // Region. DBProxyName *string `type:"string"` - // Whether the proxy includes detailed information about SQL statements in its - // logs. This information helps you to debug issues involving SQL behavior or - // the performance and scalability of the proxy connections. The debug information + // Indicates whether the proxy includes detailed information about SQL statements + // in its logs. This information helps you to debug issues involving SQL behavior + // or the performance and scalability of the proxy connections. The debug information // includes the text of SQL statements that you submit through the proxy. Thus, // only enable this setting when needed for debugging, and only when you have // security measures in place to safeguard any sensitive information that appears // in the logs. DebugLogging *bool `type:"boolean"` - // The endpoint that you can use to connect to the proxy. You include the endpoint - // value in the connection string for a database client application. + // The endpoint that you can use to connect to the DB proxy. You include the + // endpoint value in the connection string for a database client application. Endpoint *string `type:"string"` - // The engine family applies to MySQL and PostgreSQL for both RDS and Aurora. + // The kinds of databases that the proxy can connect to. This value determines + // which database network protocol the proxy recognizes when it interprets network + // traffic to and from the database. MYSQL supports Aurora MySQL, RDS for MariaDB, + // and RDS for MySQL databases. POSTGRESQL supports Aurora PostgreSQL and RDS + // for PostgreSQL databases. SQLSERVER supports RDS for Microsoft SQL Server + // databases. EngineFamily *string `type:"string"` // The number of seconds a connection to the proxy can have no activity before @@ -23438,6 +32214,9 @@ type DBProxy struct { // The date and time when the proxy was last updated. UpdatedDate *time.Time `type:"timestamp"` + // Provides the VPC ID of the DB proxy. + VpcId *string `type:"string"` + // Provides a list of VPC security groups that the proxy belongs to. VpcSecurityGroupIds []*string `type:"list"` @@ -23445,12 +32224,20 @@ type DBProxy struct { VpcSubnetIds []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBProxy) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBProxy) GoString() string { return s.String() } @@ -23527,6 +32314,12 @@ func (s *DBProxy) SetUpdatedDate(v time.Time) *DBProxy { return s } +// SetVpcId sets the VpcId field's value. +func (s *DBProxy) SetVpcId(v string) *DBProxy { + s.VpcId = &v + return s +} + // SetVpcSecurityGroupIds sets the VpcSecurityGroupIds field's value. func (s *DBProxy) SetVpcSecurityGroupIds(v []*string) *DBProxy { s.VpcSecurityGroupIds = v @@ -23539,6 +32332,146 @@ func (s *DBProxy) SetVpcSubnetIds(v []*string) *DBProxy { return s } +// The data structure representing an endpoint associated with a DB proxy. RDS +// automatically creates one endpoint for each DB proxy. For Aurora DB clusters, +// you can associate additional endpoints with the same DB proxy. These endpoints +// can be read/write or read-only. They can also reside in different VPCs than +// the associated DB proxy. +// +// This data type is used as a response element in the DescribeDBProxyEndpoints +// operation. +type DBProxyEndpoint struct { + _ struct{} `type:"structure"` + + // The date and time when the DB proxy endpoint was first created. + CreatedDate *time.Time `type:"timestamp"` + + // The Amazon Resource Name (ARN) for the DB proxy endpoint. + DBProxyEndpointArn *string `type:"string"` + + // The name for the DB proxy endpoint. An identifier must begin with a letter + // and must contain only ASCII letters, digits, and hyphens; it can't end with + // a hyphen or contain two consecutive hyphens. + DBProxyEndpointName *string `type:"string"` + + // The identifier for the DB proxy that is associated with this DB proxy endpoint. + DBProxyName *string `type:"string"` + + // The endpoint that you can use to connect to the DB proxy. You include the + // endpoint value in the connection string for a database client application. + Endpoint *string `type:"string"` + + // Indicates whether this endpoint is the default endpoint for the associated + // DB proxy. Default DB proxy endpoints always have read/write capability. Other + // endpoints that you associate with the DB proxy can be either read/write or + // read-only. + IsDefault *bool `type:"boolean"` + + // The current status of this DB proxy endpoint. A status of available means + // the endpoint is ready to handle requests. Other values indicate that you + // must wait for the endpoint to be ready, or take some action to resolve an + // issue. + Status *string `type:"string" enum:"DBProxyEndpointStatus"` + + // A value that indicates whether the DB proxy endpoint can be used for read/write + // or read-only operations. + TargetRole *string `type:"string" enum:"DBProxyEndpointTargetRole"` + + // Provides the VPC ID of the DB proxy endpoint. + VpcId *string `type:"string"` + + // Provides a list of VPC security groups that the DB proxy endpoint belongs + // to. + VpcSecurityGroupIds []*string `type:"list"` + + // The EC2 subnet IDs for the DB proxy endpoint. + VpcSubnetIds []*string `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBProxyEndpoint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBProxyEndpoint) GoString() string { + return s.String() +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *DBProxyEndpoint) SetCreatedDate(v time.Time) *DBProxyEndpoint { + s.CreatedDate = &v + return s +} + +// SetDBProxyEndpointArn sets the DBProxyEndpointArn field's value. +func (s *DBProxyEndpoint) SetDBProxyEndpointArn(v string) *DBProxyEndpoint { + s.DBProxyEndpointArn = &v + return s +} + +// SetDBProxyEndpointName sets the DBProxyEndpointName field's value. +func (s *DBProxyEndpoint) SetDBProxyEndpointName(v string) *DBProxyEndpoint { + s.DBProxyEndpointName = &v + return s +} + +// SetDBProxyName sets the DBProxyName field's value. +func (s *DBProxyEndpoint) SetDBProxyName(v string) *DBProxyEndpoint { + s.DBProxyName = &v + return s +} + +// SetEndpoint sets the Endpoint field's value. +func (s *DBProxyEndpoint) SetEndpoint(v string) *DBProxyEndpoint { + s.Endpoint = &v + return s +} + +// SetIsDefault sets the IsDefault field's value. +func (s *DBProxyEndpoint) SetIsDefault(v bool) *DBProxyEndpoint { + s.IsDefault = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *DBProxyEndpoint) SetStatus(v string) *DBProxyEndpoint { + s.Status = &v + return s +} + +// SetTargetRole sets the TargetRole field's value. +func (s *DBProxyEndpoint) SetTargetRole(v string) *DBProxyEndpoint { + s.TargetRole = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *DBProxyEndpoint) SetVpcId(v string) *DBProxyEndpoint { + s.VpcId = &v + return s +} + +// SetVpcSecurityGroupIds sets the VpcSecurityGroupIds field's value. +func (s *DBProxyEndpoint) SetVpcSecurityGroupIds(v []*string) *DBProxyEndpoint { + s.VpcSecurityGroupIds = v + return s +} + +// SetVpcSubnetIds sets the VpcSubnetIds field's value. +func (s *DBProxyEndpoint) SetVpcSubnetIds(v []*string) *DBProxyEndpoint { + s.VpcSubnetIds = v + return s +} + // Contains the details for an RDS Proxy target. It represents an RDS DB instance // or Aurora DB cluster that the proxy can connect to. One or more targets are // associated with an RDS Proxy target group. @@ -23559,6 +32492,10 @@ type DBProxyTarget struct { // for an RDS DB instance, or the cluster identifier for an Aurora DB cluster. RdsResourceId *string `type:"string"` + // A value that indicates whether the target of the proxy can be used for read/write + // or read-only operations. + Role *string `type:"string" enum:"TargetRole"` + // The Amazon Resource Name (ARN) for the RDS DB instance or Aurora DB cluster. TargetArn *string `type:"string"` @@ -23574,12 +32511,20 @@ type DBProxyTarget struct { Type *string `type:"string" enum:"TargetType"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBProxyTarget) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBProxyTarget) GoString() string { return s.String() } @@ -23602,6 +32547,12 @@ func (s *DBProxyTarget) SetRdsResourceId(v string) *DBProxyTarget { return s } +// SetRole sets the Role field's value. +func (s *DBProxyTarget) SetRole(v string) *DBProxyTarget { + s.Role = &v + return s +} + // SetTargetArn sets the TargetArn field's value. func (s *DBProxyTarget) SetTargetArn(v string) *DBProxyTarget { s.TargetArn = &v @@ -23645,9 +32596,9 @@ type DBProxyTargetGroup struct { // The identifier for the RDS proxy associated with this target group. DBProxyName *string `type:"string"` - // Whether this target group is the first one used for connection requests by - // the associated proxy. Because each proxy is currently associated with a single - // target group, currently this setting is always true. + // Indicates whether this target group is the first one used for connection + // requests by the associated proxy. Because each proxy is currently associated + // with a single target group, currently this setting is always true. IsDefault *bool `type:"boolean"` // The current status of this target group. A status of available means the @@ -23660,19 +32611,28 @@ type DBProxyTargetGroup struct { TargetGroupArn *string `type:"string"` // The identifier for the target group. This name must be unique for all target - // groups owned by your AWS account in the specified AWS Region. + // groups owned by your Amazon Web Services account in the specified Amazon + // Web Services Region. TargetGroupName *string `type:"string"` // The date and time when the target group was last updated. UpdatedDate *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBProxyTargetGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBProxyTargetGroup) GoString() string { return s.String() } @@ -23725,6 +32685,252 @@ func (s *DBProxyTargetGroup) SetUpdatedDate(v time.Time) *DBProxyTargetGroup { return s } +// The recommendation for your DB instances, DB clusters, and DB parameter groups. +type DBRecommendation struct { + _ struct{} `type:"structure"` + + // Additional information about the recommendation. The information might contain + // markdown. + AdditionalInfo *string `type:"string"` + + // The category of the recommendation. + // + // Valid values: + // + // * performance efficiency + // + // * security + // + // * reliability + // + // * cost optimization + // + // * operational excellence + // + // * sustainability + Category *string `type:"string"` + + // The time when the recommendation was created. For example, 2023-09-28T01:13:53.931000+00:00. + CreatedTime *time.Time `type:"timestamp"` + + // A detailed description of the recommendation. The description might contain + // markdown. + Description *string `type:"string"` + + // A short description of the issue identified for this recommendation. The + // description might contain markdown. + Detection *string `type:"string"` + + // A short description that explains the possible impact of an issue. + Impact *string `type:"string"` + + // Details of the issue that caused the recommendation. + IssueDetails *IssueDetails `type:"structure"` + + // A link to documentation that provides additional information about the recommendation. + Links []*DocLink `type:"list"` + + // The reason why this recommendation was created. The information might contain + // markdown. + Reason *string `type:"string"` + + // A short description of the recommendation to resolve an issue. The description + // might contain markdown. + Recommendation *string `type:"string"` + + // The unique identifier of the recommendation. + RecommendationId *string `type:"string"` + + // A list of recommended actions. + RecommendedActions []*RecommendedAction `type:"list"` + + // The Amazon Resource Name (ARN) of the RDS resource associated with the recommendation. + ResourceArn *string `type:"string"` + + // The severity level of the recommendation. The severity level can help you + // decide the urgency with which to address the recommendation. + // + // Valid values: + // + // * high + // + // * medium + // + // * low + // + // * informational + Severity *string `type:"string"` + + // The Amazon Web Services service that generated the recommendations. + Source *string `type:"string"` + + // The current status of the recommendation. + // + // Valid values: + // + // * active - The recommendations which are ready for you to apply. + // + // * pending - The applied or scheduled recommendations which are in progress. + // + // * resolved - The recommendations which are completed. + // + // * dismissed - The recommendations that you dismissed. + Status *string `type:"string"` + + // A short description of the recommendation type. The description might contain + // markdown. + TypeDetection *string `type:"string"` + + // A value that indicates the type of recommendation. This value determines + // how the description is rendered. + TypeId *string `type:"string"` + + // A short description that summarizes the recommendation to fix all the issues + // of the recommendation type. The description might contain markdown. + TypeRecommendation *string `type:"string"` + + // The time when the recommendation was last updated. + UpdatedTime *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBRecommendation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBRecommendation) GoString() string { + return s.String() +} + +// SetAdditionalInfo sets the AdditionalInfo field's value. +func (s *DBRecommendation) SetAdditionalInfo(v string) *DBRecommendation { + s.AdditionalInfo = &v + return s +} + +// SetCategory sets the Category field's value. +func (s *DBRecommendation) SetCategory(v string) *DBRecommendation { + s.Category = &v + return s +} + +// SetCreatedTime sets the CreatedTime field's value. +func (s *DBRecommendation) SetCreatedTime(v time.Time) *DBRecommendation { + s.CreatedTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *DBRecommendation) SetDescription(v string) *DBRecommendation { + s.Description = &v + return s +} + +// SetDetection sets the Detection field's value. +func (s *DBRecommendation) SetDetection(v string) *DBRecommendation { + s.Detection = &v + return s +} + +// SetImpact sets the Impact field's value. +func (s *DBRecommendation) SetImpact(v string) *DBRecommendation { + s.Impact = &v + return s +} + +// SetIssueDetails sets the IssueDetails field's value. +func (s *DBRecommendation) SetIssueDetails(v *IssueDetails) *DBRecommendation { + s.IssueDetails = v + return s +} + +// SetLinks sets the Links field's value. +func (s *DBRecommendation) SetLinks(v []*DocLink) *DBRecommendation { + s.Links = v + return s +} + +// SetReason sets the Reason field's value. +func (s *DBRecommendation) SetReason(v string) *DBRecommendation { + s.Reason = &v + return s +} + +// SetRecommendation sets the Recommendation field's value. +func (s *DBRecommendation) SetRecommendation(v string) *DBRecommendation { + s.Recommendation = &v + return s +} + +// SetRecommendationId sets the RecommendationId field's value. +func (s *DBRecommendation) SetRecommendationId(v string) *DBRecommendation { + s.RecommendationId = &v + return s +} + +// SetRecommendedActions sets the RecommendedActions field's value. +func (s *DBRecommendation) SetRecommendedActions(v []*RecommendedAction) *DBRecommendation { + s.RecommendedActions = v + return s +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *DBRecommendation) SetResourceArn(v string) *DBRecommendation { + s.ResourceArn = &v + return s +} + +// SetSeverity sets the Severity field's value. +func (s *DBRecommendation) SetSeverity(v string) *DBRecommendation { + s.Severity = &v + return s +} + +// SetSource sets the Source field's value. +func (s *DBRecommendation) SetSource(v string) *DBRecommendation { + s.Source = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *DBRecommendation) SetStatus(v string) *DBRecommendation { + s.Status = &v + return s +} + +// SetTypeDetection sets the TypeDetection field's value. +func (s *DBRecommendation) SetTypeDetection(v string) *DBRecommendation { + s.TypeDetection = &v + return s +} + +// SetTypeId sets the TypeId field's value. +func (s *DBRecommendation) SetTypeId(v string) *DBRecommendation { + s.TypeId = &v + return s +} + +// SetTypeRecommendation sets the TypeRecommendation field's value. +func (s *DBRecommendation) SetTypeRecommendation(v string) *DBRecommendation { + s.TypeRecommendation = &v + return s +} + +// SetUpdatedTime sets the UpdatedTime field's value. +func (s *DBRecommendation) SetUpdatedTime(v time.Time) *DBRecommendation { + s.UpdatedTime = &v + return s +} + // Contains the details for an Amazon RDS DB security group. // // This data type is used as a response element in the DescribeDBSecurityGroups @@ -23747,19 +32953,28 @@ type DBSecurityGroup struct { // Contains a list of IPRange elements. IPRanges []*IPRange `locationNameList:"IPRange" type:"list"` - // Provides the AWS ID of the owner of a specific DB security group. + // Provides the Amazon Web Services ID of the owner of a specific DB security + // group. OwnerId *string `type:"string"` // Provides the VpcId of the DB security group. VpcId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSecurityGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSecurityGroup) GoString() string { return s.String() } @@ -23808,13 +33023,13 @@ func (s *DBSecurityGroup) SetVpcId(v string) *DBSecurityGroup { // This data type is used as a response element in the following actions: // -// * ModifyDBInstance +// - ModifyDBInstance // -// * RebootDBInstance +// - RebootDBInstance // -// * RestoreDBInstanceFromDBSnapshot +// - RestoreDBInstanceFromDBSnapshot // -// * RestoreDBInstanceToPointInTime +// - RestoreDBInstanceToPointInTime type DBSecurityGroupMembership struct { _ struct{} `type:"structure"` @@ -23825,12 +33040,20 @@ type DBSecurityGroupMembership struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSecurityGroupMembership) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSecurityGroupMembership) GoString() string { return s.String() } @@ -23847,6 +33070,125 @@ func (s *DBSecurityGroupMembership) SetStatus(v string) *DBSecurityGroupMembersh return s } +type DBShardGroup struct { + _ struct{} `type:"structure"` + + // Specifies whether to create standby instances for the DB shard group. Valid + // values are the following: + // + // * 0 - Creates a single, primary DB instance for each physical shard. This + // is the default value, and the only one supported for the preview. + // + // * 1 - Creates a primary DB instance and a standby instance in a different + // Availability Zone (AZ) for each physical shard. + // + // * 2 - Creates a primary DB instance and two standby instances in different + // AZs for each physical shard. + ComputeRedundancy *int64 `type:"integer"` + + // The name of the primary DB cluster for the DB shard group. + DBClusterIdentifier *string `type:"string"` + + // The name of the DB shard group. + DBShardGroupIdentifier *string `min:"1" type:"string"` + + // The Amazon Web Services Region-unique, immutable identifier for the DB shard + // group. + DBShardGroupResourceId *string `type:"string"` + + // The connection endpoint for the DB shard group. + Endpoint *string `type:"string"` + + // The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + MaxACU *float64 `type:"double"` + + // Indicates whether the DB shard group is publicly accessible. + // + // When the DB shard group is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB shard group's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB shard group's VPC. Access to the DB shard group is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB shard group doesn't permit it. + // + // When the DB shard group isn't publicly accessible, it is an internal DB shard + // group with a DNS name that resolves to a private IP address. + // + // For more information, see CreateDBShardGroup. + // + // This setting is only for Aurora Limitless Database. + PubliclyAccessible *bool `type:"boolean"` + + // The status of the DB shard group. + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBShardGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBShardGroup) GoString() string { + return s.String() +} + +// SetComputeRedundancy sets the ComputeRedundancy field's value. +func (s *DBShardGroup) SetComputeRedundancy(v int64) *DBShardGroup { + s.ComputeRedundancy = &v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *DBShardGroup) SetDBClusterIdentifier(v string) *DBShardGroup { + s.DBClusterIdentifier = &v + return s +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *DBShardGroup) SetDBShardGroupIdentifier(v string) *DBShardGroup { + s.DBShardGroupIdentifier = &v + return s +} + +// SetDBShardGroupResourceId sets the DBShardGroupResourceId field's value. +func (s *DBShardGroup) SetDBShardGroupResourceId(v string) *DBShardGroup { + s.DBShardGroupResourceId = &v + return s +} + +// SetEndpoint sets the Endpoint field's value. +func (s *DBShardGroup) SetEndpoint(v string) *DBShardGroup { + s.Endpoint = &v + return s +} + +// SetMaxACU sets the MaxACU field's value. +func (s *DBShardGroup) SetMaxACU(v float64) *DBShardGroup { + s.MaxACU = &v + return s +} + +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *DBShardGroup) SetPubliclyAccessible(v bool) *DBShardGroup { + s.PubliclyAccessible = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *DBShardGroup) SetStatus(v string) *DBShardGroup { + s.Status = &v + return s +} + // Contains the details of an Amazon RDS DB snapshot. // // This data type is used as a response element in the DescribeDBSnapshots action. @@ -23870,11 +33212,19 @@ type DBSnapshot struct { // Specifies the identifier for the DB snapshot. DBSnapshotIdentifier *string `type:"string"` + // The Oracle system identifier (SID), which is the name of the Oracle database + // instance that manages your database files. The Oracle SID is also the name + // of your CDB. + DBSystemId *string `type:"string"` + // The identifier for the source DB instance, which can't be changed and which - // is unique to an AWS Region. + // is unique to an Amazon Web Services Region. DbiResourceId *string `type:"string"` - // Specifies whether the DB snapshot is encrypted. + // Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DedicatedLogVolume *bool `type:"boolean"` + + // Indicates whether the DB snapshot is encrypted. Encrypted *bool `type:"boolean"` // Specifies the name of the database engine. @@ -23883,8 +33233,8 @@ type DBSnapshot struct { // Specifies the version of the database engine. EngineVersion *string `type:"string"` - // True if mapping of AWS Identity and Access Management (IAM) accounts to database - // accounts is enabled, and otherwise false. + // Indicates whether mapping of Amazon Web Services Identity and Access Management + // (IAM) accounts to database accounts is enabled. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` // Specifies the time in Coordinated Universal Time (UTC) when the DB instance, @@ -23895,10 +33245,11 @@ type DBSnapshot struct { // instance at the time of the snapshot. Iops *int64 `type:"integer"` - // If Encrypted is true, the AWS KMS key identifier for the encrypted DB snapshot. + // If Encrypted is true, the Amazon Web Services KMS key identifier for the + // encrypted DB snapshot. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` // License model information for the restored DB instance. @@ -23907,9 +33258,17 @@ type DBSnapshot struct { // Provides the master username for the DB snapshot. MasterUsername *string `type:"string"` + // Indicates whether the snapshot is of a DB instance using the multi-tenant + // configuration (TRUE) or the single-tenant configuration (FALSE). + MultiTenant *bool `type:"boolean"` + // Provides the option group name for the DB snapshot. OptionGroupName *string `type:"string"` + // Specifies the time of the CreateDBSnapshot operation in Coordinated Universal + // Time (UTC). Doesn't change when the snapshot is copied. + OriginalSnapshotCreateTime *time.Time `type:"timestamp"` + // The percentage of the estimated data that has been transferred. PercentProgress *int64 `type:"integer"` @@ -23922,21 +33281,42 @@ type DBSnapshot struct { ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` // Specifies when the snapshot was taken in Coordinated Universal Time (UTC). + // Changes for the copy when the snapshot is copied. SnapshotCreateTime *time.Time `type:"timestamp"` + // The timestamp of the most recent transaction applied to the database that + // you're backing up. Thus, if you restore a snapshot, SnapshotDatabaseTime + // is the most recent transaction in the restored DB instance. In contrast, + // originalSnapshotCreateTime specifies the system time that the snapshot completed. + // + // If you back up a read replica, you can determine the replica lag by comparing + // SnapshotDatabaseTime with originalSnapshotCreateTime. For example, if originalSnapshotCreateTime + // is two hours later than SnapshotDatabaseTime, then the replica lag is two + // hours. + SnapshotDatabaseTime *time.Time `type:"timestamp"` + + // Specifies where manual snapshots are stored: Amazon Web Services Outposts + // or the Amazon Web Services Region. + SnapshotTarget *string `type:"string"` + // Provides the type of the DB snapshot. SnapshotType *string `type:"string"` // The DB snapshot Amazon Resource Name (ARN) that the DB snapshot was copied - // from. It only has value in case of cross-customer or cross-region copy. + // from. It only has a value in the case of a cross-account or cross-Region + // copy. SourceDBSnapshotIdentifier *string `type:"string"` - // The AWS Region that the DB snapshot was created in or copied from. + // The Amazon Web Services Region that the DB snapshot was created in or copied + // from. SourceRegion *string `type:"string"` // Specifies the status of this DB snapshot. Status *string `type:"string"` + // Specifies the storage throughput for the DB snapshot. + StorageThroughput *int64 `type:"integer"` + // Specifies the storage type associated with DB snapshot. StorageType *string `type:"string"` @@ -23956,12 +33336,20 @@ type DBSnapshot struct { VpcId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSnapshot) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSnapshot) GoString() string { return s.String() } @@ -23996,12 +33384,24 @@ func (s *DBSnapshot) SetDBSnapshotIdentifier(v string) *DBSnapshot { return s } +// SetDBSystemId sets the DBSystemId field's value. +func (s *DBSnapshot) SetDBSystemId(v string) *DBSnapshot { + s.DBSystemId = &v + return s +} + // SetDbiResourceId sets the DbiResourceId field's value. func (s *DBSnapshot) SetDbiResourceId(v string) *DBSnapshot { s.DbiResourceId = &v return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *DBSnapshot) SetDedicatedLogVolume(v bool) *DBSnapshot { + s.DedicatedLogVolume = &v + return s +} + // SetEncrypted sets the Encrypted field's value. func (s *DBSnapshot) SetEncrypted(v bool) *DBSnapshot { s.Encrypted = &v @@ -24056,12 +33456,24 @@ func (s *DBSnapshot) SetMasterUsername(v string) *DBSnapshot { return s } +// SetMultiTenant sets the MultiTenant field's value. +func (s *DBSnapshot) SetMultiTenant(v bool) *DBSnapshot { + s.MultiTenant = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *DBSnapshot) SetOptionGroupName(v string) *DBSnapshot { s.OptionGroupName = &v return s } +// SetOriginalSnapshotCreateTime sets the OriginalSnapshotCreateTime field's value. +func (s *DBSnapshot) SetOriginalSnapshotCreateTime(v time.Time) *DBSnapshot { + s.OriginalSnapshotCreateTime = &v + return s +} + // SetPercentProgress sets the PercentProgress field's value. func (s *DBSnapshot) SetPercentProgress(v int64) *DBSnapshot { s.PercentProgress = &v @@ -24086,6 +33498,18 @@ func (s *DBSnapshot) SetSnapshotCreateTime(v time.Time) *DBSnapshot { return s } +// SetSnapshotDatabaseTime sets the SnapshotDatabaseTime field's value. +func (s *DBSnapshot) SetSnapshotDatabaseTime(v time.Time) *DBSnapshot { + s.SnapshotDatabaseTime = &v + return s +} + +// SetSnapshotTarget sets the SnapshotTarget field's value. +func (s *DBSnapshot) SetSnapshotTarget(v string) *DBSnapshot { + s.SnapshotTarget = &v + return s +} + // SetSnapshotType sets the SnapshotType field's value. func (s *DBSnapshot) SetSnapshotType(v string) *DBSnapshot { s.SnapshotType = &v @@ -24110,6 +33534,12 @@ func (s *DBSnapshot) SetStatus(v string) *DBSnapshot { return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *DBSnapshot) SetStorageThroughput(v int64) *DBSnapshot { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *DBSnapshot) SetStorageType(v string) *DBSnapshot { s.StorageType = &v @@ -24142,34 +33572,43 @@ func (s *DBSnapshot) SetVpcId(v string) *DBSnapshot { // Contains the name and values of a manual DB snapshot attribute // -// Manual DB snapshot attributes are used to authorize other AWS accounts to -// restore a manual DB snapshot. For more information, see the ModifyDBSnapshotAttribute +// Manual DB snapshot attributes are used to authorize other Amazon Web Services +// accounts to restore a manual DB snapshot. For more information, see the ModifyDBSnapshotAttribute // API. type DBSnapshotAttribute struct { _ struct{} `type:"structure"` // The name of the manual DB snapshot attribute. // - // The attribute named restore refers to the list of AWS accounts that have - // permission to copy or restore the manual DB cluster snapshot. For more information, - // see the ModifyDBSnapshotAttribute API action. + // The attribute named restore refers to the list of Amazon Web Services accounts + // that have permission to copy or restore the manual DB cluster snapshot. For + // more information, see the ModifyDBSnapshotAttribute API action. AttributeName *string `type:"string"` // The value or values for the manual DB snapshot attribute. // // If the AttributeName field is set to restore, then this element returns a - // list of IDs of the AWS accounts that are authorized to copy or restore the - // manual DB snapshot. If a value of all is in the list, then the manual DB - // snapshot is public and available for any AWS account to copy or restore. + // list of IDs of the Amazon Web Services accounts that are authorized to copy + // or restore the manual DB snapshot. If a value of all is in the list, then + // the manual DB snapshot is public and available for any Amazon Web Services + // account to copy or restore. AttributeValues []*string `locationNameList:"AttributeValue" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSnapshotAttribute) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSnapshotAttribute) GoString() string { return s.String() } @@ -24189,9 +33628,9 @@ func (s *DBSnapshotAttribute) SetAttributeValues(v []*string) *DBSnapshotAttribu // Contains the results of a successful call to the DescribeDBSnapshotAttributes // API action. // -// Manual DB snapshot attributes are used to authorize other AWS accounts to -// copy or restore a manual DB snapshot. For more information, see the ModifyDBSnapshotAttribute -// API action. +// Manual DB snapshot attributes are used to authorize other Amazon Web Services +// accounts to copy or restore a manual DB snapshot. For more information, see +// the ModifyDBSnapshotAttribute API action. type DBSnapshotAttributesResult struct { _ struct{} `type:"structure"` @@ -24202,12 +33641,20 @@ type DBSnapshotAttributesResult struct { DBSnapshotIdentifier *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSnapshotAttributesResult) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSnapshotAttributesResult) GoString() string { return s.String() } @@ -24224,6 +33671,149 @@ func (s *DBSnapshotAttributesResult) SetDBSnapshotIdentifier(v string) *DBSnapsh return s } +// Contains the details of a tenant database in a snapshot of a DB instance. +type DBSnapshotTenantDatabase struct { + _ struct{} `type:"structure"` + + // The name of the character set of a tenant database. + CharacterSetName *string `type:"string"` + + // The ID for the DB instance that contains the tenant databases. + DBInstanceIdentifier *string `type:"string"` + + // The identifier for the snapshot of the DB instance. + DBSnapshotIdentifier *string `type:"string"` + + // The Amazon Resource Name (ARN) for the snapshot tenant database. + DBSnapshotTenantDatabaseARN *string `type:"string"` + + // The resource identifier of the source CDB instance. This identifier can't + // be changed and is unique to an Amazon Web Services Region. + DbiResourceId *string `type:"string"` + + // The name of the database engine. + EngineName *string `type:"string"` + + // The master username of the tenant database. + MasterUsername *string `type:"string"` + + // The NCHAR character set name of the tenant database. + NcharCharacterSetName *string `type:"string"` + + // The type of DB snapshot. + SnapshotType *string `type:"string"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + TagList []*Tag `locationNameList:"Tag" type:"list"` + + // The name of the tenant database. + TenantDBName *string `type:"string"` + + // The time the DB snapshot was taken, specified in Coordinated Universal Time + // (UTC). If you copy the snapshot, the creation time changes. + TenantDatabaseCreateTime *time.Time `type:"timestamp"` + + // The resource ID of the tenant database. + TenantDatabaseResourceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBSnapshotTenantDatabase) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DBSnapshotTenantDatabase) GoString() string { + return s.String() +} + +// SetCharacterSetName sets the CharacterSetName field's value. +func (s *DBSnapshotTenantDatabase) SetCharacterSetName(v string) *DBSnapshotTenantDatabase { + s.CharacterSetName = &v + return s +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *DBSnapshotTenantDatabase) SetDBInstanceIdentifier(v string) *DBSnapshotTenantDatabase { + s.DBInstanceIdentifier = &v + return s +} + +// SetDBSnapshotIdentifier sets the DBSnapshotIdentifier field's value. +func (s *DBSnapshotTenantDatabase) SetDBSnapshotIdentifier(v string) *DBSnapshotTenantDatabase { + s.DBSnapshotIdentifier = &v + return s +} + +// SetDBSnapshotTenantDatabaseARN sets the DBSnapshotTenantDatabaseARN field's value. +func (s *DBSnapshotTenantDatabase) SetDBSnapshotTenantDatabaseARN(v string) *DBSnapshotTenantDatabase { + s.DBSnapshotTenantDatabaseARN = &v + return s +} + +// SetDbiResourceId sets the DbiResourceId field's value. +func (s *DBSnapshotTenantDatabase) SetDbiResourceId(v string) *DBSnapshotTenantDatabase { + s.DbiResourceId = &v + return s +} + +// SetEngineName sets the EngineName field's value. +func (s *DBSnapshotTenantDatabase) SetEngineName(v string) *DBSnapshotTenantDatabase { + s.EngineName = &v + return s +} + +// SetMasterUsername sets the MasterUsername field's value. +func (s *DBSnapshotTenantDatabase) SetMasterUsername(v string) *DBSnapshotTenantDatabase { + s.MasterUsername = &v + return s +} + +// SetNcharCharacterSetName sets the NcharCharacterSetName field's value. +func (s *DBSnapshotTenantDatabase) SetNcharCharacterSetName(v string) *DBSnapshotTenantDatabase { + s.NcharCharacterSetName = &v + return s +} + +// SetSnapshotType sets the SnapshotType field's value. +func (s *DBSnapshotTenantDatabase) SetSnapshotType(v string) *DBSnapshotTenantDatabase { + s.SnapshotType = &v + return s +} + +// SetTagList sets the TagList field's value. +func (s *DBSnapshotTenantDatabase) SetTagList(v []*Tag) *DBSnapshotTenantDatabase { + s.TagList = v + return s +} + +// SetTenantDBName sets the TenantDBName field's value. +func (s *DBSnapshotTenantDatabase) SetTenantDBName(v string) *DBSnapshotTenantDatabase { + s.TenantDBName = &v + return s +} + +// SetTenantDatabaseCreateTime sets the TenantDatabaseCreateTime field's value. +func (s *DBSnapshotTenantDatabase) SetTenantDatabaseCreateTime(v time.Time) *DBSnapshotTenantDatabase { + s.TenantDatabaseCreateTime = &v + return s +} + +// SetTenantDatabaseResourceId sets the TenantDatabaseResourceId field's value. +func (s *DBSnapshotTenantDatabase) SetTenantDatabaseResourceId(v string) *DBSnapshotTenantDatabase { + s.TenantDatabaseResourceId = &v + return s +} + // Contains the details of an Amazon RDS DB subnet group. // // This data type is used as a response element in the DescribeDBSubnetGroups @@ -24246,16 +33836,39 @@ type DBSubnetGroup struct { // Contains a list of Subnet elements. Subnets []*Subnet `locationNameList:"Subnet" type:"list"` + // The network type of the DB subnet group. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 + // protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + SupportedNetworkTypes []*string `type:"list"` + // Provides the VpcId of the DB subnet group. VpcId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSubnetGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DBSubnetGroup) GoString() string { return s.String() } @@ -24290,36 +33903,63 @@ func (s *DBSubnetGroup) SetSubnets(v []*Subnet) *DBSubnetGroup { return s } +// SetSupportedNetworkTypes sets the SupportedNetworkTypes field's value. +func (s *DBSubnetGroup) SetSupportedNetworkTypes(v []*string) *DBSubnetGroup { + s.SupportedNetworkTypes = v + return s +} + // SetVpcId sets the VpcId field's value. func (s *DBSubnetGroup) SetVpcId(v string) *DBSubnetGroup { s.VpcId = &v return s } -type DeleteCustomAvailabilityZoneInput struct { +type DeleteBlueGreenDeploymentInput struct { _ struct{} `type:"structure"` - // The custom AZ identifier. + // The unique identifier of the blue/green deployment to delete. This parameter + // isn't case-sensitive. // - // CustomAvailabilityZoneId is a required field - CustomAvailabilityZoneId *string `type:"string" required:"true"` + // Constraints: + // + // * Must match an existing blue/green deployment identifier. + // + // BlueGreenDeploymentIdentifier is a required field + BlueGreenDeploymentIdentifier *string `min:"1" type:"string" required:"true"` + + // Specifies whether to delete the resources in the green environment. You can't + // specify this option if the blue/green deployment status (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_BlueGreenDeployment.html) + // is SWITCHOVER_COMPLETED. + DeleteTarget *bool `type:"boolean"` } -// String returns the string representation -func (s DeleteCustomAvailabilityZoneInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteBlueGreenDeploymentInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteCustomAvailabilityZoneInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteBlueGreenDeploymentInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteCustomAvailabilityZoneInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteCustomAvailabilityZoneInput"} - if s.CustomAvailabilityZoneId == nil { - invalidParams.Add(request.NewErrParamRequired("CustomAvailabilityZoneId")) +func (s *DeleteBlueGreenDeploymentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteBlueGreenDeploymentInput"} + if s.BlueGreenDeploymentIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("BlueGreenDeploymentIdentifier")) + } + if s.BlueGreenDeploymentIdentifier != nil && len(*s.BlueGreenDeploymentIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("BlueGreenDeploymentIdentifier", 1)) } if invalidParams.Len() > 0 { @@ -24328,64 +33968,111 @@ func (s *DeleteCustomAvailabilityZoneInput) Validate() error { return nil } -// SetCustomAvailabilityZoneId sets the CustomAvailabilityZoneId field's value. -func (s *DeleteCustomAvailabilityZoneInput) SetCustomAvailabilityZoneId(v string) *DeleteCustomAvailabilityZoneInput { - s.CustomAvailabilityZoneId = &v +// SetBlueGreenDeploymentIdentifier sets the BlueGreenDeploymentIdentifier field's value. +func (s *DeleteBlueGreenDeploymentInput) SetBlueGreenDeploymentIdentifier(v string) *DeleteBlueGreenDeploymentInput { + s.BlueGreenDeploymentIdentifier = &v + return s +} + +// SetDeleteTarget sets the DeleteTarget field's value. +func (s *DeleteBlueGreenDeploymentInput) SetDeleteTarget(v bool) *DeleteBlueGreenDeploymentInput { + s.DeleteTarget = &v return s } -type DeleteCustomAvailabilityZoneOutput struct { +type DeleteBlueGreenDeploymentOutput struct { _ struct{} `type:"structure"` - // A custom Availability Zone (AZ) is an on-premises AZ that is integrated with - // a VMware vSphere cluster. + // Details about a blue/green deployment. // - // For more information about RDS on VMware, see the RDS on VMware User Guide. - // (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) - CustomAvailabilityZone *CustomAvailabilityZone `type:"structure"` + // For more information, see Using Amazon RDS Blue/Green Deployments for database + // updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) + // in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments + // for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) + // in the Amazon Aurora User Guide. + BlueGreenDeployment *BlueGreenDeployment `type:"structure"` } -// String returns the string representation -func (s DeleteCustomAvailabilityZoneOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteBlueGreenDeploymentOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteCustomAvailabilityZoneOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteBlueGreenDeploymentOutput) GoString() string { return s.String() } -// SetCustomAvailabilityZone sets the CustomAvailabilityZone field's value. -func (s *DeleteCustomAvailabilityZoneOutput) SetCustomAvailabilityZone(v *CustomAvailabilityZone) *DeleteCustomAvailabilityZoneOutput { - s.CustomAvailabilityZone = v +// SetBlueGreenDeployment sets the BlueGreenDeployment field's value. +func (s *DeleteBlueGreenDeploymentOutput) SetBlueGreenDeployment(v *BlueGreenDeployment) *DeleteBlueGreenDeploymentOutput { + s.BlueGreenDeployment = v return s } -type DeleteDBClusterEndpointInput struct { +type DeleteCustomDBEngineVersionInput struct { _ struct{} `type:"structure"` - // The identifier associated with the custom endpoint. This parameter is stored - // as a lowercase string. + // The database engine. RDS Custom for Oracle supports the following values: // - // DBClusterEndpointIdentifier is a required field - DBClusterEndpointIdentifier *string `type:"string" required:"true"` + // * custom-oracle-ee + // + // * custom-oracle-ee-cdb + // + // * custom-oracle-se2 + // + // * custom-oracle-se2-cdb + // + // Engine is a required field + Engine *string `min:"1" type:"string" required:"true"` + + // The custom engine version (CEV) for your DB instance. This option is required + // for RDS Custom, but optional for Amazon RDS. The combination of Engine and + // EngineVersion is unique per customer per Amazon Web Services Region. + // + // EngineVersion is a required field + EngineVersion *string `min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s DeleteDBClusterEndpointInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDBEngineVersionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteDBClusterEndpointInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDBEngineVersionInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteDBClusterEndpointInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteDBClusterEndpointInput"} - if s.DBClusterEndpointIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("DBClusterEndpointIdentifier")) +func (s *DeleteCustomDBEngineVersionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteCustomDBEngineVersionInput"} + if s.Engine == nil { + invalidParams.Add(request.NewErrParamRequired("Engine")) + } + if s.Engine != nil && len(*s.Engine) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Engine", 1)) + } + if s.EngineVersion == nil { + invalidParams.Add(request.NewErrParamRequired("EngineVersion")) + } + if s.EngineVersion != nil && len(*s.EngineVersion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("EngineVersion", 1)) } if invalidParams.Len() > 0 { @@ -24394,245 +34081,806 @@ func (s *DeleteDBClusterEndpointInput) Validate() error { return nil } -// SetDBClusterEndpointIdentifier sets the DBClusterEndpointIdentifier field's value. -func (s *DeleteDBClusterEndpointInput) SetDBClusterEndpointIdentifier(v string) *DeleteDBClusterEndpointInput { - s.DBClusterEndpointIdentifier = &v +// SetEngine sets the Engine field's value. +func (s *DeleteCustomDBEngineVersionInput) SetEngine(v string) *DeleteCustomDBEngineVersionInput { + s.Engine = &v return s } -// This data type represents the information you need to connect to an Amazon -// Aurora DB cluster. This data type is used as a response element in the following -// actions: -// -// * CreateDBClusterEndpoint -// -// * DescribeDBClusterEndpoints -// -// * ModifyDBClusterEndpoint -// -// * DeleteDBClusterEndpoint -// -// For the data structure that represents Amazon RDS DB instance endpoints, -// see Endpoint. -type DeleteDBClusterEndpointOutput struct { +// SetEngineVersion sets the EngineVersion field's value. +func (s *DeleteCustomDBEngineVersionInput) SetEngineVersion(v string) *DeleteCustomDBEngineVersionInput { + s.EngineVersion = &v + return s +} + +// This data type is used as a response element in the action DescribeDBEngineVersions. +type DeleteCustomDBEngineVersionOutput struct { _ struct{} `type:"structure"` - // The type associated with a custom endpoint. One of: READER, WRITER, ANY. - CustomEndpointType *string `type:"string"` + // The creation time of the DB engine version. + CreateTime *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) for the endpoint. - DBClusterEndpointArn *string `type:"string"` + // JSON string that lists the installation files and parameters that RDS Custom + // uses to create a custom engine version (CEV). RDS Custom applies the patches + // in the order in which they're listed in the manifest. You can set the Oracle + // home, Oracle base, and UNIX/Linux user and group using the installation parameters. + // For more information, see JSON fields in the CEV manifest (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.preparing.html#custom-cev.preparing.manifest.fields) + // in the Amazon RDS User Guide. + CustomDBEngineVersionManifest *string `min:"1" type:"string"` - // The identifier associated with the endpoint. This parameter is stored as - // a lowercase string. - DBClusterEndpointIdentifier *string `type:"string"` + // The description of the database engine. + DBEngineDescription *string `type:"string"` - // A unique system-generated identifier for an endpoint. It remains the same - // for the whole life of the endpoint. - DBClusterEndpointResourceIdentifier *string `type:"string"` + // A value that indicates the source media provider of the AMI based on the + // usage operation. Applicable for RDS Custom for SQL Server. + DBEngineMediaType *string `type:"string"` - // The DB cluster identifier of the DB cluster associated with the endpoint. - // This parameter is stored as a lowercase string. - DBClusterIdentifier *string `type:"string"` + // The ARN of the custom engine version. + DBEngineVersionArn *string `type:"string"` - // The DNS address of the endpoint. - Endpoint *string `type:"string"` + // The description of the database engine version. + DBEngineVersionDescription *string `type:"string"` - // The type of the endpoint. One of: READER, WRITER, CUSTOM. - EndpointType *string `type:"string"` + // The name of the DB parameter group family for the database engine. + DBParameterGroupFamily *string `type:"string"` - // List of DB instance identifiers that aren't part of the custom endpoint group. - // All other eligible instances are reachable through the custom endpoint. Only - // relevant if the list of static members is empty. - ExcludedMembers []*string `type:"list"` + // The name of the Amazon S3 bucket that contains your database installation + // files. + DatabaseInstallationFilesS3BucketName *string `type:"string"` - // List of DB instance identifiers that are part of the custom endpoint group. - StaticMembers []*string `type:"list"` + // The Amazon S3 directory that contains the database installation files. If + // not specified, then no prefix is assumed. + DatabaseInstallationFilesS3Prefix *string `type:"string"` - // The current status of the endpoint. One of: creating, available, deleting, - // inactive, modifying. The inactive state applies to an endpoint that can't - // be used for a certain kind of cluster, such as a writer endpoint for a read-only - // secondary cluster in a global database. + // The default character set for new instances of this engine version, if the + // CharacterSetName parameter of the CreateDBInstance API isn't specified. + DefaultCharacterSet *CharacterSet `type:"structure"` + + // The name of the database engine. + Engine *string `type:"string"` + + // The version number of the database engine. + EngineVersion *string `type:"string"` + + // The types of logs that the database engine has available for export to CloudWatch + // Logs. + ExportableLogTypes []*string `type:"list"` + + // The EC2 image + Image *CustomDBEngineVersionAMI `type:"structure"` + + // The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter + // is required for RDS Custom, but optional for Amazon RDS. + KMSKeyId *string `type:"string"` + + // The major engine version of the CEV. + MajorEngineVersion *string `type:"string"` + + // The status of the DB engine version, either available or deprecated. Status *string `type:"string"` + + // A list of the supported CA certificate identifiers. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + SupportedCACertificateIdentifiers []*string `type:"list"` + + // A list of the character sets supported by this engine for the CharacterSetName + // parameter of the CreateDBInstance operation. + SupportedCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` + + // A list of the supported DB engine modes. + SupportedEngineModes []*string `type:"list"` + + // A list of features supported by the DB engine. + // + // The supported features vary by DB engine and DB engine version. + // + // To determine the supported features for a specific DB engine and DB engine + // version using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine --engine-version + // + // + // For example, to determine the supported features for RDS for PostgreSQL version + // 13.3 using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine postgres --engine-version 13.3 + // + // The supported features are listed under SupportedFeatureNames in the output. + SupportedFeatureNames []*string `type:"list"` + + // A list of the character sets supported by the Oracle DB engine for the NcharCharacterSetName + // parameter of the CreateDBInstance operation. + SupportedNcharCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` + + // A list of the time zones supported by this engine for the Timezone parameter + // of the CreateDBInstance action. + SupportedTimezones []*Timezone `locationNameList:"Timezone" type:"list"` + + // Indicates whether the engine version supports Babelfish for Aurora PostgreSQL. + SupportsBabelfish *bool `type:"boolean"` + + // Indicates whether the engine version supports rotating the server certificate + // without rebooting the DB instance. + SupportsCertificateRotationWithoutRestart *bool `type:"boolean"` + + // Indicates whether you can use Aurora global databases with a specific DB + // engine version. + SupportsGlobalDatabases *bool `type:"boolean"` + + // Indicates whether the DB engine version supports zero-ETL integrations with + // Amazon Redshift. + SupportsIntegrations *bool `type:"boolean"` + + // Indicates whether the DB engine version supports Aurora Limitless Database. + SupportsLimitlessDatabase *bool `type:"boolean"` + + // Indicates whether the DB engine version supports forwarding write operations + // from reader DB instances to the writer DB instance in the DB cluster. By + // default, write operations aren't allowed on reader DB instances. + // + // Valid for: Aurora DB clusters only + SupportsLocalWriteForwarding *bool `type:"boolean"` + + // Indicates whether the engine version supports exporting the log types specified + // by ExportableLogTypes to CloudWatch Logs. + SupportsLogExportsToCloudwatchLogs *bool `type:"boolean"` + + // Indicates whether you can use Aurora parallel query with a specific DB engine + // version. + SupportsParallelQuery *bool `type:"boolean"` + + // Indicates whether the database engine version supports read replicas. + SupportsReadReplica *bool `type:"boolean"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + TagList []*Tag `locationNameList:"Tag" type:"list"` + + // A list of engine versions that this database engine version can be upgraded + // to. + ValidUpgradeTarget []*UpgradeTarget `locationNameList:"UpgradeTarget" type:"list"` } -// String returns the string representation -func (s DeleteDBClusterEndpointOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDBEngineVersionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteDBClusterEndpointOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCustomDBEngineVersionOutput) GoString() string { return s.String() } -// SetCustomEndpointType sets the CustomEndpointType field's value. -func (s *DeleteDBClusterEndpointOutput) SetCustomEndpointType(v string) *DeleteDBClusterEndpointOutput { - s.CustomEndpointType = &v +// SetCreateTime sets the CreateTime field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetCreateTime(v time.Time) *DeleteCustomDBEngineVersionOutput { + s.CreateTime = &v return s } -// SetDBClusterEndpointArn sets the DBClusterEndpointArn field's value. -func (s *DeleteDBClusterEndpointOutput) SetDBClusterEndpointArn(v string) *DeleteDBClusterEndpointOutput { - s.DBClusterEndpointArn = &v +// SetCustomDBEngineVersionManifest sets the CustomDBEngineVersionManifest field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetCustomDBEngineVersionManifest(v string) *DeleteCustomDBEngineVersionOutput { + s.CustomDBEngineVersionManifest = &v return s } -// SetDBClusterEndpointIdentifier sets the DBClusterEndpointIdentifier field's value. -func (s *DeleteDBClusterEndpointOutput) SetDBClusterEndpointIdentifier(v string) *DeleteDBClusterEndpointOutput { - s.DBClusterEndpointIdentifier = &v +// SetDBEngineDescription sets the DBEngineDescription field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDBEngineDescription(v string) *DeleteCustomDBEngineVersionOutput { + s.DBEngineDescription = &v return s } -// SetDBClusterEndpointResourceIdentifier sets the DBClusterEndpointResourceIdentifier field's value. -func (s *DeleteDBClusterEndpointOutput) SetDBClusterEndpointResourceIdentifier(v string) *DeleteDBClusterEndpointOutput { - s.DBClusterEndpointResourceIdentifier = &v +// SetDBEngineMediaType sets the DBEngineMediaType field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDBEngineMediaType(v string) *DeleteCustomDBEngineVersionOutput { + s.DBEngineMediaType = &v return s } -// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. -func (s *DeleteDBClusterEndpointOutput) SetDBClusterIdentifier(v string) *DeleteDBClusterEndpointOutput { - s.DBClusterIdentifier = &v +// SetDBEngineVersionArn sets the DBEngineVersionArn field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDBEngineVersionArn(v string) *DeleteCustomDBEngineVersionOutput { + s.DBEngineVersionArn = &v return s } -// SetEndpoint sets the Endpoint field's value. -func (s *DeleteDBClusterEndpointOutput) SetEndpoint(v string) *DeleteDBClusterEndpointOutput { - s.Endpoint = &v +// SetDBEngineVersionDescription sets the DBEngineVersionDescription field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDBEngineVersionDescription(v string) *DeleteCustomDBEngineVersionOutput { + s.DBEngineVersionDescription = &v return s } -// SetEndpointType sets the EndpointType field's value. -func (s *DeleteDBClusterEndpointOutput) SetEndpointType(v string) *DeleteDBClusterEndpointOutput { - s.EndpointType = &v +// SetDBParameterGroupFamily sets the DBParameterGroupFamily field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDBParameterGroupFamily(v string) *DeleteCustomDBEngineVersionOutput { + s.DBParameterGroupFamily = &v return s } -// SetExcludedMembers sets the ExcludedMembers field's value. -func (s *DeleteDBClusterEndpointOutput) SetExcludedMembers(v []*string) *DeleteDBClusterEndpointOutput { - s.ExcludedMembers = v +// SetDatabaseInstallationFilesS3BucketName sets the DatabaseInstallationFilesS3BucketName field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDatabaseInstallationFilesS3BucketName(v string) *DeleteCustomDBEngineVersionOutput { + s.DatabaseInstallationFilesS3BucketName = &v return s } -// SetStaticMembers sets the StaticMembers field's value. -func (s *DeleteDBClusterEndpointOutput) SetStaticMembers(v []*string) *DeleteDBClusterEndpointOutput { - s.StaticMembers = v +// SetDatabaseInstallationFilesS3Prefix sets the DatabaseInstallationFilesS3Prefix field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDatabaseInstallationFilesS3Prefix(v string) *DeleteCustomDBEngineVersionOutput { + s.DatabaseInstallationFilesS3Prefix = &v return s } -// SetStatus sets the Status field's value. -func (s *DeleteDBClusterEndpointOutput) SetStatus(v string) *DeleteDBClusterEndpointOutput { - s.Status = &v +// SetDefaultCharacterSet sets the DefaultCharacterSet field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetDefaultCharacterSet(v *CharacterSet) *DeleteCustomDBEngineVersionOutput { + s.DefaultCharacterSet = v return s } -type DeleteDBClusterInput struct { - _ struct{} `type:"structure"` - - // The DB cluster identifier for the DB cluster to be deleted. This parameter - // isn't case-sensitive. - // - // Constraints: - // - // * Must match an existing DBClusterIdentifier. - // - // DBClusterIdentifier is a required field - DBClusterIdentifier *string `type:"string" required:"true"` - - // The DB cluster snapshot identifier of the new DB cluster snapshot created - // when SkipFinalSnapshot is disabled. - // - // Specifying this parameter and also skipping the creation of a final DB cluster - // snapshot with the SkipFinalShapshot parameter results in an error. - // - // Constraints: - // - // * Must be 1 to 255 letters, numbers, or hyphens. - // - // * First character must be a letter - // - // * Can't end with a hyphen or contain two consecutive hyphens - FinalDBSnapshotIdentifier *string `type:"string"` - - // A value that indicates whether to skip the creation of a final DB cluster - // snapshot before the DB cluster is deleted. If skip is specified, no DB cluster - // snapshot is created. If skip isn't specified, a DB cluster snapshot is created - // before the DB cluster is deleted. By default, skip isn't specified, and the - // DB cluster snapshot is created. By default, this parameter is disabled. - // - // You must specify a FinalDBSnapshotIdentifier parameter if SkipFinalSnapshot - // is disabled. - SkipFinalSnapshot *bool `type:"boolean"` +// SetEngine sets the Engine field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetEngine(v string) *DeleteCustomDBEngineVersionOutput { + s.Engine = &v + return s } -// String returns the string representation -func (s DeleteDBClusterInput) String() string { - return awsutil.Prettify(s) +// SetEngineVersion sets the EngineVersion field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetEngineVersion(v string) *DeleteCustomDBEngineVersionOutput { + s.EngineVersion = &v + return s } -// GoString returns the string representation -func (s DeleteDBClusterInput) GoString() string { - return s.String() +// SetExportableLogTypes sets the ExportableLogTypes field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetExportableLogTypes(v []*string) *DeleteCustomDBEngineVersionOutput { + s.ExportableLogTypes = v + return s } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteDBClusterInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteDBClusterInput"} - if s.DBClusterIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("DBClusterIdentifier")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil +// SetImage sets the Image field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetImage(v *CustomDBEngineVersionAMI) *DeleteCustomDBEngineVersionOutput { + s.Image = v + return s } -// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. -func (s *DeleteDBClusterInput) SetDBClusterIdentifier(v string) *DeleteDBClusterInput { - s.DBClusterIdentifier = &v +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetKMSKeyId(v string) *DeleteCustomDBEngineVersionOutput { + s.KMSKeyId = &v return s } -// SetFinalDBSnapshotIdentifier sets the FinalDBSnapshotIdentifier field's value. -func (s *DeleteDBClusterInput) SetFinalDBSnapshotIdentifier(v string) *DeleteDBClusterInput { - s.FinalDBSnapshotIdentifier = &v +// SetMajorEngineVersion sets the MajorEngineVersion field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetMajorEngineVersion(v string) *DeleteCustomDBEngineVersionOutput { + s.MajorEngineVersion = &v return s } -// SetSkipFinalSnapshot sets the SkipFinalSnapshot field's value. -func (s *DeleteDBClusterInput) SetSkipFinalSnapshot(v bool) *DeleteDBClusterInput { - s.SkipFinalSnapshot = &v +// SetStatus sets the Status field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetStatus(v string) *DeleteCustomDBEngineVersionOutput { + s.Status = &v return s } -type DeleteDBClusterOutput struct { - _ struct{} `type:"structure"` - - // Contains the details of an Amazon Aurora DB cluster. - // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. - DBCluster *DBCluster `type:"structure"` +// SetSupportedCACertificateIdentifiers sets the SupportedCACertificateIdentifiers field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportedCACertificateIdentifiers(v []*string) *DeleteCustomDBEngineVersionOutput { + s.SupportedCACertificateIdentifiers = v + return s } -// String returns the string representation -func (s DeleteDBClusterOutput) String() string { - return awsutil.Prettify(s) +// SetSupportedCharacterSets sets the SupportedCharacterSets field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportedCharacterSets(v []*CharacterSet) *DeleteCustomDBEngineVersionOutput { + s.SupportedCharacterSets = v + return s } -// GoString returns the string representation -func (s DeleteDBClusterOutput) GoString() string { - return s.String() +// SetSupportedEngineModes sets the SupportedEngineModes field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportedEngineModes(v []*string) *DeleteCustomDBEngineVersionOutput { + s.SupportedEngineModes = v + return s } -// SetDBCluster sets the DBCluster field's value. -func (s *DeleteDBClusterOutput) SetDBCluster(v *DBCluster) *DeleteDBClusterOutput { - s.DBCluster = v +// SetSupportedFeatureNames sets the SupportedFeatureNames field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportedFeatureNames(v []*string) *DeleteCustomDBEngineVersionOutput { + s.SupportedFeatureNames = v return s } -type DeleteDBClusterParameterGroupInput struct { +// SetSupportedNcharCharacterSets sets the SupportedNcharCharacterSets field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportedNcharCharacterSets(v []*CharacterSet) *DeleteCustomDBEngineVersionOutput { + s.SupportedNcharCharacterSets = v + return s +} + +// SetSupportedTimezones sets the SupportedTimezones field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportedTimezones(v []*Timezone) *DeleteCustomDBEngineVersionOutput { + s.SupportedTimezones = v + return s +} + +// SetSupportsBabelfish sets the SupportsBabelfish field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsBabelfish(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsBabelfish = &v + return s +} + +// SetSupportsCertificateRotationWithoutRestart sets the SupportsCertificateRotationWithoutRestart field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsCertificateRotationWithoutRestart(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsCertificateRotationWithoutRestart = &v + return s +} + +// SetSupportsGlobalDatabases sets the SupportsGlobalDatabases field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsGlobalDatabases(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsGlobalDatabases = &v + return s +} + +// SetSupportsIntegrations sets the SupportsIntegrations field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsIntegrations(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsIntegrations = &v + return s +} + +// SetSupportsLimitlessDatabase sets the SupportsLimitlessDatabase field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsLimitlessDatabase(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsLimitlessDatabase = &v + return s +} + +// SetSupportsLocalWriteForwarding sets the SupportsLocalWriteForwarding field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsLocalWriteForwarding(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsLocalWriteForwarding = &v + return s +} + +// SetSupportsLogExportsToCloudwatchLogs sets the SupportsLogExportsToCloudwatchLogs field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsLogExportsToCloudwatchLogs(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsLogExportsToCloudwatchLogs = &v + return s +} + +// SetSupportsParallelQuery sets the SupportsParallelQuery field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsParallelQuery(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsParallelQuery = &v + return s +} + +// SetSupportsReadReplica sets the SupportsReadReplica field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetSupportsReadReplica(v bool) *DeleteCustomDBEngineVersionOutput { + s.SupportsReadReplica = &v + return s +} + +// SetTagList sets the TagList field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetTagList(v []*Tag) *DeleteCustomDBEngineVersionOutput { + s.TagList = v + return s +} + +// SetValidUpgradeTarget sets the ValidUpgradeTarget field's value. +func (s *DeleteCustomDBEngineVersionOutput) SetValidUpgradeTarget(v []*UpgradeTarget) *DeleteCustomDBEngineVersionOutput { + s.ValidUpgradeTarget = v + return s +} + +type DeleteDBClusterAutomatedBackupInput struct { + _ struct{} `type:"structure"` + + // The identifier for the source DB cluster, which can't be changed and which + // is unique to an Amazon Web Services Region. + // + // DbClusterResourceId is a required field + DbClusterResourceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterAutomatedBackupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterAutomatedBackupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDBClusterAutomatedBackupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDBClusterAutomatedBackupInput"} + if s.DbClusterResourceId == nil { + invalidParams.Add(request.NewErrParamRequired("DbClusterResourceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDbClusterResourceId sets the DbClusterResourceId field's value. +func (s *DeleteDBClusterAutomatedBackupInput) SetDbClusterResourceId(v string) *DeleteDBClusterAutomatedBackupInput { + s.DbClusterResourceId = &v + return s +} + +type DeleteDBClusterAutomatedBackupOutput struct { + _ struct{} `type:"structure"` + + // An automated backup of a DB cluster. It consists of system backups, transaction + // logs, and the database cluster properties that existed at the time you deleted + // the source cluster. + DBClusterAutomatedBackup *DBClusterAutomatedBackup `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterAutomatedBackupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterAutomatedBackupOutput) GoString() string { + return s.String() +} + +// SetDBClusterAutomatedBackup sets the DBClusterAutomatedBackup field's value. +func (s *DeleteDBClusterAutomatedBackupOutput) SetDBClusterAutomatedBackup(v *DBClusterAutomatedBackup) *DeleteDBClusterAutomatedBackupOutput { + s.DBClusterAutomatedBackup = v + return s +} + +type DeleteDBClusterEndpointInput struct { + _ struct{} `type:"structure"` + + // The identifier associated with the custom endpoint. This parameter is stored + // as a lowercase string. + // + // DBClusterEndpointIdentifier is a required field + DBClusterEndpointIdentifier *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDBClusterEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDBClusterEndpointInput"} + if s.DBClusterEndpointIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBClusterEndpointIdentifier")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBClusterEndpointIdentifier sets the DBClusterEndpointIdentifier field's value. +func (s *DeleteDBClusterEndpointInput) SetDBClusterEndpointIdentifier(v string) *DeleteDBClusterEndpointInput { + s.DBClusterEndpointIdentifier = &v + return s +} + +// This data type represents the information you need to connect to an Amazon +// Aurora DB cluster. This data type is used as a response element in the following +// actions: +// +// - CreateDBClusterEndpoint +// +// - DescribeDBClusterEndpoints +// +// - ModifyDBClusterEndpoint +// +// - DeleteDBClusterEndpoint +// +// For the data structure that represents Amazon RDS DB instance endpoints, +// see Endpoint. +type DeleteDBClusterEndpointOutput struct { + _ struct{} `type:"structure"` + + // The type associated with a custom endpoint. One of: READER, WRITER, ANY. + CustomEndpointType *string `type:"string"` + + // The Amazon Resource Name (ARN) for the endpoint. + DBClusterEndpointArn *string `type:"string"` + + // The identifier associated with the endpoint. This parameter is stored as + // a lowercase string. + DBClusterEndpointIdentifier *string `type:"string"` + + // A unique system-generated identifier for an endpoint. It remains the same + // for the whole life of the endpoint. + DBClusterEndpointResourceIdentifier *string `type:"string"` + + // The DB cluster identifier of the DB cluster associated with the endpoint. + // This parameter is stored as a lowercase string. + DBClusterIdentifier *string `type:"string"` + + // The DNS address of the endpoint. + Endpoint *string `type:"string"` + + // The type of the endpoint. One of: READER, WRITER, CUSTOM. + EndpointType *string `type:"string"` + + // List of DB instance identifiers that aren't part of the custom endpoint group. + // All other eligible instances are reachable through the custom endpoint. Only + // relevant if the list of static members is empty. + ExcludedMembers []*string `type:"list"` + + // List of DB instance identifiers that are part of the custom endpoint group. + StaticMembers []*string `type:"list"` + + // The current status of the endpoint. One of: creating, available, deleting, + // inactive, modifying. The inactive state applies to an endpoint that can't + // be used for a certain kind of cluster, such as a writer endpoint for a read-only + // secondary cluster in a global database. + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterEndpointOutput) GoString() string { + return s.String() +} + +// SetCustomEndpointType sets the CustomEndpointType field's value. +func (s *DeleteDBClusterEndpointOutput) SetCustomEndpointType(v string) *DeleteDBClusterEndpointOutput { + s.CustomEndpointType = &v + return s +} + +// SetDBClusterEndpointArn sets the DBClusterEndpointArn field's value. +func (s *DeleteDBClusterEndpointOutput) SetDBClusterEndpointArn(v string) *DeleteDBClusterEndpointOutput { + s.DBClusterEndpointArn = &v + return s +} + +// SetDBClusterEndpointIdentifier sets the DBClusterEndpointIdentifier field's value. +func (s *DeleteDBClusterEndpointOutput) SetDBClusterEndpointIdentifier(v string) *DeleteDBClusterEndpointOutput { + s.DBClusterEndpointIdentifier = &v + return s +} + +// SetDBClusterEndpointResourceIdentifier sets the DBClusterEndpointResourceIdentifier field's value. +func (s *DeleteDBClusterEndpointOutput) SetDBClusterEndpointResourceIdentifier(v string) *DeleteDBClusterEndpointOutput { + s.DBClusterEndpointResourceIdentifier = &v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *DeleteDBClusterEndpointOutput) SetDBClusterIdentifier(v string) *DeleteDBClusterEndpointOutput { + s.DBClusterIdentifier = &v + return s +} + +// SetEndpoint sets the Endpoint field's value. +func (s *DeleteDBClusterEndpointOutput) SetEndpoint(v string) *DeleteDBClusterEndpointOutput { + s.Endpoint = &v + return s +} + +// SetEndpointType sets the EndpointType field's value. +func (s *DeleteDBClusterEndpointOutput) SetEndpointType(v string) *DeleteDBClusterEndpointOutput { + s.EndpointType = &v + return s +} + +// SetExcludedMembers sets the ExcludedMembers field's value. +func (s *DeleteDBClusterEndpointOutput) SetExcludedMembers(v []*string) *DeleteDBClusterEndpointOutput { + s.ExcludedMembers = v + return s +} + +// SetStaticMembers sets the StaticMembers field's value. +func (s *DeleteDBClusterEndpointOutput) SetStaticMembers(v []*string) *DeleteDBClusterEndpointOutput { + s.StaticMembers = v + return s +} + +// SetStatus sets the Status field's value. +func (s *DeleteDBClusterEndpointOutput) SetStatus(v string) *DeleteDBClusterEndpointOutput { + s.Status = &v + return s +} + +type DeleteDBClusterInput struct { + _ struct{} `type:"structure"` + + // The DB cluster identifier for the DB cluster to be deleted. This parameter + // isn't case-sensitive. + // + // Constraints: + // + // * Must match an existing DBClusterIdentifier. + // + // DBClusterIdentifier is a required field + DBClusterIdentifier *string `type:"string" required:"true"` + + // Specifies whether to remove automated backups immediately after the DB cluster + // is deleted. This parameter isn't case-sensitive. The default is to remove + // automated backups immediately after the DB cluster is deleted. + // + // You must delete automated backups for Amazon RDS Multi-AZ DB clusters. For + // more information about managing automated backups for RDS Multi-AZ DB clusters, + // see Managing automated backups (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ManagingAutomatedBackups.html). + DeleteAutomatedBackups *bool `type:"boolean"` + + // The DB cluster snapshot identifier of the new DB cluster snapshot created + // when SkipFinalSnapshot is disabled. + // + // Specifying this parameter and also skipping the creation of a final DB cluster + // snapshot with the SkipFinalShapshot parameter results in an error. + // + // Constraints: + // + // * Must be 1 to 255 letters, numbers, or hyphens. + // + // * First character must be a letter + // + // * Can't end with a hyphen or contain two consecutive hyphens + FinalDBSnapshotIdentifier *string `type:"string"` + + // Specifies whether to skip the creation of a final DB cluster snapshot before + // the DB cluster is deleted. If skip is specified, no DB cluster snapshot is + // created. If skip isn't specified, a DB cluster snapshot is created before + // the DB cluster is deleted. By default, skip isn't specified, and the DB cluster + // snapshot is created. By default, this parameter is disabled. + // + // You must specify a FinalDBSnapshotIdentifier parameter if SkipFinalSnapshot + // is disabled. + SkipFinalSnapshot *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDBClusterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDBClusterInput"} + if s.DBClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBClusterIdentifier")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *DeleteDBClusterInput) SetDBClusterIdentifier(v string) *DeleteDBClusterInput { + s.DBClusterIdentifier = &v + return s +} + +// SetDeleteAutomatedBackups sets the DeleteAutomatedBackups field's value. +func (s *DeleteDBClusterInput) SetDeleteAutomatedBackups(v bool) *DeleteDBClusterInput { + s.DeleteAutomatedBackups = &v + return s +} + +// SetFinalDBSnapshotIdentifier sets the FinalDBSnapshotIdentifier field's value. +func (s *DeleteDBClusterInput) SetFinalDBSnapshotIdentifier(v string) *DeleteDBClusterInput { + s.FinalDBSnapshotIdentifier = &v + return s +} + +// SetSkipFinalSnapshot sets the SkipFinalSnapshot field's value. +func (s *DeleteDBClusterInput) SetSkipFinalSnapshot(v bool) *DeleteDBClusterInput { + s.SkipFinalSnapshot = &v + return s +} + +type DeleteDBClusterOutput struct { + _ struct{} `type:"structure"` + + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. + DBCluster *DBCluster `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBClusterOutput) GoString() string { + return s.String() +} + +// SetDBCluster sets the DBCluster field's value. +func (s *DeleteDBClusterOutput) SetDBCluster(v *DBCluster) *DeleteDBClusterOutput { + s.DBCluster = v + return s +} + +type DeleteDBClusterParameterGroupInput struct { _ struct{} `type:"structure"` // The name of the DB cluster parameter group. @@ -24649,12 +34897,20 @@ type DeleteDBClusterParameterGroupInput struct { DBClusterParameterGroupName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterParameterGroupInput) GoString() string { return s.String() } @@ -24682,12 +34938,20 @@ type DeleteDBClusterParameterGroupOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterParameterGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterParameterGroupOutput) GoString() string { return s.String() } @@ -24704,12 +34968,20 @@ type DeleteDBClusterSnapshotInput struct { DBClusterSnapshotIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterSnapshotInput) GoString() string { return s.String() } @@ -24743,12 +35015,20 @@ type DeleteDBClusterSnapshotOutput struct { DBClusterSnapshot *DBClusterSnapshot `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBClusterSnapshotOutput) GoString() string { return s.String() } @@ -24765,19 +35045,29 @@ type DeleteDBInstanceAutomatedBackupInput struct { // The Amazon Resource Name (ARN) of the automated backups to delete, for example, // arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE. + // + // This setting doesn't apply to RDS Custom. DBInstanceAutomatedBackupsArn *string `type:"string"` // The identifier for the source DB instance, which can't be changed and which - // is unique to an AWS Region. + // is unique to an Amazon Web Services Region. DbiResourceId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceAutomatedBackupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceAutomatedBackupInput) GoString() string { return s.String() } @@ -24803,12 +35093,20 @@ type DeleteDBInstanceAutomatedBackupOutput struct { DBInstanceAutomatedBackup *DBInstanceAutomatedBackup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceAutomatedBackupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceAutomatedBackupOutput) GoString() string { return s.String() } @@ -24832,16 +35130,18 @@ type DeleteDBInstanceInput struct { // DBInstanceIdentifier is a required field DBInstanceIdentifier *string `type:"string" required:"true"` - // A value that indicates whether to remove automated backups immediately after - // the DB instance is deleted. This parameter isn't case-sensitive. The default - // is to remove automated backups immediately after the DB instance is deleted. + // Specifies whether to remove automated backups immediately after the DB instance + // is deleted. This parameter isn't case-sensitive. The default is to remove + // automated backups immediately after the DB instance is deleted. DeleteAutomatedBackups *bool `type:"boolean"` // The DBSnapshotIdentifier of the new DBSnapshot created when the SkipFinalSnapshot // parameter is disabled. // - // Specifying this parameter and also specifying to skip final DB snapshot creation - // in SkipFinalShapshot results in an error. + // If you enable this parameter and also enable SkipFinalShapshot, the command + // results in an error. + // + // This setting doesn't apply to RDS Custom. // // Constraints: // @@ -24854,27 +35154,40 @@ type DeleteDBInstanceInput struct { // * Can't be specified when deleting a read replica. FinalDBSnapshotIdentifier *string `type:"string"` - // A value that indicates whether to skip the creation of a final DB snapshot - // before the DB instance is deleted. If skip is specified, no DB snapshot is - // created. If skip isn't specified, a DB snapshot is created before the DB - // instance is deleted. By default, skip isn't specified, and the DB snapshot + // Specifies whether to skip the creation of a final DB snapshot before deleting + // the instance. If you enable this parameter, RDS doesn't create a DB snapshot. + // If you don't enable this parameter, RDS creates a DB snapshot before the + // DB instance is deleted. By default, skip isn't enabled, and the DB snapshot // is created. // - // When a DB instance is in a failure state and has a status of 'failed', 'incompatible-restore', - // or 'incompatible-network', it can only be deleted when skip is specified. + // If you don't enable this parameter, you must specify the FinalDBSnapshotIdentifier + // parameter. + // + // When a DB instance is in a failure state and has a status of failed, incompatible-restore, + // or incompatible-network, RDS can delete the instance only if you enable this + // parameter. // - // Specify skip when deleting a read replica. + // If you delete a read replica or an RDS Custom instance, you must enable this + // setting. // - // The FinalDBSnapshotIdentifier parameter must be specified if skip isn't specified. + // This setting is required for RDS Custom. SkipFinalSnapshot *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceInput) GoString() string { return s.String() } @@ -24921,16 +35234,27 @@ type DeleteDBInstanceOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBInstanceOutput) GoString() string { return s.String() } @@ -24958,12 +35282,20 @@ type DeleteDBParameterGroupInput struct { DBParameterGroupName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBParameterGroupInput) GoString() string { return s.String() } @@ -24991,16 +35323,105 @@ type DeleteDBParameterGroupOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBParameterGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBParameterGroupOutput) GoString() string { return s.String() } +type DeleteDBProxyEndpointInput struct { + _ struct{} `type:"structure"` + + // The name of the DB proxy endpoint to delete. + // + // DBProxyEndpointName is a required field + DBProxyEndpointName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBProxyEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBProxyEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDBProxyEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDBProxyEndpointInput"} + if s.DBProxyEndpointName == nil { + invalidParams.Add(request.NewErrParamRequired("DBProxyEndpointName")) + } + if s.DBProxyEndpointName != nil && len(*s.DBProxyEndpointName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBProxyEndpointName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBProxyEndpointName sets the DBProxyEndpointName field's value. +func (s *DeleteDBProxyEndpointInput) SetDBProxyEndpointName(v string) *DeleteDBProxyEndpointInput { + s.DBProxyEndpointName = &v + return s +} + +type DeleteDBProxyEndpointOutput struct { + _ struct{} `type:"structure"` + + // The data structure representing the details of the DB proxy endpoint that + // you delete. + DBProxyEndpoint *DBProxyEndpoint `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBProxyEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBProxyEndpointOutput) GoString() string { + return s.String() +} + +// SetDBProxyEndpoint sets the DBProxyEndpoint field's value. +func (s *DeleteDBProxyEndpointOutput) SetDBProxyEndpoint(v *DBProxyEndpoint) *DeleteDBProxyEndpointOutput { + s.DBProxyEndpoint = v + return s +} + type DeleteDBProxyInput struct { _ struct{} `type:"structure"` @@ -25010,12 +35431,20 @@ type DeleteDBProxyInput struct { DBProxyName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBProxyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBProxyInput) GoString() string { return s.String() } @@ -25046,12 +35475,20 @@ type DeleteDBProxyOutput struct { DBProxy *DBProxy `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBProxyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBProxyOutput) GoString() string { return s.String() } @@ -25083,12 +35520,20 @@ type DeleteDBSecurityGroupInput struct { DBSecurityGroupName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBSecurityGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBSecurityGroupInput) GoString() string { return s.String() } @@ -25116,43 +35561,59 @@ type DeleteDBSecurityGroupOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBSecurityGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBSecurityGroupOutput) GoString() string { return s.String() } -type DeleteDBSnapshotInput struct { +type DeleteDBShardGroupInput struct { _ struct{} `type:"structure"` - // The DB snapshot identifier. - // - // Constraints: Must be the name of an existing DB snapshot in the available - // state. + // Teh name of the DB shard group to delete. // - // DBSnapshotIdentifier is a required field - DBSnapshotIdentifier *string `type:"string" required:"true"` + // DBShardGroupIdentifier is a required field + DBShardGroupIdentifier *string `min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s DeleteDBSnapshotInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBShardGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteDBSnapshotInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBShardGroupInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteDBSnapshotInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteDBSnapshotInput"} - if s.DBSnapshotIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("DBSnapshotIdentifier")) +func (s *DeleteDBShardGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDBShardGroupInput"} + if s.DBShardGroupIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBShardGroupIdentifier")) + } + if s.DBShardGroupIdentifier != nil && len(*s.DBShardGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBShardGroupIdentifier", 1)) } if invalidParams.Len() > 0 { @@ -25161,74 +35622,256 @@ func (s *DeleteDBSnapshotInput) Validate() error { return nil } -// SetDBSnapshotIdentifier sets the DBSnapshotIdentifier field's value. -func (s *DeleteDBSnapshotInput) SetDBSnapshotIdentifier(v string) *DeleteDBSnapshotInput { - s.DBSnapshotIdentifier = &v +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *DeleteDBShardGroupInput) SetDBShardGroupIdentifier(v string) *DeleteDBShardGroupInput { + s.DBShardGroupIdentifier = &v return s } -type DeleteDBSnapshotOutput struct { +type DeleteDBShardGroupOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon RDS DB snapshot. + // Specifies whether to create standby instances for the DB shard group. Valid + // values are the following: // - // This data type is used as a response element in the DescribeDBSnapshots action. - DBSnapshot *DBSnapshot `type:"structure"` -} + // * 0 - Creates a single, primary DB instance for each physical shard. This + // is the default value, and the only one supported for the preview. + // + // * 1 - Creates a primary DB instance and a standby instance in a different + // Availability Zone (AZ) for each physical shard. + // + // * 2 - Creates a primary DB instance and two standby instances in different + // AZs for each physical shard. + ComputeRedundancy *int64 `type:"integer"` -// String returns the string representation -func (s DeleteDBSnapshotOutput) String() string { - return awsutil.Prettify(s) -} + // The name of the primary DB cluster for the DB shard group. + DBClusterIdentifier *string `type:"string"` -// GoString returns the string representation -func (s DeleteDBSnapshotOutput) GoString() string { - return s.String() -} + // The name of the DB shard group. + DBShardGroupIdentifier *string `min:"1" type:"string"` -// SetDBSnapshot sets the DBSnapshot field's value. -func (s *DeleteDBSnapshotOutput) SetDBSnapshot(v *DBSnapshot) *DeleteDBSnapshotOutput { - s.DBSnapshot = v - return s -} + // The Amazon Web Services Region-unique, immutable identifier for the DB shard + // group. + DBShardGroupResourceId *string `type:"string"` -type DeleteDBSubnetGroupInput struct { - _ struct{} `type:"structure"` + // The connection endpoint for the DB shard group. + Endpoint *string `type:"string"` - // The name of the database subnet group to delete. - // - // You can't delete the default subnet group. + // The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + MaxACU *float64 `type:"double"` + + // Indicates whether the DB shard group is publicly accessible. // - // Constraints: + // When the DB shard group is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB shard group's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB shard group's VPC. Access to the DB shard group is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB shard group doesn't permit it. // - // Constraints: Must match the name of an existing DBSubnetGroup. Must not be - // default. + // When the DB shard group isn't publicly accessible, it is an internal DB shard + // group with a DNS name that resolves to a private IP address. // - // Example: mySubnetgroup + // For more information, see CreateDBShardGroup. // - // DBSubnetGroupName is a required field - DBSubnetGroupName *string `type:"string" required:"true"` + // This setting is only for Aurora Limitless Database. + PubliclyAccessible *bool `type:"boolean"` + + // The status of the DB shard group. + Status *string `type:"string"` } -// String returns the string representation -func (s DeleteDBSubnetGroupInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBShardGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteDBSubnetGroupInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBShardGroupOutput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteDBSubnetGroupInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteDBSubnetGroupInput"} - if s.DBSubnetGroupName == nil { - invalidParams.Add(request.NewErrParamRequired("DBSubnetGroupName")) - } +// SetComputeRedundancy sets the ComputeRedundancy field's value. +func (s *DeleteDBShardGroupOutput) SetComputeRedundancy(v int64) *DeleteDBShardGroupOutput { + s.ComputeRedundancy = &v + return s +} - if invalidParams.Len() > 0 { - return invalidParams +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *DeleteDBShardGroupOutput) SetDBClusterIdentifier(v string) *DeleteDBShardGroupOutput { + s.DBClusterIdentifier = &v + return s +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *DeleteDBShardGroupOutput) SetDBShardGroupIdentifier(v string) *DeleteDBShardGroupOutput { + s.DBShardGroupIdentifier = &v + return s +} + +// SetDBShardGroupResourceId sets the DBShardGroupResourceId field's value. +func (s *DeleteDBShardGroupOutput) SetDBShardGroupResourceId(v string) *DeleteDBShardGroupOutput { + s.DBShardGroupResourceId = &v + return s +} + +// SetEndpoint sets the Endpoint field's value. +func (s *DeleteDBShardGroupOutput) SetEndpoint(v string) *DeleteDBShardGroupOutput { + s.Endpoint = &v + return s +} + +// SetMaxACU sets the MaxACU field's value. +func (s *DeleteDBShardGroupOutput) SetMaxACU(v float64) *DeleteDBShardGroupOutput { + s.MaxACU = &v + return s +} + +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *DeleteDBShardGroupOutput) SetPubliclyAccessible(v bool) *DeleteDBShardGroupOutput { + s.PubliclyAccessible = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *DeleteDBShardGroupOutput) SetStatus(v string) *DeleteDBShardGroupOutput { + s.Status = &v + return s +} + +type DeleteDBSnapshotInput struct { + _ struct{} `type:"structure"` + + // The DB snapshot identifier. + // + // Constraints: Must be the name of an existing DB snapshot in the available + // state. + // + // DBSnapshotIdentifier is a required field + DBSnapshotIdentifier *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBSnapshotInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBSnapshotInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDBSnapshotInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDBSnapshotInput"} + if s.DBSnapshotIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBSnapshotIdentifier")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBSnapshotIdentifier sets the DBSnapshotIdentifier field's value. +func (s *DeleteDBSnapshotInput) SetDBSnapshotIdentifier(v string) *DeleteDBSnapshotInput { + s.DBSnapshotIdentifier = &v + return s +} + +type DeleteDBSnapshotOutput struct { + _ struct{} `type:"structure"` + + // Contains the details of an Amazon RDS DB snapshot. + // + // This data type is used as a response element in the DescribeDBSnapshots action. + DBSnapshot *DBSnapshot `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBSnapshotOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBSnapshotOutput) GoString() string { + return s.String() +} + +// SetDBSnapshot sets the DBSnapshot field's value. +func (s *DeleteDBSnapshotOutput) SetDBSnapshot(v *DBSnapshot) *DeleteDBSnapshotOutput { + s.DBSnapshot = v + return s +} + +type DeleteDBSubnetGroupInput struct { + _ struct{} `type:"structure"` + + // The name of the database subnet group to delete. + // + // You can't delete the default subnet group. + // + // Constraints: Must match the name of an existing DBSubnetGroup. Must not be + // default. + // + // Example: mydbsubnetgroup + // + // DBSubnetGroupName is a required field + DBSubnetGroupName *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBSubnetGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteDBSubnetGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteDBSubnetGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteDBSubnetGroupInput"} + if s.DBSubnetGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("DBSubnetGroupName")) + } + + if invalidParams.Len() > 0 { + return invalidParams } return nil } @@ -25243,12 +35886,20 @@ type DeleteDBSubnetGroupOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBSubnetGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteDBSubnetGroupOutput) GoString() string { return s.String() } @@ -25262,12 +35913,20 @@ type DeleteEventSubscriptionInput struct { SubscriptionName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteEventSubscriptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteEventSubscriptionInput) GoString() string { return s.String() } @@ -25299,12 +35958,20 @@ type DeleteEventSubscriptionOutput struct { EventSubscription *EventSubscription `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteEventSubscriptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteEventSubscriptionOutput) GoString() string { return s.String() } @@ -25324,12 +35991,20 @@ type DeleteGlobalClusterInput struct { GlobalClusterIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteGlobalClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteGlobalClusterInput) GoString() string { return s.String() } @@ -25360,12 +36035,20 @@ type DeleteGlobalClusterOutput struct { GlobalCluster *GlobalCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteGlobalClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteGlobalClusterOutput) GoString() string { return s.String() } @@ -25376,30 +36059,41 @@ func (s *DeleteGlobalClusterOutput) SetGlobalCluster(v *GlobalCluster) *DeleteGl return s } -type DeleteInstallationMediaInput struct { +type DeleteIntegrationInput struct { _ struct{} `type:"structure"` - // The installation medium ID. + // The unique identifier of the integration. // - // InstallationMediaId is a required field - InstallationMediaId *string `type:"string" required:"true"` + // IntegrationIdentifier is a required field + IntegrationIdentifier *string `min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s DeleteInstallationMediaInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteIntegrationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteInstallationMediaInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteIntegrationInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DeleteInstallationMediaInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DeleteInstallationMediaInput"} - if s.InstallationMediaId == nil { - invalidParams.Add(request.NewErrParamRequired("InstallationMediaId")) +func (s *DeleteIntegrationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteIntegrationInput"} + if s.IntegrationIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("IntegrationIdentifier")) + } + if s.IntegrationIdentifier != nil && len(*s.IntegrationIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IntegrationIdentifier", 1)) } if invalidParams.Len() > 0 { @@ -25408,101 +36102,149 @@ func (s *DeleteInstallationMediaInput) Validate() error { return nil } -// SetInstallationMediaId sets the InstallationMediaId field's value. -func (s *DeleteInstallationMediaInput) SetInstallationMediaId(v string) *DeleteInstallationMediaInput { - s.InstallationMediaId = &v +// SetIntegrationIdentifier sets the IntegrationIdentifier field's value. +func (s *DeleteIntegrationInput) SetIntegrationIdentifier(v string) *DeleteIntegrationInput { + s.IntegrationIdentifier = &v return s } -// Contains the installation media for a DB engine that requires an on-premises -// customer provided license, such as Microsoft SQL Server. -type DeleteInstallationMediaOutput struct { +// A zero-ETL integration with Amazon Redshift. +type DeleteIntegrationOutput struct { _ struct{} `type:"structure"` - // The custom Availability Zone (AZ) that contains the installation media. - CustomAvailabilityZoneId *string `type:"string"` + // The encryption context for the integration. For more information, see Encryption + // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Amazon Web Services Key Management Service Developer Guide. + AdditionalEncryptionContext map[string]*string `type:"map"` - // The DB engine. - Engine *string `type:"string"` + // The time when the integration was created, in Universal Coordinated Time + // (UTC). + CreateTime *time.Time `type:"timestamp"` - // The path to the installation medium for the DB engine. - EngineInstallationMediaPath *string `type:"string"` + // Data filters for the integration. These filters determine which tables from + // the source database are sent to the target Amazon Redshift data warehouse. + DataFilter *string `min:"1" type:"string"` - // The engine version of the DB engine. - EngineVersion *string `type:"string"` + // A description of the integration. + Description *string `type:"string"` - // If an installation media failure occurred, the cause of the failure. - FailureCause *InstallationMediaFailureCause `type:"structure"` + // Any errors associated with the integration. + Errors []*IntegrationError `locationNameList:"IntegrationError" type:"list"` - // The installation medium ID. - InstallationMediaId *string `type:"string"` + // The ARN of the integration. + IntegrationArn *string `min:"1" type:"string"` - // The path to the installation medium for the operating system associated with - // the DB engine. - OSInstallationMediaPath *string `type:"string"` + // The name of the integration. + IntegrationName *string `min:"1" type:"string"` - // The status of the installation medium. - Status *string `type:"string"` + // The Amazon Web Services Key Management System (Amazon Web Services KMS) key + // identifier for the key used to to encrypt the integration. + KMSKeyId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the database used as the source for replication. + SourceArn *string `min:"1" type:"string"` + + // The current status of the integration. + Status *string `type:"string" enum:"IntegrationStatus"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // The ARN of the Redshift data warehouse used as the target for replication. + TargetArn *string `min:"20" type:"string"` } -// String returns the string representation -func (s DeleteInstallationMediaOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteIntegrationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DeleteInstallationMediaOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteIntegrationOutput) GoString() string { return s.String() } -// SetCustomAvailabilityZoneId sets the CustomAvailabilityZoneId field's value. -func (s *DeleteInstallationMediaOutput) SetCustomAvailabilityZoneId(v string) *DeleteInstallationMediaOutput { - s.CustomAvailabilityZoneId = &v +// SetAdditionalEncryptionContext sets the AdditionalEncryptionContext field's value. +func (s *DeleteIntegrationOutput) SetAdditionalEncryptionContext(v map[string]*string) *DeleteIntegrationOutput { + s.AdditionalEncryptionContext = v return s } -// SetEngine sets the Engine field's value. -func (s *DeleteInstallationMediaOutput) SetEngine(v string) *DeleteInstallationMediaOutput { - s.Engine = &v +// SetCreateTime sets the CreateTime field's value. +func (s *DeleteIntegrationOutput) SetCreateTime(v time.Time) *DeleteIntegrationOutput { + s.CreateTime = &v return s } -// SetEngineInstallationMediaPath sets the EngineInstallationMediaPath field's value. -func (s *DeleteInstallationMediaOutput) SetEngineInstallationMediaPath(v string) *DeleteInstallationMediaOutput { - s.EngineInstallationMediaPath = &v +// SetDataFilter sets the DataFilter field's value. +func (s *DeleteIntegrationOutput) SetDataFilter(v string) *DeleteIntegrationOutput { + s.DataFilter = &v return s } -// SetEngineVersion sets the EngineVersion field's value. -func (s *DeleteInstallationMediaOutput) SetEngineVersion(v string) *DeleteInstallationMediaOutput { - s.EngineVersion = &v +// SetDescription sets the Description field's value. +func (s *DeleteIntegrationOutput) SetDescription(v string) *DeleteIntegrationOutput { + s.Description = &v return s } -// SetFailureCause sets the FailureCause field's value. -func (s *DeleteInstallationMediaOutput) SetFailureCause(v *InstallationMediaFailureCause) *DeleteInstallationMediaOutput { - s.FailureCause = v +// SetErrors sets the Errors field's value. +func (s *DeleteIntegrationOutput) SetErrors(v []*IntegrationError) *DeleteIntegrationOutput { + s.Errors = v + return s +} + +// SetIntegrationArn sets the IntegrationArn field's value. +func (s *DeleteIntegrationOutput) SetIntegrationArn(v string) *DeleteIntegrationOutput { + s.IntegrationArn = &v return s } -// SetInstallationMediaId sets the InstallationMediaId field's value. -func (s *DeleteInstallationMediaOutput) SetInstallationMediaId(v string) *DeleteInstallationMediaOutput { - s.InstallationMediaId = &v +// SetIntegrationName sets the IntegrationName field's value. +func (s *DeleteIntegrationOutput) SetIntegrationName(v string) *DeleteIntegrationOutput { + s.IntegrationName = &v return s } -// SetOSInstallationMediaPath sets the OSInstallationMediaPath field's value. -func (s *DeleteInstallationMediaOutput) SetOSInstallationMediaPath(v string) *DeleteInstallationMediaOutput { - s.OSInstallationMediaPath = &v +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *DeleteIntegrationOutput) SetKMSKeyId(v string) *DeleteIntegrationOutput { + s.KMSKeyId = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *DeleteIntegrationOutput) SetSourceArn(v string) *DeleteIntegrationOutput { + s.SourceArn = &v return s } // SetStatus sets the Status field's value. -func (s *DeleteInstallationMediaOutput) SetStatus(v string) *DeleteInstallationMediaOutput { +func (s *DeleteIntegrationOutput) SetStatus(v string) *DeleteIntegrationOutput { s.Status = &v return s } +// SetTags sets the Tags field's value. +func (s *DeleteIntegrationOutput) SetTags(v []*Tag) *DeleteIntegrationOutput { + s.Tags = v + return s +} + +// SetTargetArn sets the TargetArn field's value. +func (s *DeleteIntegrationOutput) SetTargetArn(v string) *DeleteIntegrationOutput { + s.TargetArn = &v + return s +} + type DeleteOptionGroupInput struct { _ struct{} `type:"structure"` @@ -25514,12 +36256,20 @@ type DeleteOptionGroupInput struct { OptionGroupName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteOptionGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteOptionGroupInput) GoString() string { return s.String() } @@ -25547,16 +36297,146 @@ type DeleteOptionGroupOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteOptionGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteOptionGroupOutput) GoString() string { return s.String() } +type DeleteTenantDatabaseInput struct { + _ struct{} `type:"structure"` + + // The user-supplied identifier for the DB instance that contains the tenant + // database that you want to delete. + // + // DBInstanceIdentifier is a required field + DBInstanceIdentifier *string `type:"string" required:"true"` + + // The DBSnapshotIdentifier of the new DBSnapshot created when the SkipFinalSnapshot + // parameter is disabled. + // + // If you enable this parameter and also enable SkipFinalShapshot, the command + // results in an error. + FinalDBSnapshotIdentifier *string `type:"string"` + + // Specifies whether to skip the creation of a final DB snapshot before removing + // the tenant database from your DB instance. If you enable this parameter, + // RDS doesn't create a DB snapshot. If you don't enable this parameter, RDS + // creates a DB snapshot before it deletes the tenant database. By default, + // RDS doesn't skip the final snapshot. If you don't enable this parameter, + // you must specify the FinalDBSnapshotIdentifier parameter. + SkipFinalSnapshot *bool `type:"boolean"` + + // The user-supplied name of the tenant database that you want to remove from + // your DB instance. Amazon RDS deletes the tenant database with this name. + // This parameter isn’t case-sensitive. + // + // TenantDBName is a required field + TenantDBName *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTenantDatabaseInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTenantDatabaseInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTenantDatabaseInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTenantDatabaseInput"} + if s.DBInstanceIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) + } + if s.TenantDBName == nil { + invalidParams.Add(request.NewErrParamRequired("TenantDBName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *DeleteTenantDatabaseInput) SetDBInstanceIdentifier(v string) *DeleteTenantDatabaseInput { + s.DBInstanceIdentifier = &v + return s +} + +// SetFinalDBSnapshotIdentifier sets the FinalDBSnapshotIdentifier field's value. +func (s *DeleteTenantDatabaseInput) SetFinalDBSnapshotIdentifier(v string) *DeleteTenantDatabaseInput { + s.FinalDBSnapshotIdentifier = &v + return s +} + +// SetSkipFinalSnapshot sets the SkipFinalSnapshot field's value. +func (s *DeleteTenantDatabaseInput) SetSkipFinalSnapshot(v bool) *DeleteTenantDatabaseInput { + s.SkipFinalSnapshot = &v + return s +} + +// SetTenantDBName sets the TenantDBName field's value. +func (s *DeleteTenantDatabaseInput) SetTenantDBName(v string) *DeleteTenantDatabaseInput { + s.TenantDBName = &v + return s +} + +type DeleteTenantDatabaseOutput struct { + _ struct{} `type:"structure"` + + // A tenant database in the DB instance. This data type is an element in the + // response to the DescribeTenantDatabases action. + TenantDatabase *TenantDatabase `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTenantDatabaseOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTenantDatabaseOutput) GoString() string { + return s.String() +} + +// SetTenantDatabase sets the TenantDatabase field's value. +func (s *DeleteTenantDatabaseOutput) SetTenantDatabase(v *TenantDatabase) *DeleteTenantDatabaseOutput { + s.TenantDatabase = v + return s +} + type DeregisterDBProxyTargetsInput struct { _ struct{} `type:"structure"` @@ -25575,12 +36455,20 @@ type DeregisterDBProxyTargetsInput struct { TargetGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeregisterDBProxyTargetsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeregisterDBProxyTargetsInput) GoString() string { return s.String() } @@ -25626,12 +36514,20 @@ type DeregisterDBProxyTargetsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeregisterDBProxyTargetsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeregisterDBProxyTargetsOutput) GoString() string { return s.String() } @@ -25640,12 +36536,20 @@ type DescribeAccountAttributesInput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAccountAttributesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAccountAttributesInput) GoString() string { return s.String() } @@ -25659,12 +36563,20 @@ type DescribeAccountAttributesOutput struct { AccountQuotas []*AccountQuota `locationNameList:"AccountQuota" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAccountAttributesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeAccountAttributesOutput) GoString() string { return s.String() } @@ -25675,6 +36587,168 @@ func (s *DescribeAccountAttributesOutput) SetAccountQuotas(v []*AccountQuota) *D return s } +type DescribeBlueGreenDeploymentsInput struct { + _ struct{} `type:"structure"` + + // The blue/green deployment identifier. If you specify this parameter, the + // response only includes information about the specific blue/green deployment. + // This parameter isn't case-sensitive. + // + // Constraints: + // + // * Must match an existing blue/green deployment identifier. + BlueGreenDeploymentIdentifier *string `min:"1" type:"string"` + + // A filter that specifies one or more blue/green deployments to describe. + // + // Valid Values: + // + // * blue-green-deployment-identifier - Accepts system-generated identifiers + // for blue/green deployments. The results list only includes information + // about the blue/green deployments with the specified identifiers. + // + // * blue-green-deployment-name - Accepts user-supplied names for blue/green + // deployments. The results list only includes information about the blue/green + // deployments with the specified names. + // + // * source - Accepts source databases for a blue/green deployment. The results + // list only includes information about the blue/green deployments with the + // specified source databases. + // + // * target - Accepts target databases for a blue/green deployment. The results + // list only includes information about the blue/green deployments with the + // specified target databases. + Filters []*Filter `locationNameList:"Filter" type:"list"` + + // An optional pagination token provided by a previous DescribeBlueGreenDeployments + // request. If you specify this parameter, the response only includes records + // beyond the marker, up to the value specified by MaxRecords. + Marker *string `type:"string"` + + // The maximum number of records to include in the response. If more records + // exist than the specified MaxRecords value, a pagination token called a marker + // is included in the response so you can retrieve the remaining results. + // + // Default: 100 + // + // Constraints: + // + // * Must be a minimum of 20. + // + // * Can't exceed 100. + MaxRecords *int64 `min:"20" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeBlueGreenDeploymentsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeBlueGreenDeploymentsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeBlueGreenDeploymentsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeBlueGreenDeploymentsInput"} + if s.BlueGreenDeploymentIdentifier != nil && len(*s.BlueGreenDeploymentIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("BlueGreenDeploymentIdentifier", 1)) + } + if s.MaxRecords != nil && *s.MaxRecords < 20 { + invalidParams.Add(request.NewErrParamMinValue("MaxRecords", 20)) + } + if s.Filters != nil { + for i, v := range s.Filters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBlueGreenDeploymentIdentifier sets the BlueGreenDeploymentIdentifier field's value. +func (s *DescribeBlueGreenDeploymentsInput) SetBlueGreenDeploymentIdentifier(v string) *DescribeBlueGreenDeploymentsInput { + s.BlueGreenDeploymentIdentifier = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeBlueGreenDeploymentsInput) SetFilters(v []*Filter) *DescribeBlueGreenDeploymentsInput { + s.Filters = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeBlueGreenDeploymentsInput) SetMarker(v string) *DescribeBlueGreenDeploymentsInput { + s.Marker = &v + return s +} + +// SetMaxRecords sets the MaxRecords field's value. +func (s *DescribeBlueGreenDeploymentsInput) SetMaxRecords(v int64) *DescribeBlueGreenDeploymentsInput { + s.MaxRecords = &v + return s +} + +type DescribeBlueGreenDeploymentsOutput struct { + _ struct{} `type:"structure"` + + // A list of blue/green deployments in the current account and Amazon Web Services + // Region. + BlueGreenDeployments []*BlueGreenDeployment `type:"list"` + + // A pagination token that can be used in a later DescribeBlueGreenDeployments + // request. + Marker *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeBlueGreenDeploymentsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeBlueGreenDeploymentsOutput) GoString() string { + return s.String() +} + +// SetBlueGreenDeployments sets the BlueGreenDeployments field's value. +func (s *DescribeBlueGreenDeploymentsOutput) SetBlueGreenDeployments(v []*BlueGreenDeployment) *DescribeBlueGreenDeploymentsOutput { + s.BlueGreenDeployments = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeBlueGreenDeploymentsOutput) SetMarker(v string) *DescribeBlueGreenDeploymentsOutput { + s.Marker = &v + return s +} + type DescribeCertificatesInput struct { _ struct{} `type:"structure"` @@ -25705,12 +36779,20 @@ type DescribeCertificatesInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeCertificatesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeCertificatesInput) GoString() string { return s.String() } @@ -25763,21 +36845,35 @@ func (s *DescribeCertificatesInput) SetMaxRecords(v int64) *DescribeCertificates type DescribeCertificatesOutput struct { _ struct{} `type:"structure"` - // The list of Certificate objects for the AWS account. + // The list of Certificate objects for the Amazon Web Services account. Certificates []*Certificate `locationNameList:"Certificate" type:"list"` + // The default root CA for new databases created by your Amazon Web Services + // account. This is either the root CA override set on your Amazon Web Services + // account or the system default CA for the Region if no override exists. To + // override the default CA, use the ModifyCertificates operation. + DefaultCertificateForNewLaunches *string `type:"string"` + // An optional pagination token provided by a previous DescribeCertificates // request. If this parameter is specified, the response includes only records // beyond the marker, up to the value specified by MaxRecords . Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeCertificatesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeCertificatesOutput) GoString() string { return s.String() } @@ -25788,50 +36884,82 @@ func (s *DescribeCertificatesOutput) SetCertificates(v []*Certificate) *Describe return s } +// SetDefaultCertificateForNewLaunches sets the DefaultCertificateForNewLaunches field's value. +func (s *DescribeCertificatesOutput) SetDefaultCertificateForNewLaunches(v string) *DescribeCertificatesOutput { + s.DefaultCertificateForNewLaunches = &v + return s +} + // SetMarker sets the Marker field's value. func (s *DescribeCertificatesOutput) SetMarker(v string) *DescribeCertificatesOutput { s.Marker = &v return s } -type DescribeCustomAvailabilityZonesInput struct { +type DescribeDBClusterAutomatedBackupsInput struct { _ struct{} `type:"structure"` - // The custom AZ identifier. If this parameter is specified, information from - // only the specific custom AZ is returned. - CustomAvailabilityZoneId *string `type:"string"` + // (Optional) The user-supplied DB cluster identifier. If this parameter is + // specified, it must match the identifier of an existing DB cluster. It returns + // information from the specific DB cluster's automated backup. This parameter + // isn't case-sensitive. + DBClusterIdentifier *string `type:"string"` - // A filter that specifies one or more custom AZs to describe. + // The resource ID of the DB cluster that is the source of the automated backup. + // This parameter isn't case-sensitive. + DbClusterResourceId *string `type:"string"` + + // A filter that specifies which resources to return based on status. + // + // Supported filters are the following: + // + // * status retained - Automated backups for deleted clusters and after backup + // replication is stopped. + // + // * db-cluster-id - Accepts DB cluster identifiers and Amazon Resource Names + // (ARNs). The results list includes only information about the DB cluster + // automated backups identified by these ARNs. + // + // * db-cluster-resource-id - Accepts DB resource identifiers and Amazon + // Resource Names (ARNs). The results list includes only information about + // the DB cluster resources identified by these ARNs. + // + // Returns all resources by default. The status for each resource is specified + // in the response. Filters []*Filter `locationNameList:"Filter" type:"list"` - // An optional pagination token provided by a previous DescribeCustomAvailabilityZones - // request. If this parameter is specified, the response includes only records - // beyond the marker, up to the value specified by MaxRecords. + // The pagination token provided in the previous request. If this parameter + // is specified the response includes only records beyond the marker, up to + // MaxRecords. Marker *string `type:"string"` // The maximum number of records to include in the response. If more records // exist than the specified MaxRecords value, a pagination token called a marker - // is included in the response so you can retrieve the remaining results. - // - // Default: 100 - // - // Constraints: Minimum 20, maximum 100. + // is included in the response so that you can retrieve the remaining results. MaxRecords *int64 `type:"integer"` } -// String returns the string representation -func (s DescribeCustomAvailabilityZonesInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBClusterAutomatedBackupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeCustomAvailabilityZonesInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBClusterAutomatedBackupsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeCustomAvailabilityZonesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeCustomAvailabilityZonesInput"} +func (s *DescribeDBClusterAutomatedBackupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDBClusterAutomatedBackupsInput"} if s.Filters != nil { for i, v := range s.Filters { if v == nil { @@ -25849,60 +36977,74 @@ func (s *DescribeCustomAvailabilityZonesInput) Validate() error { return nil } -// SetCustomAvailabilityZoneId sets the CustomAvailabilityZoneId field's value. -func (s *DescribeCustomAvailabilityZonesInput) SetCustomAvailabilityZoneId(v string) *DescribeCustomAvailabilityZonesInput { - s.CustomAvailabilityZoneId = &v +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *DescribeDBClusterAutomatedBackupsInput) SetDBClusterIdentifier(v string) *DescribeDBClusterAutomatedBackupsInput { + s.DBClusterIdentifier = &v + return s +} + +// SetDbClusterResourceId sets the DbClusterResourceId field's value. +func (s *DescribeDBClusterAutomatedBackupsInput) SetDbClusterResourceId(v string) *DescribeDBClusterAutomatedBackupsInput { + s.DbClusterResourceId = &v return s } // SetFilters sets the Filters field's value. -func (s *DescribeCustomAvailabilityZonesInput) SetFilters(v []*Filter) *DescribeCustomAvailabilityZonesInput { +func (s *DescribeDBClusterAutomatedBackupsInput) SetFilters(v []*Filter) *DescribeDBClusterAutomatedBackupsInput { s.Filters = v return s } // SetMarker sets the Marker field's value. -func (s *DescribeCustomAvailabilityZonesInput) SetMarker(v string) *DescribeCustomAvailabilityZonesInput { +func (s *DescribeDBClusterAutomatedBackupsInput) SetMarker(v string) *DescribeDBClusterAutomatedBackupsInput { s.Marker = &v return s } // SetMaxRecords sets the MaxRecords field's value. -func (s *DescribeCustomAvailabilityZonesInput) SetMaxRecords(v int64) *DescribeCustomAvailabilityZonesInput { +func (s *DescribeDBClusterAutomatedBackupsInput) SetMaxRecords(v int64) *DescribeDBClusterAutomatedBackupsInput { s.MaxRecords = &v return s } -type DescribeCustomAvailabilityZonesOutput struct { +type DescribeDBClusterAutomatedBackupsOutput struct { _ struct{} `type:"structure"` - // The list of CustomAvailabilityZone objects for the AWS account. - CustomAvailabilityZones []*CustomAvailabilityZone `locationNameList:"CustomAvailabilityZone" type:"list"` + // A list of DBClusterAutomatedBackup backups. + DBClusterAutomatedBackups []*DBClusterAutomatedBackup `locationNameList:"DBClusterAutomatedBackup" type:"list"` - // An optional pagination token provided by a previous DescribeCustomAvailabilityZones - // request. If this parameter is specified, the response includes only records - // beyond the marker, up to the value specified by MaxRecords. + // The pagination token provided in the previous request. If this parameter + // is specified the response includes only records beyond the marker, up to + // MaxRecords. Marker *string `type:"string"` } -// String returns the string representation -func (s DescribeCustomAvailabilityZonesOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBClusterAutomatedBackupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeCustomAvailabilityZonesOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBClusterAutomatedBackupsOutput) GoString() string { return s.String() } -// SetCustomAvailabilityZones sets the CustomAvailabilityZones field's value. -func (s *DescribeCustomAvailabilityZonesOutput) SetCustomAvailabilityZones(v []*CustomAvailabilityZone) *DescribeCustomAvailabilityZonesOutput { - s.CustomAvailabilityZones = v +// SetDBClusterAutomatedBackups sets the DBClusterAutomatedBackups field's value. +func (s *DescribeDBClusterAutomatedBackupsOutput) SetDBClusterAutomatedBackups(v []*DBClusterAutomatedBackup) *DescribeDBClusterAutomatedBackupsOutput { + s.DBClusterAutomatedBackups = v return s } // SetMarker sets the Marker field's value. -func (s *DescribeCustomAvailabilityZonesOutput) SetMarker(v string) *DescribeCustomAvailabilityZonesOutput { +func (s *DescribeDBClusterAutomatedBackupsOutput) SetMarker(v string) *DescribeDBClusterAutomatedBackupsOutput { s.Marker = &v return s } @@ -25916,8 +37058,7 @@ type DescribeDBClusterBacktracksInput struct { // Constraints: // // * Must contain a valid universally unique identifier (UUID). For more - // information about UUIDs, see A Universally Unique Identifier (UUID) URN - // Namespace (http://www.ietf.org/rfc/rfc4122.txt). + // information about UUIDs, see Universally unique identifier (https://en.wikipedia.org/wiki/Universally_unique_identifier). // // Example: 123e4567-e89b-12d3-a456-426655440000 BacktrackIdentifier *string `type:"string"` @@ -25965,12 +37106,20 @@ type DescribeDBClusterBacktracksInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterBacktracksInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterBacktracksInput) GoString() string { return s.String() } @@ -26041,12 +37190,20 @@ type DescribeDBClusterBacktracksOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterBacktracksOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterBacktracksOutput) GoString() string { return s.String() } @@ -26098,12 +37255,20 @@ type DescribeDBClusterEndpointsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterEndpointsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterEndpointsInput) GoString() string { return s.String() } @@ -26171,12 +37336,20 @@ type DescribeDBClusterEndpointsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterEndpointsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterEndpointsOutput) GoString() string { return s.String() } @@ -26221,12 +37394,20 @@ type DescribeDBClusterParameterGroupsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParameterGroupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParameterGroupsInput) GoString() string { return s.String() } @@ -26287,12 +37468,20 @@ type DescribeDBClusterParameterGroupsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParameterGroupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParameterGroupsOutput) GoString() string { return s.String() } @@ -26339,17 +37528,32 @@ type DescribeDBClusterParametersInput struct { // Constraints: Minimum 20, maximum 100. MaxRecords *int64 `type:"integer"` - // A value that indicates to return only parameters for a specific source. Parameter - // sources can be engine, service, or customer. + // A specific source to return parameters for. + // + // Valid Values: + // + // * user + // + // * engine + // + // * service Source *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParametersInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParametersInput) GoString() string { return s.String() } @@ -26414,19 +37618,27 @@ type DescribeDBClusterParametersOutput struct { // An optional pagination token provided by a previous DescribeDBClusterParameters // request. If this parameter is specified, the response includes only records - // beyond the marker, up to the value specified by MaxRecords . + // beyond the marker, up to the value specified by MaxRecords. Marker *string `type:"string"` // Provides a list of parameters for the DB cluster parameter group. Parameters []*Parameter `locationNameList:"Parameter" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParametersOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterParametersOutput) GoString() string { return s.String() } @@ -26452,12 +37664,20 @@ type DescribeDBClusterSnapshotAttributesInput struct { DBClusterSnapshotIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotAttributesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotAttributesInput) GoString() string { return s.String() } @@ -26487,18 +37707,26 @@ type DescribeDBClusterSnapshotAttributesOutput struct { // Contains the results of a successful call to the DescribeDBClusterSnapshotAttributes // API action. // - // Manual DB cluster snapshot attributes are used to authorize other AWS accounts - // to copy or restore a manual DB cluster snapshot. For more information, see - // the ModifyDBClusterSnapshotAttribute API action. + // Manual DB cluster snapshot attributes are used to authorize other Amazon + // Web Services accounts to copy or restore a manual DB cluster snapshot. For + // more information, see the ModifyDBClusterSnapshotAttribute API action. DBClusterSnapshotAttributesResult *DBClusterSnapshotAttributesResult `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotAttributesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotAttributesOutput) GoString() string { return s.String() } @@ -26533,6 +37761,9 @@ type DescribeDBClusterSnapshotsInput struct { // must also be specified. DBClusterSnapshotIdentifier *string `type:"string"` + // A specific DB cluster resource ID to describe. + DbClusterResourceId *string `type:"string"` + // A filter that specifies one or more DB cluster snapshots to describe. // // Supported filters: @@ -26547,20 +37778,22 @@ type DescribeDBClusterSnapshotsInput struct { // * engine - Accepts names of database engines. Filters []*Filter `locationNameList:"Filter" type:"list"` - // A value that indicates whether to include manual DB cluster snapshots that - // are public and can be copied or restored by any AWS account. By default, + // Specifies whether to include manual DB cluster snapshots that are public + // and can be copied or restored by any Amazon Web Services account. By default, // the public snapshots are not included. // // You can share a manual DB cluster snapshot as public by using the ModifyDBClusterSnapshotAttribute // API action. IncludePublic *bool `type:"boolean"` - // A value that indicates whether to include shared manual DB cluster snapshots - // from other AWS accounts that this AWS account has been given permission to - // copy or restore. By default, these snapshots are not included. + // Specifies whether to include shared manual DB cluster snapshots from other + // Amazon Web Services accounts that this Amazon Web Services account has been + // given permission to copy or restore. By default, these snapshots are not + // included. // - // You can give an AWS account permission to restore a manual DB cluster snapshot - // from another AWS account by the ModifyDBClusterSnapshotAttribute API action. + // You can give an Amazon Web Services account permission to restore a manual + // DB cluster snapshot from another Amazon Web Services account by the ModifyDBClusterSnapshotAttribute + // API action. IncludeShared *bool `type:"boolean"` // An optional pagination token provided by a previous DescribeDBClusterSnapshots @@ -26581,13 +37814,13 @@ type DescribeDBClusterSnapshotsInput struct { // following values: // // * automated - Return all DB cluster snapshots that have been automatically - // taken by Amazon RDS for my AWS account. + // taken by Amazon RDS for my Amazon Web Services account. // // * manual - Return all DB cluster snapshots that have been taken by my - // AWS account. + // Amazon Web Services account. // // * shared - Return all manual DB cluster snapshots that have been shared - // to my AWS account. + // to my Amazon Web Services account. // // * public - Return all DB cluster snapshots that have been marked as public. // @@ -26604,12 +37837,20 @@ type DescribeDBClusterSnapshotsInput struct { SnapshotType *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotsInput) GoString() string { return s.String() } @@ -26646,6 +37887,12 @@ func (s *DescribeDBClusterSnapshotsInput) SetDBClusterSnapshotIdentifier(v strin return s } +// SetDbClusterResourceId sets the DbClusterResourceId field's value. +func (s *DescribeDBClusterSnapshotsInput) SetDbClusterResourceId(v string) *DescribeDBClusterSnapshotsInput { + s.DbClusterResourceId = &v + return s +} + // SetFilters sets the Filters field's value. func (s *DescribeDBClusterSnapshotsInput) SetFilters(v []*Filter) *DescribeDBClusterSnapshotsInput { s.Filters = v @@ -26696,12 +37943,20 @@ type DescribeDBClusterSnapshotsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClusterSnapshotsOutput) GoString() string { return s.String() } @@ -26721,26 +37976,40 @@ func (s *DescribeDBClusterSnapshotsOutput) SetMarker(v string) *DescribeDBCluste type DescribeDBClustersInput struct { _ struct{} `type:"structure"` - // The user-supplied DB cluster identifier. If this parameter is specified, - // information from only the specific DB cluster is returned. This parameter - // isn't case-sensitive. + // The user-supplied DB cluster identifier or the Amazon Resource Name (ARN) + // of the DB cluster. If this parameter is specified, information for only the + // specific DB cluster is returned. This parameter isn't case-sensitive. // // Constraints: // - // * If supplied, must match an existing DBClusterIdentifier. + // * If supplied, must match an existing DB cluster identifier. DBClusterIdentifier *string `type:"string"` // A filter that specifies one or more DB clusters to describe. // - // Supported filters: + // Supported Filters: + // + // * clone-group-id - Accepts clone group identifiers. The results list only + // includes information about the DB clusters associated with these clone + // groups. // // * db-cluster-id - Accepts DB cluster identifiers and DB cluster Amazon - // Resource Names (ARNs). The results list will only include information - // about the DB clusters identified by these ARNs. + // Resource Names (ARNs). The results list only includes information about + // the DB clusters identified by these ARNs. + // + // * db-cluster-resource-id - Accepts DB cluster resource identifiers. The + // results list will only include information about the DB clusters identified + // by these DB cluster resource identifiers. + // + // * domain - Accepts Active Directory directory IDs. The results list only + // includes information about the DB clusters associated with these domains. + // + // * engine - Accepts engine names. The results list only includes information + // about the DB clusters for these engines. Filters []*Filter `locationNameList:"Filter" type:"list"` - // Optional Boolean parameter that specifies whether the output includes information - // about clusters shared from other AWS accounts. + // Specifies whether the output includes information about clusters shared from + // other Amazon Web Services accounts. IncludeShared *bool `type:"boolean"` // An optional pagination token provided by a previous DescribeDBClusters request. @@ -26754,16 +38023,24 @@ type DescribeDBClustersInput struct { // // Default: 100 // - // Constraints: Minimum 20, maximum 100. + // Constraints: Minimum 20, maximum 100 MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClustersInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClustersInput) GoString() string { return s.String() } @@ -26830,12 +38107,20 @@ type DescribeDBClustersOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClustersOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBClustersOutput) GoString() string { return s.String() } @@ -26859,42 +38144,107 @@ type DescribeDBEngineVersionsInput struct { // // Constraints: // - // * If supplied, must match an existing DBParameterGroupFamily. + // * If supplied, must match an existing DB parameter group family. DBParameterGroupFamily *string `type:"string"` - // A value that indicates whether only the default version of the specified - // engine or engine and major version combination is returned. + // Specifies whether to return only the default version of the specified engine + // or the engine and major version combination. DefaultOnly *bool `type:"boolean"` - // The database engine to return. + // The database engine to return version details for. + // + // Valid Values: + // + // * aurora-mysql + // + // * aurora-postgresql + // + // * custom-oracle-ee + // + // * custom-oracle-ee-cdb + // + // * custom-oracle-se2 + // + // * custom-oracle-se2-cdb + // + // * db2-ae + // + // * db2-se + // + // * mariadb + // + // * mysql + // + // * oracle-ee + // + // * oracle-ee-cdb + // + // * oracle-se2 + // + // * oracle-se2-cdb + // + // * postgres + // + // * sqlserver-ee + // + // * sqlserver-se + // + // * sqlserver-ex + // + // * sqlserver-web Engine *string `type:"string"` - // The database engine version to return. + // A specific database engine version to return details for. // // Example: 5.1.49 EngineVersion *string `type:"string"` - // This parameter isn't currently supported. + // A filter that specifies one or more DB engine versions to describe. + // + // Supported filters: + // + // * db-parameter-group-family - Accepts parameter groups family names. The + // results list only includes information about the DB engine versions for + // these parameter group families. + // + // * engine - Accepts engine names. The results list only includes information + // about the DB engine versions for these engines. + // + // * engine-mode - Accepts DB engine modes. The results list only includes + // information about the DB engine versions for these engine modes. Valid + // DB engine modes are the following: global multimaster parallelquery provisioned + // serverless + // + // * engine-version - Accepts engine versions. The results list only includes + // information about the DB engine versions for these engine versions. + // + // * status - Accepts engine version statuses. The results list only includes + // information about the DB engine versions for these statuses. Valid statuses + // are the following: available deprecated Filters []*Filter `locationNameList:"Filter" type:"list"` - // A value that indicates whether to include engine versions that aren't available - // in the list. The default is to list only available engine versions. + // Specifies whether to also list the engine versions that aren't available. + // The default is to list only available engine versions. IncludeAll *bool `type:"boolean"` - // A value that indicates whether to list the supported character sets for each - // engine version. + // Specifies whether to list the supported character sets for each engine version. // // If this parameter is enabled and the requested engine supports the CharacterSetName // parameter for CreateDBInstance, the response includes a list of supported // character sets for each engine version. + // + // For RDS Custom, the default is not to list supported character sets. If you + // enable this parameter, RDS Custom returns no results. ListSupportedCharacterSets *bool `type:"boolean"` - // A value that indicates whether to list the supported time zones for each - // engine version. + // Specifies whether to list the supported time zones for each engine version. // // If this parameter is enabled and the requested engine supports the TimeZone // parameter for CreateDBInstance, the response includes a list of supported // time zones for each engine version. + // + // For RDS Custom, the default is not to list supported time zones. If you enable + // this parameter, RDS Custom returns no results. ListSupportedTimezones *bool `type:"boolean"` // An optional pagination token provided by a previous request. If this parameter @@ -26912,12 +38262,20 @@ type DescribeDBEngineVersionsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBEngineVersionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBEngineVersionsInput) GoString() string { return s.String() } @@ -27016,12 +38374,20 @@ type DescribeDBEngineVersionsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBEngineVersionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBEngineVersionsOutput) GoString() string { return s.String() } @@ -27044,11 +38410,13 @@ type DescribeDBInstanceAutomatedBackupsInput struct { // The Amazon Resource Name (ARN) of the replicated automated backups, for example, // arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE. + // + // This setting doesn't apply to RDS Custom. DBInstanceAutomatedBackupsArn *string `type:"string"` // (Optional) The user-supplied instance identifier. If this parameter is specified, // it must match the identifier of an existing DB instance. It returns information - // from the specific DB instance' automated backup. This parameter isn't case-sensitive. + // from the specific DB instance's automated backup. This parameter isn't case-sensitive. DBInstanceIdentifier *string `type:"string"` // The resource ID of the DB instance that is the source of the automated backup. @@ -27059,17 +38427,18 @@ type DescribeDBInstanceAutomatedBackupsInput struct { // // Supported filters are the following: // - // * status active - automated backups for current instances retained - automated - // backups for deleted instances creating - automated backups that are waiting - // for the first automated snapshot to be available + // * status active - Automated backups for current instances. creating - + // Automated backups that are waiting for the first automated snapshot to + // be available. retained - Automated backups for deleted instances and after + // backup replication is stopped. // // * db-instance-id - Accepts DB instance identifiers and Amazon Resource - // Names (ARNs) for DB instances. The results list includes only information - // about the DB instance automated backupss identified by these ARNs. + // Names (ARNs). The results list includes only information about the DB + // instance automated backups identified by these ARNs. // - // * dbi-resource-id - Accepts DB instance resource identifiers and DB Amazon - // Resource Names (ARNs) for DB instances. The results list includes only - // information about the DB instance resources identified by these ARNs. + // * dbi-resource-id - Accepts DB resource identifiers and Amazon Resource + // Names (ARNs). The results list includes only information about the DB + // instance resources identified by these ARNs. // // Returns all resources by default. The status for each resource is specified // in the response. @@ -27086,12 +38455,20 @@ type DescribeDBInstanceAutomatedBackupsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstanceAutomatedBackupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstanceAutomatedBackupsInput) GoString() string { return s.String() } @@ -27162,16 +38539,24 @@ type DescribeDBInstanceAutomatedBackupsOutput struct { // An optional pagination token provided by a previous request. If this parameter // is specified, the response includes only records beyond the marker, up to - // the value specified by MaxRecords . + // the value specified by MaxRecords. Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstanceAutomatedBackupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstanceAutomatedBackupsOutput) GoString() string { return s.String() } @@ -27191,36 +38576,35 @@ func (s *DescribeDBInstanceAutomatedBackupsOutput) SetMarker(v string) *Describe type DescribeDBInstancesInput struct { _ struct{} `type:"structure"` - // The user-supplied instance identifier. If this parameter is specified, information - // from only the specific DB instance is returned. This parameter isn't case-sensitive. + // The user-supplied instance identifier or the Amazon Resource Name (ARN) of + // the DB instance. If this parameter is specified, information from only the + // specific DB instance is returned. This parameter isn't case-sensitive. // // Constraints: // - // * If supplied, must match the identifier of an existing DBInstance. + // * If supplied, must match the identifier of an existing DB instance. DBInstanceIdentifier *string `type:"string"` // A filter that specifies one or more DB instances to describe. // - // Supported filters: + // Supported Filters: // // * db-cluster-id - Accepts DB cluster identifiers and DB cluster Amazon - // Resource Names (ARNs). The results list will only include information - // about the DB instances associated with the DB clusters identified by these - // ARNs. + // Resource Names (ARNs). The results list only includes information about + // the DB instances associated with the DB clusters identified by these ARNs. // // * db-instance-id - Accepts DB instance identifiers and DB instance Amazon - // Resource Names (ARNs). The results list will only include information - // about the DB instances identified by these ARNs. + // Resource Names (ARNs). The results list only includes information about + // the DB instances identified by these ARNs. // // * dbi-resource-id - Accepts DB instance resource identifiers. The results - // list will only include information about the DB instances identified by - // these DB instance resource identifiers. + // list only includes information about the DB instances identified by these + // DB instance resource identifiers. // - // * domain - Accepts Active Directory directory IDs. The results list will - // only include information about the DB instances associated with these - // domains. + // * domain - Accepts Active Directory directory IDs. The results list only + // includes information about the DB instances associated with these domains. // - // * engine - Accepts engine names. The results list will only include information + // * engine - Accepts engine names. The results list only includes information // about the DB instances for these engines. Filters []*Filter `locationNameList:"Filter" type:"list"` @@ -27239,12 +38623,20 @@ type DescribeDBInstancesInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstancesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstancesInput) GoString() string { return s.String() } @@ -27307,12 +38699,20 @@ type DescribeDBInstancesOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstancesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBInstancesOutput) GoString() string { return s.String() } @@ -27343,12 +38743,20 @@ type DescribeDBLogFilesDetails struct { Size *int64 `type:"long"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBLogFilesDetails) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBLogFilesDetails) GoString() string { return s.String() } @@ -27409,12 +38817,20 @@ type DescribeDBLogFilesInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBLogFilesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBLogFilesInput) GoString() string { return s.String() } @@ -27495,12 +38911,20 @@ type DescribeDBLogFilesOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBLogFilesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBLogFilesOutput) GoString() string { return s.String() } @@ -27545,12 +38969,20 @@ type DescribeDBParameterGroupsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParameterGroupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParameterGroupsInput) GoString() string { return s.String() } @@ -27613,12 +39045,20 @@ type DescribeDBParameterGroupsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParameterGroupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParameterGroupsOutput) GoString() string { return s.String() } @@ -27672,12 +39112,20 @@ type DescribeDBParametersInput struct { Source *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParametersInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParametersInput) GoString() string { return s.String() } @@ -27749,12 +39197,20 @@ type DescribeDBParametersOutput struct { Parameters []*Parameter `locationNameList:"Parameter" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParametersOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBParametersOutput) GoString() string { return s.String() } @@ -27774,7 +39230,9 @@ func (s *DescribeDBParametersOutput) SetParameters(v []*Parameter) *DescribeDBPa type DescribeDBProxiesInput struct { _ struct{} `type:"structure"` - // The name of the DB proxy. + // The name of the DB proxy. If you omit this parameter, the output includes + // information about all DB proxies owned by your Amazon Web Services account + // ID. DBProxyName *string `type:"string"` // This parameter is not currently supported. @@ -27795,12 +39253,20 @@ type DescribeDBProxiesInput struct { MaxRecords *int64 `min:"20" type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxiesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxiesInput) GoString() string { return s.String() } @@ -27864,12 +39330,20 @@ type DescribeDBProxiesOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxiesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxiesOutput) GoString() string { return s.String() } @@ -27886,6 +39360,156 @@ func (s *DescribeDBProxiesOutput) SetMarker(v string) *DescribeDBProxiesOutput { return s } +type DescribeDBProxyEndpointsInput struct { + _ struct{} `type:"structure"` + + // The name of a DB proxy endpoint to describe. If you omit this parameter, + // the output includes information about all DB proxy endpoints associated with + // the specified proxy. + DBProxyEndpointName *string `min:"1" type:"string"` + + // The name of the DB proxy whose endpoints you want to describe. If you omit + // this parameter, the output includes information about all DB proxy endpoints + // associated with all your DB proxies. + DBProxyName *string `min:"1" type:"string"` + + // This parameter is not currently supported. + Filters []*Filter `locationNameList:"Filter" type:"list"` + + // An optional pagination token provided by a previous request. If this parameter + // is specified, the response includes only records beyond the marker, up to + // the value specified by MaxRecords. + Marker *string `type:"string"` + + // The maximum number of records to include in the response. If more records + // exist than the specified MaxRecords value, a pagination token called a marker + // is included in the response so that the remaining results can be retrieved. + // + // Default: 100 + // + // Constraints: Minimum 20, maximum 100. + MaxRecords *int64 `min:"20" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBProxyEndpointsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBProxyEndpointsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDBProxyEndpointsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDBProxyEndpointsInput"} + if s.DBProxyEndpointName != nil && len(*s.DBProxyEndpointName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBProxyEndpointName", 1)) + } + if s.DBProxyName != nil && len(*s.DBProxyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBProxyName", 1)) + } + if s.MaxRecords != nil && *s.MaxRecords < 20 { + invalidParams.Add(request.NewErrParamMinValue("MaxRecords", 20)) + } + if s.Filters != nil { + for i, v := range s.Filters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBProxyEndpointName sets the DBProxyEndpointName field's value. +func (s *DescribeDBProxyEndpointsInput) SetDBProxyEndpointName(v string) *DescribeDBProxyEndpointsInput { + s.DBProxyEndpointName = &v + return s +} + +// SetDBProxyName sets the DBProxyName field's value. +func (s *DescribeDBProxyEndpointsInput) SetDBProxyName(v string) *DescribeDBProxyEndpointsInput { + s.DBProxyName = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeDBProxyEndpointsInput) SetFilters(v []*Filter) *DescribeDBProxyEndpointsInput { + s.Filters = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBProxyEndpointsInput) SetMarker(v string) *DescribeDBProxyEndpointsInput { + s.Marker = &v + return s +} + +// SetMaxRecords sets the MaxRecords field's value. +func (s *DescribeDBProxyEndpointsInput) SetMaxRecords(v int64) *DescribeDBProxyEndpointsInput { + s.MaxRecords = &v + return s +} + +type DescribeDBProxyEndpointsOutput struct { + _ struct{} `type:"structure"` + + // The list of ProxyEndpoint objects returned by the API operation. + DBProxyEndpoints []*DBProxyEndpoint `type:"list"` + + // An optional pagination token provided by a previous request. If this parameter + // is specified, the response includes only records beyond the marker, up to + // the value specified by MaxRecords. + Marker *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBProxyEndpointsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBProxyEndpointsOutput) GoString() string { + return s.String() +} + +// SetDBProxyEndpoints sets the DBProxyEndpoints field's value. +func (s *DescribeDBProxyEndpointsOutput) SetDBProxyEndpoints(v []*DBProxyEndpoint) *DescribeDBProxyEndpointsOutput { + s.DBProxyEndpoints = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBProxyEndpointsOutput) SetMarker(v string) *DescribeDBProxyEndpointsOutput { + s.Marker = &v + return s +} + type DescribeDBProxyTargetGroupsInput struct { _ struct{} `type:"structure"` @@ -27915,12 +39539,20 @@ type DescribeDBProxyTargetGroupsInput struct { TargetGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetGroupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetGroupsInput) GoString() string { return s.String() } @@ -27994,12 +39626,20 @@ type DescribeDBProxyTargetGroupsOutput struct { TargetGroups []*DBProxyTargetGroup `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetGroupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetGroupsOutput) GoString() string { return s.String() } @@ -28045,12 +39685,20 @@ type DescribeDBProxyTargetsInput struct { TargetGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetsInput) GoString() string { return s.String() } @@ -28124,12 +39772,20 @@ type DescribeDBProxyTargetsOutput struct { Targets []*DBProxyTarget `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBProxyTargetsOutput) GoString() string { return s.String() } @@ -28146,6 +39802,214 @@ func (s *DescribeDBProxyTargetsOutput) SetTargets(v []*DBProxyTarget) *DescribeD return s } +type DescribeDBRecommendationsInput struct { + _ struct{} `type:"structure"` + + // A filter that specifies one or more recommendations to describe. + // + // Supported Filters: + // + // * recommendation-id - Accepts a list of recommendation identifiers. The + // results list only includes the recommendations whose identifier is one + // of the specified filter values. + // + // * status - Accepts a list of recommendation statuses. Valid values: active + // - The recommendations which are ready for you to apply. pending - The + // applied or scheduled recommendations which are in progress. resolved - + // The recommendations which are completed. dismissed - The recommendations + // that you dismissed. The results list only includes the recommendations + // whose status is one of the specified filter values. + // + // * severity - Accepts a list of recommendation severities. The results + // list only includes the recommendations whose severity is one of the specified + // filter values. Valid values: high medium low informational + // + // * type-id - Accepts a list of recommendation type identifiers. The results + // list only includes the recommendations whose type is one of the specified + // filter values. + // + // * dbi-resource-id - Accepts a list of database resource identifiers. The + // results list only includes the recommendations that generated for the + // specified databases. + // + // * cluster-resource-id - Accepts a list of cluster resource identifiers. + // The results list only includes the recommendations that generated for + // the specified clusters. + // + // * pg-arn - Accepts a list of parameter group ARNs. The results list only + // includes the recommendations that generated for the specified parameter + // groups. + // + // * cluster-pg-arn - Accepts a list of cluster parameter group ARNs. The + // results list only includes the recommendations that generated for the + // specified cluster parameter groups. + Filters []*Filter `locationNameList:"Filter" type:"list"` + + // A filter to include only the recommendations that were updated after this + // specified time. + LastUpdatedAfter *time.Time `type:"timestamp"` + + // A filter to include only the recommendations that were updated before this + // specified time. + LastUpdatedBefore *time.Time `type:"timestamp"` + + // The language that you choose to return the list of recommendations. + // + // Valid values: + // + // * en + // + // * en_UK + // + // * de + // + // * es + // + // * fr + // + // * id + // + // * it + // + // * ja + // + // * ko + // + // * pt_BR + // + // * zh_TW + // + // * zh_CN + Locale *string `type:"string"` + + // An optional pagination token provided by a previous DescribeDBRecommendations + // request. If this parameter is specified, the response includes only records + // beyond the marker, up to the value specified by MaxRecords. + Marker *string `type:"string"` + + // The maximum number of recommendations to include in the response. If more + // records exist than the specified MaxRecords value, a pagination token called + // a marker is included in the response so that you can retrieve the remaining + // results. + MaxRecords *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBRecommendationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBRecommendationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDBRecommendationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDBRecommendationsInput"} + if s.Filters != nil { + for i, v := range s.Filters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilters sets the Filters field's value. +func (s *DescribeDBRecommendationsInput) SetFilters(v []*Filter) *DescribeDBRecommendationsInput { + s.Filters = v + return s +} + +// SetLastUpdatedAfter sets the LastUpdatedAfter field's value. +func (s *DescribeDBRecommendationsInput) SetLastUpdatedAfter(v time.Time) *DescribeDBRecommendationsInput { + s.LastUpdatedAfter = &v + return s +} + +// SetLastUpdatedBefore sets the LastUpdatedBefore field's value. +func (s *DescribeDBRecommendationsInput) SetLastUpdatedBefore(v time.Time) *DescribeDBRecommendationsInput { + s.LastUpdatedBefore = &v + return s +} + +// SetLocale sets the Locale field's value. +func (s *DescribeDBRecommendationsInput) SetLocale(v string) *DescribeDBRecommendationsInput { + s.Locale = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBRecommendationsInput) SetMarker(v string) *DescribeDBRecommendationsInput { + s.Marker = &v + return s +} + +// SetMaxRecords sets the MaxRecords field's value. +func (s *DescribeDBRecommendationsInput) SetMaxRecords(v int64) *DescribeDBRecommendationsInput { + s.MaxRecords = &v + return s +} + +type DescribeDBRecommendationsOutput struct { + _ struct{} `type:"structure"` + + // A list of recommendations which is returned from DescribeDBRecommendations + // API request. + DBRecommendations []*DBRecommendation `type:"list"` + + // An optional pagination token provided by a previous DBRecommendationsMessage + // request. This token can be used later in a DescribeDBRecomendations request. + Marker *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBRecommendationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBRecommendationsOutput) GoString() string { + return s.String() +} + +// SetDBRecommendations sets the DBRecommendations field's value. +func (s *DescribeDBRecommendationsOutput) SetDBRecommendations(v []*DBRecommendation) *DescribeDBRecommendationsOutput { + s.DBRecommendations = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBRecommendationsOutput) SetMarker(v string) *DescribeDBRecommendationsOutput { + s.Marker = &v + return s +} + type DescribeDBSecurityGroupsInput struct { _ struct{} `type:"structure"` @@ -28170,12 +40034,20 @@ type DescribeDBSecurityGroupsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSecurityGroupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSecurityGroupsInput) GoString() string { return s.String() } @@ -28238,12 +40110,20 @@ type DescribeDBSecurityGroupsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSecurityGroupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSecurityGroupsOutput) GoString() string { return s.String() } @@ -28260,6 +40140,144 @@ func (s *DescribeDBSecurityGroupsOutput) SetMarker(v string) *DescribeDBSecurity return s } +type DescribeDBShardGroupsInput struct { + _ struct{} `type:"structure"` + + // The user-supplied DB shard group identifier or the Amazon Resource Name (ARN) + // of the DB shard group. If this parameter is specified, information for only + // the specific DB shard group is returned. This parameter isn't case-sensitive. + // + // Constraints: + // + // * If supplied, must match an existing DB shard group identifier. + DBShardGroupIdentifier *string `min:"1" type:"string"` + + // A filter that specifies one or more DB shard groups to describe. + Filters []*Filter `locationNameList:"Filter" type:"list"` + + // An optional pagination token provided by a previous DescribeDBShardGroups + // request. If this parameter is specified, the response includes only records + // beyond the marker, up to the value specified by MaxRecords. + Marker *string `type:"string"` + + // The maximum number of records to include in the response. If more records + // exist than the specified MaxRecords value, a pagination token called a marker + // is included in the response so you can retrieve the remaining results. + // + // Default: 100 + // + // Constraints: Minimum 20, maximum 100 + MaxRecords *int64 `min:"20" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBShardGroupsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBShardGroupsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDBShardGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDBShardGroupsInput"} + if s.DBShardGroupIdentifier != nil && len(*s.DBShardGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBShardGroupIdentifier", 1)) + } + if s.MaxRecords != nil && *s.MaxRecords < 20 { + invalidParams.Add(request.NewErrParamMinValue("MaxRecords", 20)) + } + if s.Filters != nil { + for i, v := range s.Filters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *DescribeDBShardGroupsInput) SetDBShardGroupIdentifier(v string) *DescribeDBShardGroupsInput { + s.DBShardGroupIdentifier = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeDBShardGroupsInput) SetFilters(v []*Filter) *DescribeDBShardGroupsInput { + s.Filters = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBShardGroupsInput) SetMarker(v string) *DescribeDBShardGroupsInput { + s.Marker = &v + return s +} + +// SetMaxRecords sets the MaxRecords field's value. +func (s *DescribeDBShardGroupsInput) SetMaxRecords(v int64) *DescribeDBShardGroupsInput { + s.MaxRecords = &v + return s +} + +type DescribeDBShardGroupsOutput struct { + _ struct{} `type:"structure"` + + // Contains a list of DB shard groups for the user. + DBShardGroups []*DBShardGroup `locationNameList:"DBShardGroup" type:"list"` + + // A pagination token that can be used in a later DescribeDBClusters request. + Marker *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBShardGroupsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBShardGroupsOutput) GoString() string { + return s.String() +} + +// SetDBShardGroups sets the DBShardGroups field's value. +func (s *DescribeDBShardGroupsOutput) SetDBShardGroups(v []*DBShardGroup) *DescribeDBShardGroupsOutput { + s.DBShardGroups = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBShardGroupsOutput) SetMarker(v string) *DescribeDBShardGroupsOutput { + s.Marker = &v + return s +} + type DescribeDBSnapshotAttributesInput struct { _ struct{} `type:"structure"` @@ -28269,12 +40287,20 @@ type DescribeDBSnapshotAttributesInput struct { DBSnapshotIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotAttributesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotAttributesInput) GoString() string { return s.String() } @@ -28304,18 +40330,26 @@ type DescribeDBSnapshotAttributesOutput struct { // Contains the results of a successful call to the DescribeDBSnapshotAttributes // API action. // - // Manual DB snapshot attributes are used to authorize other AWS accounts to - // copy or restore a manual DB snapshot. For more information, see the ModifyDBSnapshotAttribute - // API action. + // Manual DB snapshot attributes are used to authorize other Amazon Web Services + // accounts to copy or restore a manual DB snapshot. For more information, see + // the ModifyDBSnapshotAttribute API action. DBSnapshotAttributesResult *DBSnapshotAttributesResult `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotAttributesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotAttributesOutput) GoString() string { return s.String() } @@ -28326,21 +40360,218 @@ func (s *DescribeDBSnapshotAttributesOutput) SetDBSnapshotAttributesResult(v *DB return s } +type DescribeDBSnapshotTenantDatabasesInput struct { + _ struct{} `type:"structure"` + + // The ID of the DB instance used to create the DB snapshots. This parameter + // isn't case-sensitive. + // + // Constraints: + // + // * If supplied, must match the identifier of an existing DBInstance. + DBInstanceIdentifier *string `type:"string"` + + // The ID of a DB snapshot that contains the tenant databases to describe. This + // value is stored as a lowercase string. + // + // Constraints: + // + // * If you specify this parameter, the value must match the ID of an existing + // DB snapshot. + // + // * If you specify an automatic snapshot, you must also specify SnapshotType. + DBSnapshotIdentifier *string `type:"string"` + + // A specific DB resource identifier to describe. + DbiResourceId *string `type:"string"` + + // A filter that specifies one or more tenant databases to describe. + // + // Supported filters: + // + // * tenant-db-name - Tenant database names. The results list only includes + // information about the tenant databases that match these tenant DB names. + // + // * tenant-database-resource-id - Tenant database resource identifiers. + // The results list only includes information about the tenant databases + // contained within the DB snapshots. + // + // * dbi-resource-id - DB instance resource identifiers. The results list + // only includes information about snapshots containing tenant databases + // contained within the DB instances identified by these resource identifiers. + // + // * db-instance-id - Accepts DB instance identifiers and DB instance Amazon + // Resource Names (ARNs). + // + // * db-snapshot-id - Accepts DB snapshot identifiers. + // + // * snapshot-type - Accepts types of DB snapshots. + Filters []*Filter `locationNameList:"Filter" type:"list"` + + // An optional pagination token provided by a previous DescribeDBSnapshotTenantDatabases + // request. If this parameter is specified, the response includes only records + // beyond the marker, up to the value specified by MaxRecords. + Marker *string `type:"string"` + + // The maximum number of records to include in the response. If more records + // exist than the specified MaxRecords value, a pagination token called a marker + // is included in the response so that you can retrieve the remaining results. + MaxRecords *int64 `type:"integer"` + + // The type of DB snapshots to be returned. You can specify one of the following + // values: + // + // * automated – All DB snapshots that have been automatically taken by + // Amazon RDS for my Amazon Web Services account. + // + // * manual – All DB snapshots that have been taken by my Amazon Web Services + // account. + // + // * shared – All manual DB snapshots that have been shared to my Amazon + // Web Services account. + // + // * public – All DB snapshots that have been marked as public. + // + // * awsbackup – All DB snapshots managed by the Amazon Web Services Backup + // service. + SnapshotType *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBSnapshotTenantDatabasesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBSnapshotTenantDatabasesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDBSnapshotTenantDatabasesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDBSnapshotTenantDatabasesInput"} + if s.Filters != nil { + for i, v := range s.Filters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *DescribeDBSnapshotTenantDatabasesInput) SetDBInstanceIdentifier(v string) *DescribeDBSnapshotTenantDatabasesInput { + s.DBInstanceIdentifier = &v + return s +} + +// SetDBSnapshotIdentifier sets the DBSnapshotIdentifier field's value. +func (s *DescribeDBSnapshotTenantDatabasesInput) SetDBSnapshotIdentifier(v string) *DescribeDBSnapshotTenantDatabasesInput { + s.DBSnapshotIdentifier = &v + return s +} + +// SetDbiResourceId sets the DbiResourceId field's value. +func (s *DescribeDBSnapshotTenantDatabasesInput) SetDbiResourceId(v string) *DescribeDBSnapshotTenantDatabasesInput { + s.DbiResourceId = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeDBSnapshotTenantDatabasesInput) SetFilters(v []*Filter) *DescribeDBSnapshotTenantDatabasesInput { + s.Filters = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBSnapshotTenantDatabasesInput) SetMarker(v string) *DescribeDBSnapshotTenantDatabasesInput { + s.Marker = &v + return s +} + +// SetMaxRecords sets the MaxRecords field's value. +func (s *DescribeDBSnapshotTenantDatabasesInput) SetMaxRecords(v int64) *DescribeDBSnapshotTenantDatabasesInput { + s.MaxRecords = &v + return s +} + +// SetSnapshotType sets the SnapshotType field's value. +func (s *DescribeDBSnapshotTenantDatabasesInput) SetSnapshotType(v string) *DescribeDBSnapshotTenantDatabasesInput { + s.SnapshotType = &v + return s +} + +type DescribeDBSnapshotTenantDatabasesOutput struct { + _ struct{} `type:"structure"` + + // A list of DB snapshot tenant databases. + DBSnapshotTenantDatabases []*DBSnapshotTenantDatabase `locationNameList:"DBSnapshotTenantDatabase" type:"list"` + + // An optional pagination token provided by a previous request. If this parameter + // is specified, the response includes only records beyond the marker, up to + // the value specified by MaxRecords. + Marker *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBSnapshotTenantDatabasesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeDBSnapshotTenantDatabasesOutput) GoString() string { + return s.String() +} + +// SetDBSnapshotTenantDatabases sets the DBSnapshotTenantDatabases field's value. +func (s *DescribeDBSnapshotTenantDatabasesOutput) SetDBSnapshotTenantDatabases(v []*DBSnapshotTenantDatabase) *DescribeDBSnapshotTenantDatabasesOutput { + s.DBSnapshotTenantDatabases = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeDBSnapshotTenantDatabasesOutput) SetMarker(v string) *DescribeDBSnapshotTenantDatabasesOutput { + s.Marker = &v + return s +} + type DescribeDBSnapshotsInput struct { _ struct{} `type:"structure"` // The ID of the DB instance to retrieve the list of DB snapshots for. This - // parameter can't be used in conjunction with DBSnapshotIdentifier. This parameter - // isn't case-sensitive. + // parameter isn't case-sensitive. // // Constraints: // // * If supplied, must match the identifier of an existing DBInstance. DBInstanceIdentifier *string `type:"string"` - // A specific DB snapshot identifier to describe. This parameter can't be used - // in conjunction with DBInstanceIdentifier. This value is stored as a lowercase - // string. + // A specific DB snapshot identifier to describe. This value is stored as a + // lowercase string. // // Constraints: // @@ -28369,20 +40600,26 @@ type DescribeDBSnapshotsInput struct { // * engine - Accepts names of database engines. Filters []*Filter `locationNameList:"Filter" type:"list"` - // A value that indicates whether to include manual DB cluster snapshots that - // are public and can be copied or restored by any AWS account. By default, + // Specifies whether to include manual DB cluster snapshots that are public + // and can be copied or restored by any Amazon Web Services account. By default, // the public snapshots are not included. // // You can share a manual DB snapshot as public by using the ModifyDBSnapshotAttribute // API. + // + // This setting doesn't apply to RDS Custom. IncludePublic *bool `type:"boolean"` - // A value that indicates whether to include shared manual DB cluster snapshots - // from other AWS accounts that this AWS account has been given permission to - // copy or restore. By default, these snapshots are not included. + // Specifies whether to include shared manual DB cluster snapshots from other + // Amazon Web Services accounts that this Amazon Web Services account has been + // given permission to copy or restore. By default, these snapshots are not + // included. // - // You can give an AWS account permission to restore a manual DB snapshot from - // another AWS account by using the ModifyDBSnapshotAttribute API action. + // You can give an Amazon Web Services account permission to restore a manual + // DB snapshot from another Amazon Web Services account by using the ModifyDBSnapshotAttribute + // API action. + // + // This setting doesn't apply to RDS Custom. IncludeShared *bool `type:"boolean"` // An optional pagination token provided by a previous DescribeDBSnapshots request. @@ -28403,18 +40640,19 @@ type DescribeDBSnapshotsInput struct { // values: // // * automated - Return all DB snapshots that have been automatically taken - // by Amazon RDS for my AWS account. + // by Amazon RDS for my Amazon Web Services account. // - // * manual - Return all DB snapshots that have been taken by my AWS account. + // * manual - Return all DB snapshots that have been taken by my Amazon Web + // Services account. // // * shared - Return all manual DB snapshots that have been shared to my - // AWS account. + // Amazon Web Services account. // // * public - Return all DB snapshots that have been marked as public. // - // * awsbackup - Return the DB snapshots managed by the AWS Backup service. - // For information about AWS Backup, see the AWS Backup Developer Guide. - // (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html) + // * awsbackup - Return the DB snapshots managed by the Amazon Web Services + // Backup service. For information about Amazon Web Services Backup, see + // the Amazon Web Services Backup Developer Guide. (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html) // The awsbackup type does not apply to Aurora. // // If you don't specify a SnapshotType value, then both automated and manual @@ -28430,12 +40668,20 @@ type DescribeDBSnapshotsInput struct { SnapshotType *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotsInput) GoString() string { return s.String() } @@ -28528,12 +40774,20 @@ type DescribeDBSnapshotsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSnapshotsOutput) GoString() string { return s.String() } @@ -28574,12 +40828,20 @@ type DescribeDBSubnetGroupsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSubnetGroupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSubnetGroupsInput) GoString() string { return s.String() } @@ -28642,12 +40904,20 @@ type DescribeDBSubnetGroupsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSubnetGroupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeDBSubnetGroupsOutput) GoString() string { return s.String() } @@ -28691,12 +40961,20 @@ type DescribeEngineDefaultClusterParametersInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultClusterParametersInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultClusterParametersInput) GoString() string { return s.String() } @@ -28756,12 +41034,20 @@ type DescribeEngineDefaultClusterParametersOutput struct { EngineDefaults *EngineDefaults `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultClusterParametersOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultClusterParametersOutput) GoString() string { return s.String() } @@ -28777,6 +41063,106 @@ type DescribeEngineDefaultParametersInput struct { // The name of the DB parameter group family. // + // Valid Values: + // + // * aurora-mysql5.7 + // + // * aurora-mysql8.0 + // + // * aurora-postgresql10 + // + // * aurora-postgresql11 + // + // * aurora-postgresql12 + // + // * aurora-postgresql13 + // + // * aurora-postgresql14 + // + // * custom-oracle-ee-19 + // + // * custom-oracle-ee-cdb-19 + // + // * db2-ae + // + // * db2-se + // + // * mariadb10.2 + // + // * mariadb10.3 + // + // * mariadb10.4 + // + // * mariadb10.5 + // + // * mariadb10.6 + // + // * mysql5.7 + // + // * mysql8.0 + // + // * oracle-ee-19 + // + // * oracle-ee-cdb-19 + // + // * oracle-ee-cdb-21 + // + // * oracle-se2-19 + // + // * oracle-se2-cdb-19 + // + // * oracle-se2-cdb-21 + // + // * postgres10 + // + // * postgres11 + // + // * postgres12 + // + // * postgres13 + // + // * postgres14 + // + // * sqlserver-ee-11.0 + // + // * sqlserver-ee-12.0 + // + // * sqlserver-ee-13.0 + // + // * sqlserver-ee-14.0 + // + // * sqlserver-ee-15.0 + // + // * sqlserver-ex-11.0 + // + // * sqlserver-ex-12.0 + // + // * sqlserver-ex-13.0 + // + // * sqlserver-ex-14.0 + // + // * sqlserver-ex-15.0 + // + // * sqlserver-se-11.0 + // + // * sqlserver-se-12.0 + // + // * sqlserver-se-13.0 + // + // * sqlserver-se-14.0 + // + // * sqlserver-se-15.0 + // + // * sqlserver-web-11.0 + // + // * sqlserver-web-12.0 + // + // * sqlserver-web-13.0 + // + // * sqlserver-web-14.0 + // + // * sqlserver-web-15.0 + // // DBParameterGroupFamily is a required field DBParameterGroupFamily *string `type:"string" required:"true"` @@ -28798,12 +41184,20 @@ type DescribeEngineDefaultParametersInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultParametersInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultParametersInput) GoString() string { return s.String() } @@ -28863,12 +41257,20 @@ type DescribeEngineDefaultParametersOutput struct { EngineDefaults *EngineDefaults `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultParametersOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEngineDefaultParametersOutput) GoString() string { return s.String() } @@ -28885,19 +41287,28 @@ type DescribeEventCategoriesInput struct { // This parameter isn't currently supported. Filters []*Filter `locationNameList:"Filter" type:"list"` - // The type of source that is generating the events. + // The type of source that is generating the events. For RDS Proxy events, specify + // db-proxy. // - // Valid values: db-instance | db-cluster | db-parameter-group | db-security-group - // | db-snapshot | db-cluster-snapshot + // Valid Values: db-instance | db-cluster | db-parameter-group | db-security-group + // | db-snapshot | db-cluster-snapshot | db-proxy SourceType *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventCategoriesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventCategoriesInput) GoString() string { return s.String() } @@ -28942,12 +41353,20 @@ type DescribeEventCategoriesOutput struct { EventCategoriesMapList []*EventCategoriesMap `locationNameList:"EventCategoriesMap" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventCategoriesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventCategoriesOutput) GoString() string { return s.String() } @@ -28982,12 +41401,20 @@ type DescribeEventSubscriptionsInput struct { SubscriptionName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventSubscriptionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventSubscriptionsInput) GoString() string { return s.String() } @@ -29049,12 +41476,20 @@ type DescribeEventSubscriptionsOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventSubscriptionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventSubscriptionsOutput) GoString() string { return s.String() } @@ -29132,6 +41567,8 @@ type DescribeEventsInput struct { // * If the source type is a DB cluster snapshot, a DBClusterSnapshotIdentifier // value must be supplied. // + // * If the source type is an RDS Proxy, a DBProxyName value must be supplied. + // // * Can't end with a hyphen or contain two consecutive hyphens. SourceIdentifier *string `type:"string"` @@ -29147,12 +41584,20 @@ type DescribeEventsInput struct { StartTime *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventsInput) GoString() string { return s.String() } @@ -29240,16 +41685,24 @@ type DescribeEventsOutput struct { // An optional pagination token provided by a previous Events request. If this // parameter is specified, the response includes only records beyond the marker, - // up to the value specified by MaxRecords . + // up to the value specified by MaxRecords. Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeEventsOutput) GoString() string { return s.String() } @@ -29269,24 +41722,25 @@ func (s *DescribeEventsOutput) SetMarker(v string) *DescribeEventsOutput { type DescribeExportTasksInput struct { _ struct{} `type:"structure"` - // The identifier of the snapshot export task to be described. + // The identifier of the snapshot or cluster export task to be described. ExportTaskIdentifier *string `type:"string"` - // Filters specify one or more snapshot exports to describe. The filters are - // specified as name-value pairs that define what to include in the output. - // Filter names and values are case-sensitive. + // Filters specify one or more snapshot or cluster exports to describe. The + // filters are specified as name-value pairs that define what to include in + // the output. Filter names and values are case-sensitive. // // Supported filters include the following: // - // * export-task-identifier - An identifier for the snapshot export task. + // * export-task-identifier - An identifier for the snapshot or cluster export + // task. // - // * s3-bucket - The Amazon S3 bucket the snapshot is exported to. + // * s3-bucket - The Amazon S3 bucket the data is exported to. // - // * source-arn - The Amazon Resource Name (ARN) of the snapshot exported - // to Amazon S3 + // * source-arn - The Amazon Resource Name (ARN) of the snapshot or cluster + // exported to Amazon S3. // - // * status - The status of the export task. Must be lowercase, for example, - // complete. + // * status - The status of the export task. Must be lowercase. Valid statuses + // are the following: canceled canceling complete failed in_progress starting Filters []*Filter `locationNameList:"Filter" type:"list"` // An optional pagination token provided by a previous DescribeExportTasks request. @@ -29304,16 +41758,28 @@ type DescribeExportTasksInput struct { // Constraints: Minimum 20, maximum 100. MaxRecords *int64 `min:"20" type:"integer"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` + + // The type of source for the export. + SourceType *string `type:"string" enum:"ExportSourceType"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeExportTasksInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeExportTasksInput) GoString() string { return s.String() } @@ -29371,10 +41837,16 @@ func (s *DescribeExportTasksInput) SetSourceArn(v string) *DescribeExportTasksIn return s } +// SetSourceType sets the SourceType field's value. +func (s *DescribeExportTasksInput) SetSourceType(v string) *DescribeExportTasksInput { + s.SourceType = &v + return s +} + type DescribeExportTasksOutput struct { _ struct{} `type:"structure"` - // Information about an export of a snapshot to Amazon S3. + // Information about an export of a snapshot or cluster to Amazon S3. ExportTasks []*ExportTask `locationNameList:"ExportTask" type:"list"` // A pagination token that can be used in a later DescribeExportTasks request. @@ -29383,12 +41855,20 @@ type DescribeExportTasksOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeExportTasksOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeExportTasksOutput) GoString() string { return s.String() } @@ -29408,13 +41888,14 @@ func (s *DescribeExportTasksOutput) SetMarker(v string) *DescribeExportTasksOutp type DescribeGlobalClustersInput struct { _ struct{} `type:"structure"` - // A filter that specifies one or more global DB clusters to describe. + // A filter that specifies one or more global database clusters to describe. + // This parameter is case-sensitive. // - // Supported filters: + // Currently, the only supported filter is region. // - // * db-cluster-id - Accepts DB cluster identifiers and DB cluster Amazon - // Resource Names (ARNs). The results list will only include information - // about the DB clusters identified by these ARNs. + // If used, the request returns information about any global cluster with at + // least one member (primary or secondary) in the specified Amazon Web Services + // Regions. Filters []*Filter `locationNameList:"Filter" type:"list"` // The user-supplied DB cluster identifier. If this parameter is specified, @@ -29441,12 +41922,20 @@ type DescribeGlobalClustersInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeGlobalClustersInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeGlobalClustersInput) GoString() string { return s.String() } @@ -29507,12 +41996,20 @@ type DescribeGlobalClustersOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeGlobalClustersOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeGlobalClustersOutput) GoString() string { return s.String() } @@ -29529,48 +42026,57 @@ func (s *DescribeGlobalClustersOutput) SetMarker(v string) *DescribeGlobalCluste return s } -type DescribeInstallationMediaInput struct { +type DescribeIntegrationsInput struct { _ struct{} `type:"structure"` - // A filter that specifies one or more installation media to describe. Supported - // filters include the following: - // - // * custom-availability-zone-id - Accepts custom Availability Zone (AZ) - // identifiers. The results list includes information about only the custom - // AZs identified by these identifiers. - // - // * engine - Accepts database engines. The results list includes information - // about only the database engines identified by these identifiers. For more - // information about the valid engines for installation media, see ImportInstallationMedia. + // A filter that specifies one or more resources to return. Filters []*Filter `locationNameList:"Filter" type:"list"` - // The installation medium ID. - InstallationMediaId *string `type:"string"` + // The unique identifier of the integration. + IntegrationIdentifier *string `min:"1" type:"string"` - // An optional pagination token provided by a previous request. If this parameter - // is specified, the response includes only records beyond the marker, up to - // the value specified by MaxRecords. - Marker *string `type:"string"` - - // An optional pagination token provided by a previous DescribeInstallationMedia + // An optional pagination token provided by a previous DescribeIntegrations // request. If this parameter is specified, the response includes only records // beyond the marker, up to the value specified by MaxRecords. + Marker *string `min:"1" type:"string"` + + // The maximum number of records to include in the response. If more records + // exist than the specified MaxRecords value, a pagination token called a marker + // is included in the response so that you can retrieve the remaining results. + // + // Default: 100 + // + // Constraints: Minimum 20, maximum 100. MaxRecords *int64 `type:"integer"` } -// String returns the string representation -func (s DescribeInstallationMediaInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIntegrationsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeInstallationMediaInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIntegrationsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeInstallationMediaInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeInstallationMediaInput"} +func (s *DescribeIntegrationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeIntegrationsInput"} + if s.IntegrationIdentifier != nil && len(*s.IntegrationIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IntegrationIdentifier", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } if s.Filters != nil { for i, v := range s.Filters { if v == nil { @@ -29589,59 +42095,65 @@ func (s *DescribeInstallationMediaInput) Validate() error { } // SetFilters sets the Filters field's value. -func (s *DescribeInstallationMediaInput) SetFilters(v []*Filter) *DescribeInstallationMediaInput { +func (s *DescribeIntegrationsInput) SetFilters(v []*Filter) *DescribeIntegrationsInput { s.Filters = v return s } -// SetInstallationMediaId sets the InstallationMediaId field's value. -func (s *DescribeInstallationMediaInput) SetInstallationMediaId(v string) *DescribeInstallationMediaInput { - s.InstallationMediaId = &v +// SetIntegrationIdentifier sets the IntegrationIdentifier field's value. +func (s *DescribeIntegrationsInput) SetIntegrationIdentifier(v string) *DescribeIntegrationsInput { + s.IntegrationIdentifier = &v return s } // SetMarker sets the Marker field's value. -func (s *DescribeInstallationMediaInput) SetMarker(v string) *DescribeInstallationMediaInput { +func (s *DescribeIntegrationsInput) SetMarker(v string) *DescribeIntegrationsInput { s.Marker = &v return s } // SetMaxRecords sets the MaxRecords field's value. -func (s *DescribeInstallationMediaInput) SetMaxRecords(v int64) *DescribeInstallationMediaInput { +func (s *DescribeIntegrationsInput) SetMaxRecords(v int64) *DescribeIntegrationsInput { s.MaxRecords = &v return s } -type DescribeInstallationMediaOutput struct { +type DescribeIntegrationsOutput struct { _ struct{} `type:"structure"` - // The list of InstallationMedia objects for the AWS account. - InstallationMedia []*InstallationMedia `locationNameList:"InstallationMedia" type:"list"` + // A list of integrations. + Integrations []*Integration `locationNameList:"Integration" type:"list"` - // An optional pagination token provided by a previous DescribeInstallationMedia - // request. If this parameter is specified, the response includes only records - // beyond the marker, up to the value specified by MaxRecords. - Marker *string `type:"string"` + // A pagination token that can be used in a later DescribeIntegrations request. + Marker *string `min:"1" type:"string"` } -// String returns the string representation -func (s DescribeInstallationMediaOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIntegrationsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s DescribeInstallationMediaOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeIntegrationsOutput) GoString() string { return s.String() } -// SetInstallationMedia sets the InstallationMedia field's value. -func (s *DescribeInstallationMediaOutput) SetInstallationMedia(v []*InstallationMedia) *DescribeInstallationMediaOutput { - s.InstallationMedia = v +// SetIntegrations sets the Integrations field's value. +func (s *DescribeIntegrationsOutput) SetIntegrations(v []*Integration) *DescribeIntegrationsOutput { + s.Integrations = v return s } // SetMarker sets the Marker field's value. -func (s *DescribeInstallationMediaOutput) SetMarker(v string) *DescribeInstallationMediaOutput { +func (s *DescribeIntegrationsOutput) SetMarker(v string) *DescribeIntegrationsOutput { s.Marker = &v return s } @@ -29649,7 +42161,35 @@ func (s *DescribeInstallationMediaOutput) SetMarker(v string) *DescribeInstallat type DescribeOptionGroupOptionsInput struct { _ struct{} `type:"structure"` - // A required parameter. Options available for the given engine name are described. + // The name of the engine to describe options for. + // + // Valid Values: + // + // * db2-ae + // + // * db2-se + // + // * mariadb + // + // * mysql + // + // * oracle-ee + // + // * oracle-ee-cdb + // + // * oracle-se2 + // + // * oracle-se2-cdb + // + // * postgres + // + // * sqlserver-ee + // + // * sqlserver-se + // + // * sqlserver-ex + // + // * sqlserver-web // // EngineName is a required field EngineName *string `type:"string" required:"true"` @@ -29676,12 +42216,20 @@ type DescribeOptionGroupOptionsInput struct { MaxRecords *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupOptionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupOptionsInput) GoString() string { return s.String() } @@ -29751,12 +42299,20 @@ type DescribeOptionGroupOptionsOutput struct { OptionGroupOptions []*OptionGroupOption `locationNameList:"OptionGroupOption" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupOptionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupOptionsOutput) GoString() string { return s.String() } @@ -29776,8 +42332,35 @@ func (s *DescribeOptionGroupOptionsOutput) SetOptionGroupOptions(v []*OptionGrou type DescribeOptionGroupsInput struct { _ struct{} `type:"structure"` - // Filters the list of option groups to only include groups associated with - // a specific database engine. + // A filter to only include option groups associated with this database engine. + // + // Valid Values: + // + // * db2-ae + // + // * db2-se + // + // * mariadb + // + // * mysql + // + // * oracle-ee + // + // * oracle-ee-cdb + // + // * oracle-se2 + // + // * oracle-se2-cdb + // + // * postgres + // + // * sqlserver-ee + // + // * sqlserver-se + // + // * sqlserver-ex + // + // * sqlserver-web EngineName *string `type:"string"` // This parameter isn't currently supported. @@ -29807,12 +42390,20 @@ type DescribeOptionGroupsInput struct { OptionGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupsInput) GoString() string { return s.String() } @@ -29886,12 +42477,20 @@ type DescribeOptionGroupsOutput struct { OptionGroupsList []*OptionGroup `locationNameList:"OptionGroup" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOptionGroupsOutput) GoString() string { return s.String() } @@ -29912,35 +42511,78 @@ type DescribeOrderableDBInstanceOptionsInput struct { _ struct{} `type:"structure"` // The Availability Zone group associated with a Local Zone. Specify this parameter - // to retrieve available offerings for the Local Zones in the group. + // to retrieve available options for the Local Zones in the group. // - // Omit this parameter to show the available offerings in the specified AWS - // Region. + // Omit this parameter to show the available options in the specified Amazon + // Web Services Region. + // + // This setting doesn't apply to RDS Custom DB instances. AvailabilityZoneGroup *string `type:"string"` - // The DB instance class filter value. Specify this parameter to show only the - // available offerings matching the specified DB instance class. + // A filter to include only the available options for the specified DB instance + // class. DBInstanceClass *string `type:"string"` - // The name of the engine to retrieve DB instance options for. + // The name of the database engine to describe DB instance options for. + // + // Valid Values: + // + // * aurora-mysql + // + // * aurora-postgresql + // + // * custom-oracle-ee + // + // * custom-oracle-ee-cdb + // + // * custom-oracle-se2 + // + // * custom-oracle-se2-cdb + // + // * db2-ae + // + // * db2-se + // + // * mariadb + // + // * mysql + // + // * oracle-ee + // + // * oracle-ee-cdb + // + // * oracle-se2 + // + // * oracle-se2-cdb + // + // * postgres + // + // * sqlserver-ee + // + // * sqlserver-se + // + // * sqlserver-ex + // + // * sqlserver-web // // Engine is a required field Engine *string `type:"string" required:"true"` - // The engine version filter value. Specify this parameter to show only the - // available offerings matching the specified engine version. + // A filter to include only the available options for the specified engine version. EngineVersion *string `type:"string"` // This parameter isn't currently supported. Filters []*Filter `locationNameList:"Filter" type:"list"` - // The license model filter value. Specify this parameter to show only the available - // offerings matching the specified license model. + // A filter to include only the available options for the specified license + // model. + // + // RDS Custom supports only the BYOL licensing model. LicenseModel *string `type:"string"` // An optional pagination token provided by a previous DescribeOrderableDBInstanceOptions // request. If this parameter is specified, the response includes only records - // beyond the marker, up to the value specified by MaxRecords . + // beyond the marker, up to the value specified by MaxRecords. Marker *string `type:"string"` // The maximum number of records to include in the response. If more records @@ -29949,19 +42591,31 @@ type DescribeOrderableDBInstanceOptionsInput struct { // // Default: 100 // - // Constraints: Minimum 20, maximum 100. + // Constraints: Minimum 20, maximum 1000. MaxRecords *int64 `type:"integer"` - // A value that indicates whether to show only VPC or non-VPC offerings. + // Specifies whether to show only VPC or non-VPC offerings. RDS Custom supports + // only VPC offerings. + // + // RDS Custom supports only VPC offerings. If you describe non-VPC offerings + // for RDS Custom, the output shows VPC offerings. Vpc *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOrderableDBInstanceOptionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOrderableDBInstanceOptionsInput) GoString() string { return s.String() } @@ -30050,7 +42704,7 @@ type DescribeOrderableDBInstanceOptionsOutput struct { // An optional pagination token provided by a previous OrderableDBInstanceOptions // request. If this parameter is specified, the response includes only records - // beyond the marker, up to the value specified by MaxRecords . + // beyond the marker, up to the value specified by MaxRecords. Marker *string `type:"string"` // An OrderableDBInstanceOption structure containing information about orderable @@ -30058,12 +42712,20 @@ type DescribeOrderableDBInstanceOptionsOutput struct { OrderableDBInstanceOptions []*OrderableDBInstanceOption `locationNameList:"OrderableDBInstanceOption" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOrderableDBInstanceOptionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeOrderableDBInstanceOptionsOutput) GoString() string { return s.String() } @@ -30089,12 +42751,12 @@ type DescribePendingMaintenanceActionsInput struct { // Supported filters: // // * db-cluster-id - Accepts DB cluster identifiers and DB cluster Amazon - // Resource Names (ARNs). The results list will only include pending maintenance + // Resource Names (ARNs). The results list only includes pending maintenance // actions for the DB clusters identified by these ARNs. // // * db-instance-id - Accepts DB instance identifiers and DB instance ARNs. - // The results list will only include pending maintenance actions for the - // DB instances identified by these ARNs. + // The results list only includes pending maintenance actions for the DB + // instances identified by these ARNs. Filters []*Filter `locationNameList:"Filter" type:"list"` // An optional pagination token provided by a previous DescribePendingMaintenanceActions @@ -30115,12 +42777,20 @@ type DescribePendingMaintenanceActionsInput struct { ResourceIdentifier *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribePendingMaintenanceActionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribePendingMaintenanceActionsInput) GoString() string { return s.String() } @@ -30182,12 +42852,20 @@ type DescribePendingMaintenanceActionsOutput struct { PendingMaintenanceActions []*ResourcePendingMaintenanceActions `locationNameList:"ResourcePendingMaintenanceActions" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribePendingMaintenanceActionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribePendingMaintenanceActionsOutput) GoString() string { return s.String() } @@ -30223,8 +42901,8 @@ type DescribeReservedDBInstancesInput struct { // The lease identifier filter value. Specify this parameter to show only the // reservation that matches the specified lease ID. // - // AWS Support might request the lease ID for an issue related to a reserved - // DB instance. + // Amazon Web Services Support might request the lease ID for an issue related + // to a reserved DB instance. LeaseId *string `type:"string"` // An optional pagination token provided by a previous request. If this parameter @@ -30241,8 +42919,7 @@ type DescribeReservedDBInstancesInput struct { // Constraints: Minimum 20, maximum 100. MaxRecords *int64 `type:"integer"` - // A value that indicates whether to show only those reservations that support - // Multi-AZ. + // Specifies whether to show only those reservations that support Multi-AZ. MultiAZ *bool `type:"boolean"` // The offering type filter value. Specify this parameter to show only the available @@ -30264,12 +42941,20 @@ type DescribeReservedDBInstancesInput struct { ReservedDBInstancesOfferingId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesInput) GoString() string { return s.String() } @@ -30390,8 +43075,7 @@ type DescribeReservedDBInstancesOfferingsInput struct { // Constraints: Minimum 20, maximum 100. MaxRecords *int64 `type:"integer"` - // A value that indicates whether to show only those reservations that support - // Multi-AZ. + // Specifies whether to show only those reservations that support Multi-AZ. MultiAZ *bool `type:"boolean"` // The offering type filter value. Specify this parameter to show only the available @@ -30413,12 +43097,20 @@ type DescribeReservedDBInstancesOfferingsInput struct { ReservedDBInstancesOfferingId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesOfferingsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesOfferingsInput) GoString() string { return s.String() } @@ -30511,12 +43203,20 @@ type DescribeReservedDBInstancesOfferingsOutput struct { ReservedDBInstancesOfferings []*ReservedDBInstancesOffering `locationNameList:"ReservedDBInstancesOffering" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesOfferingsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesOfferingsOutput) GoString() string { return s.String() } @@ -30547,12 +43247,20 @@ type DescribeReservedDBInstancesOutput struct { ReservedDBInstances []*ReservedDBInstance `locationNameList:"ReservedDBInstance" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeReservedDBInstancesOutput) GoString() string { return s.String() } @@ -30589,20 +43297,28 @@ type DescribeSourceRegionsInput struct { // Constraints: Minimum 20, maximum 100. MaxRecords *int64 `type:"integer"` - // The source AWS Region name. For example, us-east-1. + // The source Amazon Web Services Region name. For example, us-east-1. // // Constraints: // - // * Must specify a valid AWS Region name. + // * Must specify a valid Amazon Web Services Region name. RegionName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeSourceRegionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeSourceRegionsInput) GoString() string { return s.String() } @@ -30661,17 +43377,26 @@ type DescribeSourceRegionsOutput struct { // the value specified by MaxRecords. Marker *string `type:"string"` - // A list of SourceRegion instances that contains each source AWS Region that - // the current AWS Region can get a read replica or a DB snapshot from. + // A list of SourceRegion instances that contains each source Amazon Web Services + // Region that the current Amazon Web Services Region can get a read replica + // or a DB snapshot from. SourceRegions []*SourceRegion `locationNameList:"SourceRegion" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeSourceRegionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeSourceRegionsOutput) GoString() string { return s.String() } @@ -30688,6 +43413,155 @@ func (s *DescribeSourceRegionsOutput) SetSourceRegions(v []*SourceRegion) *Descr return s } +type DescribeTenantDatabasesInput struct { + _ struct{} `type:"structure"` + + // The user-supplied DB instance identifier, which must match the identifier + // of an existing instance owned by the Amazon Web Services account. This parameter + // isn't case-sensitive. + DBInstanceIdentifier *string `type:"string"` + + // A filter that specifies one or more database tenants to describe. + // + // Supported filters: + // + // * tenant-db-name - Tenant database names. The results list only includes + // information about the tenant databases that match these tenant DB names. + // + // * tenant-database-resource-id - Tenant database resource identifiers. + // + // * dbi-resource-id - DB instance resource identifiers. The results list + // only includes information about the tenants contained within the DB instances + // identified by these resource identifiers. + Filters []*Filter `locationNameList:"Filter" type:"list"` + + // An optional pagination token provided by a previous DescribeTenantDatabases + // request. If this parameter is specified, the response includes only records + // beyond the marker, up to the value specified by MaxRecords. + Marker *string `type:"string"` + + // The maximum number of records to include in the response. If more records + // exist than the specified MaxRecords value, a pagination token called a marker + // is included in the response so that you can retrieve the remaining results. + MaxRecords *int64 `type:"integer"` + + // The user-supplied tenant database name, which must match the name of an existing + // tenant database on the specified DB instance owned by your Amazon Web Services + // account. This parameter isn’t case-sensitive. + TenantDBName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTenantDatabasesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTenantDatabasesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTenantDatabasesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTenantDatabasesInput"} + if s.Filters != nil { + for i, v := range s.Filters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *DescribeTenantDatabasesInput) SetDBInstanceIdentifier(v string) *DescribeTenantDatabasesInput { + s.DBInstanceIdentifier = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTenantDatabasesInput) SetFilters(v []*Filter) *DescribeTenantDatabasesInput { + s.Filters = v + return s +} + +// SetMarker sets the Marker field's value. +func (s *DescribeTenantDatabasesInput) SetMarker(v string) *DescribeTenantDatabasesInput { + s.Marker = &v + return s +} + +// SetMaxRecords sets the MaxRecords field's value. +func (s *DescribeTenantDatabasesInput) SetMaxRecords(v int64) *DescribeTenantDatabasesInput { + s.MaxRecords = &v + return s +} + +// SetTenantDBName sets the TenantDBName field's value. +func (s *DescribeTenantDatabasesInput) SetTenantDBName(v string) *DescribeTenantDatabasesInput { + s.TenantDBName = &v + return s +} + +type DescribeTenantDatabasesOutput struct { + _ struct{} `type:"structure"` + + // An optional pagination token provided by a previous DescribeTenantDatabases + // request. If this parameter is specified, the response includes only records + // beyond the marker, up to the value specified by MaxRecords. + Marker *string `type:"string"` + + // An array of the tenant databases requested by the DescribeTenantDatabases + // operation. + TenantDatabases []*TenantDatabase `locationNameList:"TenantDatabase" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTenantDatabasesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeTenantDatabasesOutput) GoString() string { + return s.String() +} + +// SetMarker sets the Marker field's value. +func (s *DescribeTenantDatabasesOutput) SetMarker(v string) *DescribeTenantDatabasesOutput { + s.Marker = &v + return s +} + +// SetTenantDatabases sets the TenantDatabases field's value. +func (s *DescribeTenantDatabasesOutput) SetTenantDatabases(v []*TenantDatabase) *DescribeTenantDatabasesOutput { + s.TenantDatabases = v + return s +} + type DescribeValidDBInstanceModificationsInput struct { _ struct{} `type:"structure"` @@ -30697,12 +43571,20 @@ type DescribeValidDBInstanceModificationsInput struct { DBInstanceIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeValidDBInstanceModificationsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeValidDBInstanceModificationsInput) GoString() string { return s.String() } @@ -30735,12 +43617,20 @@ type DescribeValidDBInstanceModificationsOutput struct { ValidDBInstanceModificationsMessage *ValidDBInstanceModificationsMessage `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeValidDBInstanceModificationsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DescribeValidDBInstanceModificationsOutput) GoString() string { return s.String() } @@ -30751,36 +43641,193 @@ func (s *DescribeValidDBInstanceModificationsOutput) SetValidDBInstanceModificat return s } +type DisableHttpEndpointInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the DB cluster. + // + // ResourceArn is a required field + ResourceArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableHttpEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableHttpEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableHttpEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableHttpEndpointInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *DisableHttpEndpointInput) SetResourceArn(v string) *DisableHttpEndpointInput { + s.ResourceArn = &v + return s +} + +type DisableHttpEndpointOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether the HTTP endpoint is enabled or disabled for the DB cluster. + HttpEndpointEnabled *bool `type:"boolean"` + + // The ARN of the DB cluster. + ResourceArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableHttpEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableHttpEndpointOutput) GoString() string { + return s.String() +} + +// SetHttpEndpointEnabled sets the HttpEndpointEnabled field's value. +func (s *DisableHttpEndpointOutput) SetHttpEndpointEnabled(v bool) *DisableHttpEndpointOutput { + s.HttpEndpointEnabled = &v + return s +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *DisableHttpEndpointOutput) SetResourceArn(v string) *DisableHttpEndpointOutput { + s.ResourceArn = &v + return s +} + +// A link to documentation that provides additional information for a recommendation. +type DocLink struct { + _ struct{} `type:"structure"` + + // The text with the link to documentation for the recommendation. + Text *string `type:"string"` + + // The URL for the documentation for the recommendation. + Url *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DocLink) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DocLink) GoString() string { + return s.String() +} + +// SetText sets the Text field's value. +func (s *DocLink) SetText(v string) *DocLink { + s.Text = &v + return s +} + +// SetUrl sets the Url field's value. +func (s *DocLink) SetUrl(v string) *DocLink { + s.Url = &v + return s +} + // An Active Directory Domain membership record associated with the DB instance // or cluster. type DomainMembership struct { _ struct{} `type:"structure"` + // The ARN for the Secrets Manager secret with the credentials for the user + // that's a member of the domain. + AuthSecretArn *string `type:"string"` + + // The IPv4 DNS IP addresses of the primary and secondary Active Directory domain + // controllers. + DnsIps []*string `type:"list"` + // The identifier of the Active Directory Domain. Domain *string `type:"string"` - // The fully qualified domain name of the Active Directory Domain. + // The fully qualified domain name (FQDN) of the Active Directory Domain. FQDN *string `type:"string"` - // The name of the IAM role to be used when making API calls to the Directory - // Service. + // The name of the IAM role used when making API calls to the Directory Service. IAMRoleName *string `type:"string"` + // The Active Directory organizational unit for the DB instance or cluster. + OU *string `type:"string"` + // The status of the Active Directory Domain membership for the DB instance // or cluster. Values include joined, pending-join, failed, and so on. Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DomainMembership) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DomainMembership) GoString() string { return s.String() } +// SetAuthSecretArn sets the AuthSecretArn field's value. +func (s *DomainMembership) SetAuthSecretArn(v string) *DomainMembership { + s.AuthSecretArn = &v + return s +} + +// SetDnsIps sets the DnsIps field's value. +func (s *DomainMembership) SetDnsIps(v []*string) *DomainMembership { + s.DnsIps = v + return s +} + // SetDomain sets the Domain field's value. func (s *DomainMembership) SetDomain(v string) *DomainMembership { s.Domain = &v @@ -30799,6 +43846,12 @@ func (s *DomainMembership) SetIAMRoleName(v string) *DomainMembership { return s } +// SetOU sets the OU field's value. +func (s *DomainMembership) SetOU(v string) *DomainMembership { + s.OU = &v + return s +} + // SetStatus sets the Status field's value. func (s *DomainMembership) SetStatus(v string) *DomainMembership { s.Status = &v @@ -30816,12 +43869,20 @@ type DoubleRange struct { To *float64 `type:"double"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DoubleRange) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DoubleRange) GoString() string { return s.String() } @@ -30886,12 +43947,20 @@ type DownloadDBLogFilePortionInput struct { NumberOfLines *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DownloadDBLogFilePortionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DownloadDBLogFilePortionInput) GoString() string { return s.String() } @@ -30940,7 +44009,7 @@ func (s *DownloadDBLogFilePortionInput) SetNumberOfLines(v int64) *DownloadDBLog type DownloadDBLogFilePortionOutput struct { _ struct{} `type:"structure"` - // Boolean value that if true, indicates there is more data to be downloaded. + // A Boolean value that, if true, indicates there is more data to be downloaded. AdditionalDataPending *bool `type:"boolean"` // Entries from the specified log file. @@ -30950,12 +44019,20 @@ type DownloadDBLogFilePortionOutput struct { Marker *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DownloadDBLogFilePortionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DownloadDBLogFilePortionOutput) GoString() string { return s.String() } @@ -30980,11 +44057,11 @@ func (s *DownloadDBLogFilePortionOutput) SetMarker(v string) *DownloadDBLogFileP // This data type is used as a response element in the following actions: // -// * AuthorizeDBSecurityGroupIngress +// - AuthorizeDBSecurityGroupIngress // -// * DescribeDBSecurityGroups +// - DescribeDBSecurityGroups // -// * RevokeDBSecurityGroupIngress +// - RevokeDBSecurityGroupIngress type EC2SecurityGroup struct { _ struct{} `type:"structure"` @@ -30994,8 +44071,8 @@ type EC2SecurityGroup struct { // Specifies the name of the EC2 security group. EC2SecurityGroupName *string `type:"string"` - // Specifies the AWS ID of the owner of the EC2 security group specified in - // the EC2SecurityGroupName field. + // Specifies the Amazon Web Services ID of the owner of the EC2 security group + // specified in the EC2SecurityGroupName field. EC2SecurityGroupOwnerId *string `type:"string"` // Provides the status of the EC2 security group. Status can be "authorizing", @@ -31003,12 +44080,20 @@ type EC2SecurityGroup struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EC2SecurityGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EC2SecurityGroup) GoString() string { return s.String() } @@ -31037,15 +44122,101 @@ func (s *EC2SecurityGroup) SetStatus(v string) *EC2SecurityGroup { return s } +type EnableHttpEndpointInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the DB cluster. + // + // ResourceArn is a required field + ResourceArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableHttpEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableHttpEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableHttpEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableHttpEndpointInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *EnableHttpEndpointInput) SetResourceArn(v string) *EnableHttpEndpointInput { + s.ResourceArn = &v + return s +} + +type EnableHttpEndpointOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether the HTTP endpoint is enabled or disabled for the DB cluster. + HttpEndpointEnabled *bool `type:"boolean"` + + // The ARN of the DB cluster. + ResourceArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableHttpEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableHttpEndpointOutput) GoString() string { + return s.String() +} + +// SetHttpEndpointEnabled sets the HttpEndpointEnabled field's value. +func (s *EnableHttpEndpointOutput) SetHttpEndpointEnabled(v bool) *EnableHttpEndpointOutput { + s.HttpEndpointEnabled = &v + return s +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *EnableHttpEndpointOutput) SetResourceArn(v string) *EnableHttpEndpointOutput { + s.ResourceArn = &v + return s +} + // This data type represents the information you need to connect to an Amazon // RDS DB instance. This data type is used as a response element in the following // actions: // -// * CreateDBInstance +// - CreateDBInstance // -// * DescribeDBInstances +// - DescribeDBInstances // -// * DeleteDBInstance +// - DeleteDBInstance // // For the data structure that represents Amazon Aurora DB cluster endpoints, // see DBClusterEndpoint. @@ -31062,12 +44233,20 @@ type Endpoint struct { Port *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Endpoint) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Endpoint) GoString() string { return s.String() } @@ -31108,12 +44287,20 @@ type EngineDefaults struct { Parameters []*Parameter `locationNameList:"Parameter" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EngineDefaults) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EngineDefaults) GoString() string { return s.String() } @@ -31136,7 +44323,8 @@ func (s *EngineDefaults) SetParameters(v []*Parameter) *EngineDefaults { return s } -// This data type is used as a response element in the DescribeEvents action. +// This data type is used as a response element in the DescribeEvents (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEvents.html) +// action. type Event struct { _ struct{} `type:"structure"` @@ -31159,12 +44347,20 @@ type Event struct { SourceType *string `type:"string" enum:"SourceType"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Event) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Event) GoString() string { return s.String() } @@ -31206,6 +44402,7 @@ func (s *Event) SetSourceType(v string) *Event { } // Contains the results of a successful invocation of the DescribeEventCategories +// (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEventCategories.html) // operation. type EventCategoriesMap struct { _ struct{} `type:"structure"` @@ -31217,12 +44414,20 @@ type EventCategoriesMap struct { SourceType *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EventCategoriesMap) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EventCategoriesMap) GoString() string { return s.String() } @@ -31247,11 +44452,12 @@ type EventSubscription struct { // The RDS event notification subscription Id. CustSubscriptionId *string `type:"string"` - // The AWS customer account associated with the RDS event notification subscription. + // The Amazon Web Services customer account associated with the RDS event notification + // subscription. CustomerAwsId *string `type:"string"` - // A Boolean value indicating if the subscription is enabled. True indicates - // the subscription is enabled. + // Specifies whether the subscription is enabled. True indicates the subscription + // is enabled. Enabled *bool `type:"boolean"` // A list of event categories for the RDS event notification subscription. @@ -31285,12 +44491,20 @@ type EventSubscription struct { SubscriptionCreationTime *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EventSubscription) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EventSubscription) GoString() string { return s.String() } @@ -31355,82 +44569,109 @@ func (s *EventSubscription) SetSubscriptionCreationTime(v string) *EventSubscrip return s } -// Contains the details of a snapshot export to Amazon S3. +// Contains the details of a snapshot or cluster export to Amazon S3. // -// This data type is used as a response element in the DescribeExportTasks action. +// This data type is used as a response element in the DescribeExportTasks operation. type ExportTask struct { _ struct{} `type:"structure"` - // The data exported from the snapshot. Valid values are the following: + // The data exported from the snapshot or cluster. + // + // Valid Values: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is exported to. + // A unique identifier for the snapshot or cluster export task. This ID isn't + // an identifier for the Amazon S3 bucket where the data is exported. ExportTaskIdentifier *string `type:"string"` // The reason the export failed, if it failed. FailureCause *string `type:"string"` // The name of the IAM role that is used to write to Amazon S3 when exporting - // a snapshot. + // a snapshot or cluster. IamRoleArn *string `type:"string"` - // The key identifier of the AWS KMS customer master key (CMK) that is used - // to encrypt the snapshot when it's exported to Amazon S3. The AWS KMS CMK - // identifier is its key ARN, key ID, alias ARN, or alias name. The IAM role - // used for the snapshot export must have encryption and decryption permissions - // to use this AWS KMS CMK. + // The key identifier of the Amazon Web Services KMS key that is used to encrypt + // the data when it's exported to Amazon S3. The KMS key identifier is its key + // ARN, key ID, alias ARN, or alias name. The IAM role used for the export must + // have encryption and decryption permissions to use this KMS key. KmsKeyId *string `type:"string"` - // The progress of the snapshot export task as a percentage. + // The progress of the snapshot or cluster export task as a percentage. PercentProgress *int64 `type:"integer"` - // The Amazon S3 bucket that the snapshot is exported to. + // The Amazon S3 bucket where the snapshot or cluster is exported to. S3Bucket *string `type:"string"` // The Amazon S3 bucket prefix that is the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` - // The time that the snapshot was created. + // The time when the snapshot was created. SnapshotTime *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` - // The progress status of the export task. + // The type of source for the export. + SourceType *string `type:"string" enum:"ExportSourceType"` + + // The progress status of the export task. The status can be one of the following: + // + // * CANCELED + // + // * CANCELING + // + // * COMPLETE + // + // * FAILED + // + // * IN_PROGRESS + // + // * STARTING Status *string `type:"string"` - // The time that the snapshot export task completed. + // The time when the snapshot or cluster export task ended. TaskEndTime *time.Time `type:"timestamp"` - // The time that the snapshot export task started. + // The time when the snapshot or cluster export task started. TaskStartTime *time.Time `type:"timestamp"` // The total amount of data exported, in gigabytes. TotalExtractedDataInGB *int64 `type:"integer"` - // A warning about the snapshot export task. + // A warning about the snapshot or cluster export task. WarningMessage *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ExportTask) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ExportTask) GoString() string { return s.String() } @@ -31495,6 +44736,12 @@ func (s *ExportTask) SetSourceArn(v string) *ExportTask { return s } +// SetSourceType sets the SourceType field's value. +func (s *ExportTask) SetSourceType(v string) *ExportTask { + s.SourceType = &v + return s +} + // SetStatus sets the Status field's value. func (s *ExportTask) SetStatus(v string) *ExportTask { s.Status = &v @@ -31528,28 +44775,39 @@ func (s *ExportTask) SetWarningMessage(v string) *ExportTask { type FailoverDBClusterInput struct { _ struct{} `type:"structure"` - // A DB cluster identifier to force a failover for. This parameter isn't case-sensitive. + // The identifier of the DB cluster to force a failover for. This parameter + // isn't case-sensitive. // // Constraints: // - // * Must match the identifier of an existing DBCluster. + // * Must match the identifier of an existing DB cluster. // // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` - // The name of the instance to promote to the primary instance. + // The name of the DB instance to promote to the primary DB instance. // - // You must specify the instance identifier for an Aurora Replica in the DB - // cluster. For example, mydbcluster-replica1. + // Specify the DB instance identifier for an Aurora Replica or a Multi-AZ readable + // standby in the DB cluster, for example mydbcluster-replica1. + // + // This setting isn't supported for RDS for MySQL Multi-AZ DB clusters. TargetDBInstanceIdentifier *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FailoverDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FailoverDBClusterInput) GoString() string { return s.String() } @@ -31582,19 +44840,41 @@ func (s *FailoverDBClusterInput) SetTargetDBInstanceIdentifier(v string) *Failov type FailoverDBClusterOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FailoverDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FailoverDBClusterOutput) GoString() string { return s.String() } @@ -31605,6 +44885,224 @@ func (s *FailoverDBClusterOutput) SetDBCluster(v *DBCluster) *FailoverDBClusterO return s } +type FailoverGlobalClusterInput struct { + _ struct{} `type:"structure"` + + // Specifies whether to allow data loss for this global database cluster operation. + // Allowing data loss triggers a global failover operation. + // + // If you don't specify AllowDataLoss, the global database cluster operation + // defaults to a switchover. + // + // Constraints: + // + // * Can't be specified together with the Switchover parameter. + AllowDataLoss *bool `type:"boolean"` + + // The identifier of the global database cluster (Aurora global database) this + // operation should apply to. The identifier is the unique key assigned by the + // user when the Aurora global database is created. In other words, it's the + // name of the Aurora global database. + // + // Constraints: + // + // * Must match the identifier of an existing global database cluster. + // + // GlobalClusterIdentifier is a required field + GlobalClusterIdentifier *string `min:"1" type:"string" required:"true"` + + // Specifies whether to switch over this global database cluster. + // + // Constraints: + // + // * Can't be specified together with the AllowDataLoss parameter. + Switchover *bool `type:"boolean"` + + // The identifier of the secondary Aurora DB cluster that you want to promote + // to the primary for the global database cluster. Use the Amazon Resource Name + // (ARN) for the identifier so that Aurora can locate the cluster in its Amazon + // Web Services Region. + // + // TargetDbClusterIdentifier is a required field + TargetDbClusterIdentifier *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FailoverGlobalClusterInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FailoverGlobalClusterInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *FailoverGlobalClusterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "FailoverGlobalClusterInput"} + if s.GlobalClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("GlobalClusterIdentifier")) + } + if s.GlobalClusterIdentifier != nil && len(*s.GlobalClusterIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GlobalClusterIdentifier", 1)) + } + if s.TargetDbClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("TargetDbClusterIdentifier")) + } + if s.TargetDbClusterIdentifier != nil && len(*s.TargetDbClusterIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetDbClusterIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAllowDataLoss sets the AllowDataLoss field's value. +func (s *FailoverGlobalClusterInput) SetAllowDataLoss(v bool) *FailoverGlobalClusterInput { + s.AllowDataLoss = &v + return s +} + +// SetGlobalClusterIdentifier sets the GlobalClusterIdentifier field's value. +func (s *FailoverGlobalClusterInput) SetGlobalClusterIdentifier(v string) *FailoverGlobalClusterInput { + s.GlobalClusterIdentifier = &v + return s +} + +// SetSwitchover sets the Switchover field's value. +func (s *FailoverGlobalClusterInput) SetSwitchover(v bool) *FailoverGlobalClusterInput { + s.Switchover = &v + return s +} + +// SetTargetDbClusterIdentifier sets the TargetDbClusterIdentifier field's value. +func (s *FailoverGlobalClusterInput) SetTargetDbClusterIdentifier(v string) *FailoverGlobalClusterInput { + s.TargetDbClusterIdentifier = &v + return s +} + +type FailoverGlobalClusterOutput struct { + _ struct{} `type:"structure"` + + // A data type representing an Aurora global database. + GlobalCluster *GlobalCluster `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FailoverGlobalClusterOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FailoverGlobalClusterOutput) GoString() string { + return s.String() +} + +// SetGlobalCluster sets the GlobalCluster field's value. +func (s *FailoverGlobalClusterOutput) SetGlobalCluster(v *GlobalCluster) *FailoverGlobalClusterOutput { + s.GlobalCluster = v + return s +} + +// Contains the state of scheduled or in-process operations on a global cluster +// (Aurora global database). This data type is empty unless a switchover or +// failover operation is scheduled or is in progress on the Aurora global database. +type FailoverState struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently + // being demoted, and which is associated with this state. + FromDbClusterArn *string `type:"string"` + + // Indicates whether the operation is a global switchover or a global failover. + // If data loss is allowed, then the operation is a global failover. Otherwise, + // it's a switchover. + IsDataLossAllowed *bool `type:"boolean"` + + // The current status of the global cluster. Possible values are as follows: + // + // * pending – The service received a request to switch over or fail over + // the global cluster. The global cluster's primary DB cluster and the specified + // secondary DB cluster are being verified before the operation starts. + // + // * failing-over – Aurora is promoting the chosen secondary Aurora DB cluster + // to become the new primary DB cluster to fail over the global cluster. + // + // * cancelling – The request to switch over or fail over the global cluster + // was cancelled and the primary Aurora DB cluster and the selected secondary + // Aurora DB cluster are returning to their previous states. + // + // * switching-over – This status covers the range of Aurora internal operations + // that take place during the switchover process, such as demoting the primary + // Aurora DB cluster, promoting the secondary Aurora DB cluster, and synchronizing + // replicas. + Status *string `type:"string" enum:"FailoverStatus"` + + // The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently + // being promoted, and which is associated with this state. + ToDbClusterArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FailoverState) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FailoverState) GoString() string { + return s.String() +} + +// SetFromDbClusterArn sets the FromDbClusterArn field's value. +func (s *FailoverState) SetFromDbClusterArn(v string) *FailoverState { + s.FromDbClusterArn = &v + return s +} + +// SetIsDataLossAllowed sets the IsDataLossAllowed field's value. +func (s *FailoverState) SetIsDataLossAllowed(v bool) *FailoverState { + s.IsDataLossAllowed = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *FailoverState) SetStatus(v string) *FailoverState { + s.Status = &v + return s +} + +// SetToDbClusterArn sets the ToDbClusterArn field's value. +func (s *FailoverState) SetToDbClusterArn(v string) *FailoverState { + s.ToDbClusterArn = &v + return s +} + // A filter name and value pair that is used to return a more specific list // of results from a describe operation. Filters can be used to match a set // of resources by specific criteria, such as IDs. The filters supported by @@ -31614,15 +45112,19 @@ func (s *FailoverDBClusterOutput) SetDBCluster(v *DBCluster) *FailoverDBClusterO // // The following actions can be filtered: // -// * DescribeDBClusterBacktracks +// - DescribeDBClusterBacktracks // -// * DescribeDBClusterEndpoints +// - DescribeDBClusterEndpoints // -// * DescribeDBClusters +// - DescribeDBClusters // -// * DescribeDBInstances +// - DescribeDBInstances // -// * DescribePendingMaintenanceActions +// - DescribeDBRecommendations +// +// - DescribeDBShardGroups +// +// - DescribePendingMaintenanceActions type Filter struct { _ struct{} `type:"structure"` @@ -31637,12 +45139,20 @@ type Filter struct { Values []*string `locationNameList:"Value" type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Filter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Filter) GoString() string { return s.String() } @@ -31688,9 +45198,20 @@ type GlobalCluster struct { // The Aurora database engine used by the global database cluster. Engine *string `type:"string"` + // The life cycle type for the global cluster. + // + // For more information, see CreateGlobalCluster. + EngineLifecycleSupport *string `type:"string"` + // Indicates the database engine version. EngineVersion *string `type:"string"` + // A data object containing all properties for the current state of an in-process + // or pending switchover or failover process for this global cluster (Aurora + // global database). This object is empty unless the SwitchoverGlobalCluster + // or FailoverGlobalCluster operation was called on this global cluster. + FailoverState *FailoverState `type:"structure"` + // The Amazon Resource Name (ARN) for the global database cluster. GlobalClusterArn *string `type:"string"` @@ -31698,13 +45219,13 @@ type GlobalCluster struct { // is the unique key that identifies a global database cluster. GlobalClusterIdentifier *string `type:"string"` - // The list of cluster IDs for secondary clusters within the global database - // cluster. Currently limited to 1 item. + // The list of primary and secondary clusters within the global database cluster. GlobalClusterMembers []*GlobalClusterMember `locationNameList:"GlobalClusterMember" type:"list"` - // The AWS Region-unique, immutable identifier for the global database cluster. - // This identifier is found in AWS CloudTrail log entries whenever the AWS KMS - // customer master key (CMK) for the DB cluster is accessed. + // The Amazon Web Services Region-unique, immutable identifier for the global + // database cluster. This identifier is found in Amazon Web Services CloudTrail + // log entries whenever the Amazon Web Services KMS key for the DB cluster is + // accessed. GlobalClusterResourceId *string `type:"string"` // Specifies the current state of this global database cluster. @@ -31714,12 +45235,20 @@ type GlobalCluster struct { StorageEncrypted *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GlobalCluster) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GlobalCluster) GoString() string { return s.String() } @@ -31742,12 +45271,24 @@ func (s *GlobalCluster) SetEngine(v string) *GlobalCluster { return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *GlobalCluster) SetEngineLifecycleSupport(v string) *GlobalCluster { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *GlobalCluster) SetEngineVersion(v string) *GlobalCluster { s.EngineVersion = &v return s } +// SetFailoverState sets the FailoverState field's value. +func (s *GlobalCluster) SetFailoverState(v *FailoverState) *GlobalCluster { + s.FailoverState = v + return s +} + // SetGlobalClusterArn sets the GlobalClusterArn field's value. func (s *GlobalCluster) SetGlobalClusterArn(v string) *GlobalCluster { s.GlobalClusterArn = &v @@ -31785,32 +45326,42 @@ func (s *GlobalCluster) SetStorageEncrypted(v bool) *GlobalCluster { } // A data structure with information about any primary and secondary clusters -// associated with an Aurora global database. +// associated with a global cluster (Aurora global database). type GlobalClusterMember struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) for each Aurora cluster. + // The Amazon Resource Name (ARN) for each Aurora DB cluster in the global cluster. DBClusterArn *string `type:"string"` - // Specifies whether a secondary cluster in an Aurora global database has write - // forwarding enabled, not enabled, or is in the process of enabling it. + // The status of write forwarding for a secondary cluster in the global cluster. GlobalWriteForwardingStatus *string `type:"string" enum:"WriteForwardingStatus"` - // Specifies whether the Aurora cluster is the primary cluster (that is, has - // read-write capability) for the Aurora global database with which it is associated. + // Indicates whether the Aurora DB cluster is the primary cluster (that is, + // has read-write capability) for the global cluster with which it is associated. IsWriter *bool `type:"boolean"` // The Amazon Resource Name (ARN) for each read-only secondary cluster associated - // with the Aurora global database. + // with the global cluster. Readers []*string `type:"list"` + + // The status of synchronization of each Aurora DB cluster in the global cluster. + SynchronizationStatus *string `type:"string" enum:"GlobalClusterMemberSynchronizationStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GlobalClusterMember) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GlobalClusterMember) GoString() string { return s.String() } @@ -31839,25 +45390,39 @@ func (s *GlobalClusterMember) SetReaders(v []*string) *GlobalClusterMember { return s } +// SetSynchronizationStatus sets the SynchronizationStatus field's value. +func (s *GlobalClusterMember) SetSynchronizationStatus(v string) *GlobalClusterMember { + s.SynchronizationStatus = &v + return s +} + // This data type is used as a response element in the DescribeDBSecurityGroups // action. type IPRange struct { _ struct{} `type:"structure"` - // Specifies the IP range. + // The IP range. CIDRIP *string `type:"string"` - // Specifies the status of the IP range. Status can be "authorizing", "authorized", - // "revoking", and "revoked". + // The status of the IP range. Status can be "authorizing", "authorized", "revoking", + // and "revoked". Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IPRange) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IPRange) GoString() string { return s.String() } @@ -31874,331 +45439,258 @@ func (s *IPRange) SetStatus(v string) *IPRange { return s } -type ImportInstallationMediaInput struct { +// A zero-ETL integration with Amazon Redshift. +type Integration struct { _ struct{} `type:"structure"` - // The identifier of the custom Availability Zone (AZ) to import the installation - // media to. - // - // CustomAvailabilityZoneId is a required field - CustomAvailabilityZoneId *string `type:"string" required:"true"` + // The encryption context for the integration. For more information, see Encryption + // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Amazon Web Services Key Management Service Developer Guide. + AdditionalEncryptionContext map[string]*string `type:"map"` - // The name of the database engine to be used for this instance. - // - // The list only includes supported DB engines that require an on-premises customer - // provided license. - // - // Valid Values: - // - // * sqlserver-ee - // - // * sqlserver-se - // - // * sqlserver-ex - // - // * sqlserver-web - // - // Engine is a required field - Engine *string `type:"string" required:"true"` + // The time when the integration was created, in Universal Coordinated Time + // (UTC). + CreateTime *time.Time `type:"timestamp"` - // The path to the installation medium for the specified DB engine. - // - // Example: SQLServerISO/en_sql_server_2016_enterprise_x64_dvd_8701793.iso - // - // EngineInstallationMediaPath is a required field - EngineInstallationMediaPath *string `type:"string" required:"true"` + // Data filters for the integration. These filters determine which tables from + // the source database are sent to the target Amazon Redshift data warehouse. + DataFilter *string `min:"1" type:"string"` - // The version number of the database engine to use. - // - // For a list of valid engine versions, call DescribeDBEngineVersions. - // - // The following are the database engines and links to information about the - // major and minor versions. The list only includes DB engines that require - // an on-premises customer provided license. - // - // Microsoft SQL Server - // - // See Microsoft SQL Server Versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) - // in the Amazon RDS User Guide. - // - // EngineVersion is a required field - EngineVersion *string `type:"string" required:"true"` + // A description of the integration. + Description *string `type:"string"` - // The path to the installation medium for the operating system associated with - // the specified DB engine. - // - // Example: WindowsISO/en_windows_server_2016_x64_dvd_9327751.iso - // - // OSInstallationMediaPath is a required field - OSInstallationMediaPath *string `type:"string" required:"true"` -} + // Any errors associated with the integration. + Errors []*IntegrationError `locationNameList:"IntegrationError" type:"list"` -// String returns the string representation -func (s ImportInstallationMediaInput) String() string { - return awsutil.Prettify(s) -} + // The ARN of the integration. + IntegrationArn *string `min:"1" type:"string"` -// GoString returns the string representation -func (s ImportInstallationMediaInput) GoString() string { - return s.String() -} + // The name of the integration. + IntegrationName *string `min:"1" type:"string"` -// Validate inspects the fields of the type to determine if they are valid. -func (s *ImportInstallationMediaInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ImportInstallationMediaInput"} - if s.CustomAvailabilityZoneId == nil { - invalidParams.Add(request.NewErrParamRequired("CustomAvailabilityZoneId")) - } - if s.Engine == nil { - invalidParams.Add(request.NewErrParamRequired("Engine")) - } - if s.EngineInstallationMediaPath == nil { - invalidParams.Add(request.NewErrParamRequired("EngineInstallationMediaPath")) - } - if s.EngineVersion == nil { - invalidParams.Add(request.NewErrParamRequired("EngineVersion")) - } - if s.OSInstallationMediaPath == nil { - invalidParams.Add(request.NewErrParamRequired("OSInstallationMediaPath")) - } + // The Amazon Web Services Key Management System (Amazon Web Services KMS) key + // identifier for the key used to to encrypt the integration. + KMSKeyId *string `type:"string"` - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} + // The Amazon Resource Name (ARN) of the database used as the source for replication. + SourceArn *string `min:"1" type:"string"` -// SetCustomAvailabilityZoneId sets the CustomAvailabilityZoneId field's value. -func (s *ImportInstallationMediaInput) SetCustomAvailabilityZoneId(v string) *ImportInstallationMediaInput { - s.CustomAvailabilityZoneId = &v - return s -} + // The current status of the integration. + Status *string `type:"string" enum:"IntegrationStatus"` -// SetEngine sets the Engine field's value. -func (s *ImportInstallationMediaInput) SetEngine(v string) *ImportInstallationMediaInput { - s.Engine = &v - return s + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // The ARN of the Redshift data warehouse used as the target for replication. + TargetArn *string `min:"20" type:"string"` } -// SetEngineInstallationMediaPath sets the EngineInstallationMediaPath field's value. -func (s *ImportInstallationMediaInput) SetEngineInstallationMediaPath(v string) *ImportInstallationMediaInput { - s.EngineInstallationMediaPath = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Integration) String() string { + return awsutil.Prettify(s) } -// SetEngineVersion sets the EngineVersion field's value. -func (s *ImportInstallationMediaInput) SetEngineVersion(v string) *ImportInstallationMediaInput { - s.EngineVersion = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Integration) GoString() string { + return s.String() } -// SetOSInstallationMediaPath sets the OSInstallationMediaPath field's value. -func (s *ImportInstallationMediaInput) SetOSInstallationMediaPath(v string) *ImportInstallationMediaInput { - s.OSInstallationMediaPath = &v +// SetAdditionalEncryptionContext sets the AdditionalEncryptionContext field's value. +func (s *Integration) SetAdditionalEncryptionContext(v map[string]*string) *Integration { + s.AdditionalEncryptionContext = v return s } -// Contains the installation media for a DB engine that requires an on-premises -// customer provided license, such as Microsoft SQL Server. -type ImportInstallationMediaOutput struct { - _ struct{} `type:"structure"` - - // The custom Availability Zone (AZ) that contains the installation media. - CustomAvailabilityZoneId *string `type:"string"` - - // The DB engine. - Engine *string `type:"string"` - - // The path to the installation medium for the DB engine. - EngineInstallationMediaPath *string `type:"string"` - - // The engine version of the DB engine. - EngineVersion *string `type:"string"` - - // If an installation media failure occurred, the cause of the failure. - FailureCause *InstallationMediaFailureCause `type:"structure"` - - // The installation medium ID. - InstallationMediaId *string `type:"string"` - - // The path to the installation medium for the operating system associated with - // the DB engine. - OSInstallationMediaPath *string `type:"string"` - - // The status of the installation medium. - Status *string `type:"string"` +// SetCreateTime sets the CreateTime field's value. +func (s *Integration) SetCreateTime(v time.Time) *Integration { + s.CreateTime = &v + return s } -// String returns the string representation -func (s ImportInstallationMediaOutput) String() string { - return awsutil.Prettify(s) +// SetDataFilter sets the DataFilter field's value. +func (s *Integration) SetDataFilter(v string) *Integration { + s.DataFilter = &v + return s } -// GoString returns the string representation -func (s ImportInstallationMediaOutput) GoString() string { - return s.String() +// SetDescription sets the Description field's value. +func (s *Integration) SetDescription(v string) *Integration { + s.Description = &v + return s } -// SetCustomAvailabilityZoneId sets the CustomAvailabilityZoneId field's value. -func (s *ImportInstallationMediaOutput) SetCustomAvailabilityZoneId(v string) *ImportInstallationMediaOutput { - s.CustomAvailabilityZoneId = &v +// SetErrors sets the Errors field's value. +func (s *Integration) SetErrors(v []*IntegrationError) *Integration { + s.Errors = v return s } -// SetEngine sets the Engine field's value. -func (s *ImportInstallationMediaOutput) SetEngine(v string) *ImportInstallationMediaOutput { - s.Engine = &v +// SetIntegrationArn sets the IntegrationArn field's value. +func (s *Integration) SetIntegrationArn(v string) *Integration { + s.IntegrationArn = &v return s } -// SetEngineInstallationMediaPath sets the EngineInstallationMediaPath field's value. -func (s *ImportInstallationMediaOutput) SetEngineInstallationMediaPath(v string) *ImportInstallationMediaOutput { - s.EngineInstallationMediaPath = &v +// SetIntegrationName sets the IntegrationName field's value. +func (s *Integration) SetIntegrationName(v string) *Integration { + s.IntegrationName = &v return s } -// SetEngineVersion sets the EngineVersion field's value. -func (s *ImportInstallationMediaOutput) SetEngineVersion(v string) *ImportInstallationMediaOutput { - s.EngineVersion = &v +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *Integration) SetKMSKeyId(v string) *Integration { + s.KMSKeyId = &v return s } -// SetFailureCause sets the FailureCause field's value. -func (s *ImportInstallationMediaOutput) SetFailureCause(v *InstallationMediaFailureCause) *ImportInstallationMediaOutput { - s.FailureCause = v +// SetSourceArn sets the SourceArn field's value. +func (s *Integration) SetSourceArn(v string) *Integration { + s.SourceArn = &v return s } -// SetInstallationMediaId sets the InstallationMediaId field's value. -func (s *ImportInstallationMediaOutput) SetInstallationMediaId(v string) *ImportInstallationMediaOutput { - s.InstallationMediaId = &v +// SetStatus sets the Status field's value. +func (s *Integration) SetStatus(v string) *Integration { + s.Status = &v return s } -// SetOSInstallationMediaPath sets the OSInstallationMediaPath field's value. -func (s *ImportInstallationMediaOutput) SetOSInstallationMediaPath(v string) *ImportInstallationMediaOutput { - s.OSInstallationMediaPath = &v +// SetTags sets the Tags field's value. +func (s *Integration) SetTags(v []*Tag) *Integration { + s.Tags = v return s } -// SetStatus sets the Status field's value. -func (s *ImportInstallationMediaOutput) SetStatus(v string) *ImportInstallationMediaOutput { - s.Status = &v +// SetTargetArn sets the TargetArn field's value. +func (s *Integration) SetTargetArn(v string) *Integration { + s.TargetArn = &v return s } -// Contains the installation media for a DB engine that requires an on-premises -// customer provided license, such as Microsoft SQL Server. -type InstallationMedia struct { +// An error associated with a zero-ETL integration with Amazon Redshift. +type IntegrationError struct { _ struct{} `type:"structure"` - // The custom Availability Zone (AZ) that contains the installation media. - CustomAvailabilityZoneId *string `type:"string"` - - // The DB engine. - Engine *string `type:"string"` - - // The path to the installation medium for the DB engine. - EngineInstallationMediaPath *string `type:"string"` - - // The engine version of the DB engine. - EngineVersion *string `type:"string"` - - // If an installation media failure occurred, the cause of the failure. - FailureCause *InstallationMediaFailureCause `type:"structure"` - - // The installation medium ID. - InstallationMediaId *string `type:"string"` - - // The path to the installation medium for the operating system associated with - // the DB engine. - OSInstallationMediaPath *string `type:"string"` + // The error code associated with the integration. + // + // ErrorCode is a required field + ErrorCode *string `type:"string" required:"true"` - // The status of the installation medium. - Status *string `type:"string"` + // A message explaining the error. + ErrorMessage *string `type:"string"` } -// String returns the string representation -func (s InstallationMedia) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IntegrationError) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s InstallationMedia) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IntegrationError) GoString() string { return s.String() } -// SetCustomAvailabilityZoneId sets the CustomAvailabilityZoneId field's value. -func (s *InstallationMedia) SetCustomAvailabilityZoneId(v string) *InstallationMedia { - s.CustomAvailabilityZoneId = &v +// SetErrorCode sets the ErrorCode field's value. +func (s *IntegrationError) SetErrorCode(v string) *IntegrationError { + s.ErrorCode = &v return s } -// SetEngine sets the Engine field's value. -func (s *InstallationMedia) SetEngine(v string) *InstallationMedia { - s.Engine = &v +// SetErrorMessage sets the ErrorMessage field's value. +func (s *IntegrationError) SetErrorMessage(v string) *IntegrationError { + s.ErrorMessage = &v return s } -// SetEngineInstallationMediaPath sets the EngineInstallationMediaPath field's value. -func (s *InstallationMedia) SetEngineInstallationMediaPath(v string) *InstallationMedia { - s.EngineInstallationMediaPath = &v - return s -} - -// SetEngineVersion sets the EngineVersion field's value. -func (s *InstallationMedia) SetEngineVersion(v string) *InstallationMedia { - s.EngineVersion = &v - return s -} +// The details of an issue with your DB instances, DB clusters, and DB parameter +// groups. +type IssueDetails struct { + _ struct{} `type:"structure"` -// SetFailureCause sets the FailureCause field's value. -func (s *InstallationMedia) SetFailureCause(v *InstallationMediaFailureCause) *InstallationMedia { - s.FailureCause = v - return s + // A detailed description of the issue when the recommendation category is performance. + PerformanceIssueDetails *PerformanceIssueDetails `type:"structure"` } -// SetInstallationMediaId sets the InstallationMediaId field's value. -func (s *InstallationMedia) SetInstallationMediaId(v string) *InstallationMedia { - s.InstallationMediaId = &v - return s +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IssueDetails) String() string { + return awsutil.Prettify(s) } -// SetOSInstallationMediaPath sets the OSInstallationMediaPath field's value. -func (s *InstallationMedia) SetOSInstallationMediaPath(v string) *InstallationMedia { - s.OSInstallationMediaPath = &v - return s +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s IssueDetails) GoString() string { + return s.String() } -// SetStatus sets the Status field's value. -func (s *InstallationMedia) SetStatus(v string) *InstallationMedia { - s.Status = &v +// SetPerformanceIssueDetails sets the PerformanceIssueDetails field's value. +func (s *IssueDetails) SetPerformanceIssueDetails(v *PerformanceIssueDetails) *IssueDetails { + s.PerformanceIssueDetails = v return s } -// Contains the cause of an installation media failure. Installation media is -// used for a DB engine that requires an on-premises customer provided license, -// such as Microsoft SQL Server. -type InstallationMediaFailureCause struct { +// Contains details for Aurora Limitless Database. +type LimitlessDatabase struct { _ struct{} `type:"structure"` - // The reason that an installation media import failed. - Message *string `type:"string"` + // The minimum required capacity for Aurora Limitless Database in Aurora capacity + // units (ACUs). + MinRequiredACU *float64 `type:"double"` + + // The status of Aurora Limitless Database. + Status *string `type:"string" enum:"LimitlessDatabaseStatus"` } -// String returns the string representation -func (s InstallationMediaFailureCause) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LimitlessDatabase) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s InstallationMediaFailureCause) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LimitlessDatabase) GoString() string { return s.String() } -// SetMessage sets the Message field's value. -func (s *InstallationMediaFailureCause) SetMessage(v string) *InstallationMediaFailureCause { - s.Message = &v +// SetMinRequiredACU sets the MinRequiredACU field's value. +func (s *LimitlessDatabase) SetMinRequiredACU(v float64) *LimitlessDatabase { + s.MinRequiredACU = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *LimitlessDatabase) SetStatus(v string) *LimitlessDatabase { + s.Status = &v return s } @@ -32217,12 +45709,20 @@ type ListTagsForResourceInput struct { ResourceName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListTagsForResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListTagsForResourceInput) GoString() string { return s.String() } @@ -32269,12 +45769,20 @@ type ListTagsForResourceOutput struct { TagList []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListTagsForResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListTagsForResourceOutput) GoString() string { return s.String() } @@ -32285,6 +45793,214 @@ func (s *ListTagsForResourceOutput) SetTagList(v []*Tag) *ListTagsForResourceOut return s } +// Contains the secret managed by RDS in Amazon Web Services Secrets Manager +// for the master user password. +// +// For more information, see Password management with Amazon Web Services Secrets +// Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) +// in the Amazon RDS User Guide and Password management with Amazon Web Services +// Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) +// in the Amazon Aurora User Guide. +type MasterUserSecret struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services KMS key identifier that is used to encrypt the secret. + KmsKeyId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the secret. + SecretArn *string `type:"string"` + + // The status of the secret. + // + // The possible status values include the following: + // + // * creating - The secret is being created. + // + // * active - The secret is available for normal use and rotation. + // + // * rotating - The secret is being rotated. + // + // * impaired - The secret can be used to access database credentials, but + // it can't be rotated. A secret might have this status if, for example, + // permissions are changed so that RDS can no longer access either the secret + // or the KMS key for the secret. When a secret has this status, you can + // correct the condition that caused the status. Alternatively, modify the + // DB instance to turn off automatic management of database credentials, + // and then modify the DB instance again to turn on automatic management + // of database credentials. + SecretStatus *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MasterUserSecret) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MasterUserSecret) GoString() string { + return s.String() +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *MasterUserSecret) SetKmsKeyId(v string) *MasterUserSecret { + s.KmsKeyId = &v + return s +} + +// SetSecretArn sets the SecretArn field's value. +func (s *MasterUserSecret) SetSecretArn(v string) *MasterUserSecret { + s.SecretArn = &v + return s +} + +// SetSecretStatus sets the SecretStatus field's value. +func (s *MasterUserSecret) SetSecretStatus(v string) *MasterUserSecret { + s.SecretStatus = &v + return s +} + +// The representation of a metric. +type Metric struct { + _ struct{} `type:"structure"` + + // The query to retrieve metric data points. + MetricQuery *MetricQuery `type:"structure"` + + // The name of a metric. + Name *string `type:"string"` + + // A list of metric references (thresholds). + References []*MetricReference `type:"list"` + + // The details of different statistics for a metric. The description might contain + // markdown. + StatisticsDetails *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Metric) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Metric) GoString() string { + return s.String() +} + +// SetMetricQuery sets the MetricQuery field's value. +func (s *Metric) SetMetricQuery(v *MetricQuery) *Metric { + s.MetricQuery = v + return s +} + +// SetName sets the Name field's value. +func (s *Metric) SetName(v string) *Metric { + s.Name = &v + return s +} + +// SetReferences sets the References field's value. +func (s *Metric) SetReferences(v []*MetricReference) *Metric { + s.References = v + return s +} + +// SetStatisticsDetails sets the StatisticsDetails field's value. +func (s *Metric) SetStatisticsDetails(v string) *Metric { + s.StatisticsDetails = &v + return s +} + +// The query to retrieve metric data points. +type MetricQuery struct { + _ struct{} `type:"structure"` + + // The Performance Insights query that you can use to retrieve Performance Insights + // metric data points. + PerformanceInsightsMetricQuery *PerformanceInsightsMetricQuery `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricQuery) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricQuery) GoString() string { + return s.String() +} + +// SetPerformanceInsightsMetricQuery sets the PerformanceInsightsMetricQuery field's value. +func (s *MetricQuery) SetPerformanceInsightsMetricQuery(v *PerformanceInsightsMetricQuery) *MetricQuery { + s.PerformanceInsightsMetricQuery = v + return s +} + +// The reference (threshold) for a metric. +type MetricReference struct { + _ struct{} `type:"structure"` + + // The name of the metric reference. + Name *string `type:"string"` + + // The details of a performance issue. + ReferenceDetails *ReferenceDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricReference) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricReference) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *MetricReference) SetName(v string) *MetricReference { + s.Name = &v + return s +} + +// SetReferenceDetails sets the ReferenceDetails field's value. +func (s *MetricReference) SetReferenceDetails(v *ReferenceDetails) *MetricReference { + s.ReferenceDetails = v + return s +} + // The minimum DB engine version required for each corresponding allowed value // for an option setting. type MinimumEngineVersionPerAllowedValue struct { @@ -32297,12 +46013,20 @@ type MinimumEngineVersionPerAllowedValue struct { MinimumEngineVersion *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MinimumEngineVersionPerAllowedValue) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MinimumEngineVersionPerAllowedValue) GoString() string { return s.String() } @@ -32319,26 +46043,157 @@ func (s *MinimumEngineVersionPerAllowedValue) SetMinimumEngineVersion(v string) return s } +type ModifyActivityStreamInput struct { + _ struct{} `type:"structure"` + + // The audit policy state. When a policy is unlocked, it is read/write. When + // it is locked, it is read-only. You can edit your audit policy only when the + // activity stream is unlocked or stopped. + AuditPolicyState *string `type:"string" enum:"AuditPolicyState"` + + // The Amazon Resource Name (ARN) of the RDS for Oracle or Microsoft SQL Server + // DB instance. For example, arn:aws:rds:us-east-1:12345667890:db:my-orcl-db. + ResourceArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyActivityStreamInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyActivityStreamInput) GoString() string { + return s.String() +} + +// SetAuditPolicyState sets the AuditPolicyState field's value. +func (s *ModifyActivityStreamInput) SetAuditPolicyState(v string) *ModifyActivityStreamInput { + s.AuditPolicyState = &v + return s +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *ModifyActivityStreamInput) SetResourceArn(v string) *ModifyActivityStreamInput { + s.ResourceArn = &v + return s +} + +type ModifyActivityStreamOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether engine-native audit fields are included in the database + // activity stream. + EngineNativeAuditFieldsIncluded *bool `type:"boolean"` + + // The name of the Amazon Kinesis data stream to be used for the database activity + // stream. + KinesisStreamName *string `type:"string"` + + // The Amazon Web Services KMS key identifier for encryption of messages in + // the database activity stream. + KmsKeyId *string `type:"string"` + + // The mode of the database activity stream. + Mode *string `type:"string" enum:"ActivityStreamMode"` + + // The status of the modification to the policy state of the database activity + // stream. + PolicyStatus *string `type:"string" enum:"ActivityStreamPolicyStatus"` + + // The status of the modification to the database activity stream. + Status *string `type:"string" enum:"ActivityStreamStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyActivityStreamOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyActivityStreamOutput) GoString() string { + return s.String() +} + +// SetEngineNativeAuditFieldsIncluded sets the EngineNativeAuditFieldsIncluded field's value. +func (s *ModifyActivityStreamOutput) SetEngineNativeAuditFieldsIncluded(v bool) *ModifyActivityStreamOutput { + s.EngineNativeAuditFieldsIncluded = &v + return s +} + +// SetKinesisStreamName sets the KinesisStreamName field's value. +func (s *ModifyActivityStreamOutput) SetKinesisStreamName(v string) *ModifyActivityStreamOutput { + s.KinesisStreamName = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *ModifyActivityStreamOutput) SetKmsKeyId(v string) *ModifyActivityStreamOutput { + s.KmsKeyId = &v + return s +} + +// SetMode sets the Mode field's value. +func (s *ModifyActivityStreamOutput) SetMode(v string) *ModifyActivityStreamOutput { + s.Mode = &v + return s +} + +// SetPolicyStatus sets the PolicyStatus field's value. +func (s *ModifyActivityStreamOutput) SetPolicyStatus(v string) *ModifyActivityStreamOutput { + s.PolicyStatus = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ModifyActivityStreamOutput) SetStatus(v string) *ModifyActivityStreamOutput { + s.Status = &v + return s +} + type ModifyCertificatesInput struct { _ struct{} `type:"structure"` // The new default certificate identifier to override the current one with. // - // To determine the valid values, use the describe-certificates AWS CLI command + // To determine the valid values, use the describe-certificates CLI command // or the DescribeCertificates API operation. CertificateIdentifier *string `type:"string"` - // A value that indicates whether to remove the override for the default certificate. - // If the override is removed, the default certificate is the system default. + // Specifies whether to remove the override for the default certificate. If + // the override is removed, the default certificate is the system default. RemoveCustomerOverride *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCertificatesInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCertificatesInput) GoString() string { return s.String() } @@ -32358,16 +46213,30 @@ func (s *ModifyCertificatesInput) SetRemoveCustomerOverride(v bool) *ModifyCerti type ModifyCertificatesOutput struct { _ struct{} `type:"structure"` - // A CA certificate for an AWS account. + // A CA certificate for an Amazon Web Services account. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. Certificate *Certificate `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCertificatesOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCertificatesOutput) GoString() string { return s.String() } @@ -32383,8 +46252,8 @@ type ModifyCurrentDBClusterCapacityInput struct { // The DB cluster capacity. // - // When you change the capacity of a paused Aurora Serverless DB cluster, it - // automatically resumes. + // When you change the capacity of a paused Aurora Serverless v1 DB cluster, + // it automatically resumes. // // Constraints: // @@ -32405,11 +46274,11 @@ type ModifyCurrentDBClusterCapacityInput struct { // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` - // The amount of time, in seconds, that Aurora Serverless tries to find a scaling - // point to perform seamless scaling before enforcing the timeout action. The - // default is 300. + // The amount of time, in seconds, that Aurora Serverless v1 tries to find a + // scaling point to perform seamless scaling before enforcing the timeout action. + // The default is 300. // - // * Value must be from 10 through 600. + // Specify a value between 10 and 600 seconds. SecondsBeforeTimeout *int64 `type:"integer"` // The action to take when the timeout is reached, either ForceApplyCapacityChange @@ -32423,12 +46292,20 @@ type ModifyCurrentDBClusterCapacityInput struct { TimeoutAction *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCurrentDBClusterCapacityInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCurrentDBClusterCapacityInput) GoString() string { return s.String() } @@ -32492,12 +46369,20 @@ type ModifyCurrentDBClusterCapacityOutput struct { TimeoutAction *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCurrentDBClusterCapacityOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyCurrentDBClusterCapacityOutput) GoString() string { return s.String() } @@ -32532,6 +46417,494 @@ func (s *ModifyCurrentDBClusterCapacityOutput) SetTimeoutAction(v string) *Modif return s } +type ModifyCustomDBEngineVersionInput struct { + _ struct{} `type:"structure"` + + // An optional description of your CEV. + Description *string `min:"1" type:"string"` + + // The database engine. RDS Custom for Oracle supports the following values: + // + // * custom-oracle-ee + // + // * custom-oracle-ee-cdb + // + // * custom-oracle-se2 + // + // * custom-oracle-se2-cdb + // + // Engine is a required field + Engine *string `min:"1" type:"string" required:"true"` + + // The custom engine version (CEV) that you want to modify. This option is required + // for RDS Custom for Oracle, but optional for Amazon RDS. The combination of + // Engine and EngineVersion is unique per customer per Amazon Web Services Region. + // + // EngineVersion is a required field + EngineVersion *string `min:"1" type:"string" required:"true"` + + // The availability status to be assigned to the CEV. Valid values are as follows: + // + // available + // + // You can use this CEV to create a new RDS Custom DB instance. + // + // inactive + // + // You can create a new RDS Custom instance by restoring a DB snapshot with + // this CEV. You can't patch or create new instances with this CEV. + // + // You can change any status to any status. A typical reason to change status + // is to prevent the accidental use of a CEV, or to make a deprecated CEV eligible + // for use again. For example, you might change the status of your CEV from + // available to inactive, and from inactive back to available. To change the + // availability status of the CEV, it must not currently be in use by an RDS + // Custom instance, snapshot, or automated backup. + Status *string `type:"string" enum:"CustomEngineVersionStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDBEngineVersionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDBEngineVersionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyCustomDBEngineVersionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyCustomDBEngineVersionInput"} + if s.Description != nil && len(*s.Description) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Description", 1)) + } + if s.Engine == nil { + invalidParams.Add(request.NewErrParamRequired("Engine")) + } + if s.Engine != nil && len(*s.Engine) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Engine", 1)) + } + if s.EngineVersion == nil { + invalidParams.Add(request.NewErrParamRequired("EngineVersion")) + } + if s.EngineVersion != nil && len(*s.EngineVersion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("EngineVersion", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *ModifyCustomDBEngineVersionInput) SetDescription(v string) *ModifyCustomDBEngineVersionInput { + s.Description = &v + return s +} + +// SetEngine sets the Engine field's value. +func (s *ModifyCustomDBEngineVersionInput) SetEngine(v string) *ModifyCustomDBEngineVersionInput { + s.Engine = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *ModifyCustomDBEngineVersionInput) SetEngineVersion(v string) *ModifyCustomDBEngineVersionInput { + s.EngineVersion = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ModifyCustomDBEngineVersionInput) SetStatus(v string) *ModifyCustomDBEngineVersionInput { + s.Status = &v + return s +} + +// This data type is used as a response element in the action DescribeDBEngineVersions. +type ModifyCustomDBEngineVersionOutput struct { + _ struct{} `type:"structure"` + + // The creation time of the DB engine version. + CreateTime *time.Time `type:"timestamp"` + + // JSON string that lists the installation files and parameters that RDS Custom + // uses to create a custom engine version (CEV). RDS Custom applies the patches + // in the order in which they're listed in the manifest. You can set the Oracle + // home, Oracle base, and UNIX/Linux user and group using the installation parameters. + // For more information, see JSON fields in the CEV manifest (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.preparing.html#custom-cev.preparing.manifest.fields) + // in the Amazon RDS User Guide. + CustomDBEngineVersionManifest *string `min:"1" type:"string"` + + // The description of the database engine. + DBEngineDescription *string `type:"string"` + + // A value that indicates the source media provider of the AMI based on the + // usage operation. Applicable for RDS Custom for SQL Server. + DBEngineMediaType *string `type:"string"` + + // The ARN of the custom engine version. + DBEngineVersionArn *string `type:"string"` + + // The description of the database engine version. + DBEngineVersionDescription *string `type:"string"` + + // The name of the DB parameter group family for the database engine. + DBParameterGroupFamily *string `type:"string"` + + // The name of the Amazon S3 bucket that contains your database installation + // files. + DatabaseInstallationFilesS3BucketName *string `type:"string"` + + // The Amazon S3 directory that contains the database installation files. If + // not specified, then no prefix is assumed. + DatabaseInstallationFilesS3Prefix *string `type:"string"` + + // The default character set for new instances of this engine version, if the + // CharacterSetName parameter of the CreateDBInstance API isn't specified. + DefaultCharacterSet *CharacterSet `type:"structure"` + + // The name of the database engine. + Engine *string `type:"string"` + + // The version number of the database engine. + EngineVersion *string `type:"string"` + + // The types of logs that the database engine has available for export to CloudWatch + // Logs. + ExportableLogTypes []*string `type:"list"` + + // The EC2 image + Image *CustomDBEngineVersionAMI `type:"structure"` + + // The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter + // is required for RDS Custom, but optional for Amazon RDS. + KMSKeyId *string `type:"string"` + + // The major engine version of the CEV. + MajorEngineVersion *string `type:"string"` + + // The status of the DB engine version, either available or deprecated. + Status *string `type:"string"` + + // A list of the supported CA certificate identifiers. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + SupportedCACertificateIdentifiers []*string `type:"list"` + + // A list of the character sets supported by this engine for the CharacterSetName + // parameter of the CreateDBInstance operation. + SupportedCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` + + // A list of the supported DB engine modes. + SupportedEngineModes []*string `type:"list"` + + // A list of features supported by the DB engine. + // + // The supported features vary by DB engine and DB engine version. + // + // To determine the supported features for a specific DB engine and DB engine + // version using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine --engine-version + // + // + // For example, to determine the supported features for RDS for PostgreSQL version + // 13.3 using the CLI, use the following command: + // + // aws rds describe-db-engine-versions --engine postgres --engine-version 13.3 + // + // The supported features are listed under SupportedFeatureNames in the output. + SupportedFeatureNames []*string `type:"list"` + + // A list of the character sets supported by the Oracle DB engine for the NcharCharacterSetName + // parameter of the CreateDBInstance operation. + SupportedNcharCharacterSets []*CharacterSet `locationNameList:"CharacterSet" type:"list"` + + // A list of the time zones supported by this engine for the Timezone parameter + // of the CreateDBInstance action. + SupportedTimezones []*Timezone `locationNameList:"Timezone" type:"list"` + + // Indicates whether the engine version supports Babelfish for Aurora PostgreSQL. + SupportsBabelfish *bool `type:"boolean"` + + // Indicates whether the engine version supports rotating the server certificate + // without rebooting the DB instance. + SupportsCertificateRotationWithoutRestart *bool `type:"boolean"` + + // Indicates whether you can use Aurora global databases with a specific DB + // engine version. + SupportsGlobalDatabases *bool `type:"boolean"` + + // Indicates whether the DB engine version supports zero-ETL integrations with + // Amazon Redshift. + SupportsIntegrations *bool `type:"boolean"` + + // Indicates whether the DB engine version supports Aurora Limitless Database. + SupportsLimitlessDatabase *bool `type:"boolean"` + + // Indicates whether the DB engine version supports forwarding write operations + // from reader DB instances to the writer DB instance in the DB cluster. By + // default, write operations aren't allowed on reader DB instances. + // + // Valid for: Aurora DB clusters only + SupportsLocalWriteForwarding *bool `type:"boolean"` + + // Indicates whether the engine version supports exporting the log types specified + // by ExportableLogTypes to CloudWatch Logs. + SupportsLogExportsToCloudwatchLogs *bool `type:"boolean"` + + // Indicates whether you can use Aurora parallel query with a specific DB engine + // version. + SupportsParallelQuery *bool `type:"boolean"` + + // Indicates whether the database engine version supports read replicas. + SupportsReadReplica *bool `type:"boolean"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + TagList []*Tag `locationNameList:"Tag" type:"list"` + + // A list of engine versions that this database engine version can be upgraded + // to. + ValidUpgradeTarget []*UpgradeTarget `locationNameList:"UpgradeTarget" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDBEngineVersionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyCustomDBEngineVersionOutput) GoString() string { + return s.String() +} + +// SetCreateTime sets the CreateTime field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetCreateTime(v time.Time) *ModifyCustomDBEngineVersionOutput { + s.CreateTime = &v + return s +} + +// SetCustomDBEngineVersionManifest sets the CustomDBEngineVersionManifest field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetCustomDBEngineVersionManifest(v string) *ModifyCustomDBEngineVersionOutput { + s.CustomDBEngineVersionManifest = &v + return s +} + +// SetDBEngineDescription sets the DBEngineDescription field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDBEngineDescription(v string) *ModifyCustomDBEngineVersionOutput { + s.DBEngineDescription = &v + return s +} + +// SetDBEngineMediaType sets the DBEngineMediaType field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDBEngineMediaType(v string) *ModifyCustomDBEngineVersionOutput { + s.DBEngineMediaType = &v + return s +} + +// SetDBEngineVersionArn sets the DBEngineVersionArn field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDBEngineVersionArn(v string) *ModifyCustomDBEngineVersionOutput { + s.DBEngineVersionArn = &v + return s +} + +// SetDBEngineVersionDescription sets the DBEngineVersionDescription field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDBEngineVersionDescription(v string) *ModifyCustomDBEngineVersionOutput { + s.DBEngineVersionDescription = &v + return s +} + +// SetDBParameterGroupFamily sets the DBParameterGroupFamily field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDBParameterGroupFamily(v string) *ModifyCustomDBEngineVersionOutput { + s.DBParameterGroupFamily = &v + return s +} + +// SetDatabaseInstallationFilesS3BucketName sets the DatabaseInstallationFilesS3BucketName field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDatabaseInstallationFilesS3BucketName(v string) *ModifyCustomDBEngineVersionOutput { + s.DatabaseInstallationFilesS3BucketName = &v + return s +} + +// SetDatabaseInstallationFilesS3Prefix sets the DatabaseInstallationFilesS3Prefix field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDatabaseInstallationFilesS3Prefix(v string) *ModifyCustomDBEngineVersionOutput { + s.DatabaseInstallationFilesS3Prefix = &v + return s +} + +// SetDefaultCharacterSet sets the DefaultCharacterSet field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetDefaultCharacterSet(v *CharacterSet) *ModifyCustomDBEngineVersionOutput { + s.DefaultCharacterSet = v + return s +} + +// SetEngine sets the Engine field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetEngine(v string) *ModifyCustomDBEngineVersionOutput { + s.Engine = &v + return s +} + +// SetEngineVersion sets the EngineVersion field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetEngineVersion(v string) *ModifyCustomDBEngineVersionOutput { + s.EngineVersion = &v + return s +} + +// SetExportableLogTypes sets the ExportableLogTypes field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetExportableLogTypes(v []*string) *ModifyCustomDBEngineVersionOutput { + s.ExportableLogTypes = v + return s +} + +// SetImage sets the Image field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetImage(v *CustomDBEngineVersionAMI) *ModifyCustomDBEngineVersionOutput { + s.Image = v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetKMSKeyId(v string) *ModifyCustomDBEngineVersionOutput { + s.KMSKeyId = &v + return s +} + +// SetMajorEngineVersion sets the MajorEngineVersion field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetMajorEngineVersion(v string) *ModifyCustomDBEngineVersionOutput { + s.MajorEngineVersion = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetStatus(v string) *ModifyCustomDBEngineVersionOutput { + s.Status = &v + return s +} + +// SetSupportedCACertificateIdentifiers sets the SupportedCACertificateIdentifiers field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportedCACertificateIdentifiers(v []*string) *ModifyCustomDBEngineVersionOutput { + s.SupportedCACertificateIdentifiers = v + return s +} + +// SetSupportedCharacterSets sets the SupportedCharacterSets field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportedCharacterSets(v []*CharacterSet) *ModifyCustomDBEngineVersionOutput { + s.SupportedCharacterSets = v + return s +} + +// SetSupportedEngineModes sets the SupportedEngineModes field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportedEngineModes(v []*string) *ModifyCustomDBEngineVersionOutput { + s.SupportedEngineModes = v + return s +} + +// SetSupportedFeatureNames sets the SupportedFeatureNames field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportedFeatureNames(v []*string) *ModifyCustomDBEngineVersionOutput { + s.SupportedFeatureNames = v + return s +} + +// SetSupportedNcharCharacterSets sets the SupportedNcharCharacterSets field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportedNcharCharacterSets(v []*CharacterSet) *ModifyCustomDBEngineVersionOutput { + s.SupportedNcharCharacterSets = v + return s +} + +// SetSupportedTimezones sets the SupportedTimezones field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportedTimezones(v []*Timezone) *ModifyCustomDBEngineVersionOutput { + s.SupportedTimezones = v + return s +} + +// SetSupportsBabelfish sets the SupportsBabelfish field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsBabelfish(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsBabelfish = &v + return s +} + +// SetSupportsCertificateRotationWithoutRestart sets the SupportsCertificateRotationWithoutRestart field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsCertificateRotationWithoutRestart(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsCertificateRotationWithoutRestart = &v + return s +} + +// SetSupportsGlobalDatabases sets the SupportsGlobalDatabases field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsGlobalDatabases(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsGlobalDatabases = &v + return s +} + +// SetSupportsIntegrations sets the SupportsIntegrations field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsIntegrations(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsIntegrations = &v + return s +} + +// SetSupportsLimitlessDatabase sets the SupportsLimitlessDatabase field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsLimitlessDatabase(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsLimitlessDatabase = &v + return s +} + +// SetSupportsLocalWriteForwarding sets the SupportsLocalWriteForwarding field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsLocalWriteForwarding(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsLocalWriteForwarding = &v + return s +} + +// SetSupportsLogExportsToCloudwatchLogs sets the SupportsLogExportsToCloudwatchLogs field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsLogExportsToCloudwatchLogs(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsLogExportsToCloudwatchLogs = &v + return s +} + +// SetSupportsParallelQuery sets the SupportsParallelQuery field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsParallelQuery(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsParallelQuery = &v + return s +} + +// SetSupportsReadReplica sets the SupportsReadReplica field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetSupportsReadReplica(v bool) *ModifyCustomDBEngineVersionOutput { + s.SupportsReadReplica = &v + return s +} + +// SetTagList sets the TagList field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetTagList(v []*Tag) *ModifyCustomDBEngineVersionOutput { + s.TagList = v + return s +} + +// SetValidUpgradeTarget sets the ValidUpgradeTarget field's value. +func (s *ModifyCustomDBEngineVersionOutput) SetValidUpgradeTarget(v []*UpgradeTarget) *ModifyCustomDBEngineVersionOutput { + s.ValidUpgradeTarget = v + return s +} + type ModifyDBClusterEndpointInput struct { _ struct{} `type:"structure"` @@ -32553,12 +46926,20 @@ type ModifyDBClusterEndpointInput struct { StaticMembers []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterEndpointInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterEndpointInput) GoString() string { return s.String() } @@ -32604,13 +46985,13 @@ func (s *ModifyDBClusterEndpointInput) SetStaticMembers(v []*string) *ModifyDBCl // Aurora DB cluster. This data type is used as a response element in the following // actions: // -// * CreateDBClusterEndpoint +// - CreateDBClusterEndpoint // -// * DescribeDBClusterEndpoints +// - DescribeDBClusterEndpoints // -// * ModifyDBClusterEndpoint +// - ModifyDBClusterEndpoint // -// * DeleteDBClusterEndpoint +// - DeleteDBClusterEndpoint // // For the data structure that represents Amazon RDS DB instance endpoints, // see Endpoint. @@ -32656,12 +47037,20 @@ type ModifyDBClusterEndpointOutput struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterEndpointOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterEndpointOutput) GoString() string { return s.String() } @@ -32729,33 +47118,64 @@ func (s *ModifyDBClusterEndpointOutput) SetStatus(v string) *ModifyDBClusterEndp type ModifyDBClusterInput struct { _ struct{} `type:"structure"` - // A value that indicates whether major version upgrades are allowed. + // The amount of storage in gibibytes (GiB) to allocate to each DB instance + // in the Multi-AZ DB cluster. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + AllocatedStorage *int64 `type:"integer"` + + // Specifies whether engine mode changes from serverless to provisioned are + // allowed. + // + // Valid for Cluster Type: Aurora Serverless v1 DB clusters only + // + // Constraints: + // + // * You must allow engine mode changes when specifying a different value + // for the EngineMode parameter from the DB cluster's current engine mode. + AllowEngineModeChange *bool `type:"boolean"` + + // Specifies whether major version upgrades are allowed. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Constraints: // - // Constraints: You must allow major version upgrades when specifying a value - // for the EngineVersion parameter that is a different major version than the - // DB cluster's current version. + // * You must allow major version upgrades when specifying a value for the + // EngineVersion parameter that is a different major version than the DB + // cluster's current version. AllowMajorVersionUpgrade *bool `type:"boolean"` - // A value that indicates whether the modifications in this request and any - // pending modifications are asynchronously applied as soon as possible, regardless - // of the PreferredMaintenanceWindow setting for the DB cluster. If this parameter - // is disabled, changes to the DB cluster are applied during the next maintenance - // window. - // - // The ApplyImmediately parameter only affects the EnableIAMDatabaseAuthentication, - // MasterUserPassword, and NewDBClusterIdentifier values. If the ApplyImmediately - // parameter is disabled, then changes to the EnableIAMDatabaseAuthentication, - // MasterUserPassword, and NewDBClusterIdentifier values are applied during - // the next maintenance window. All other changes are applied immediately, regardless - // of the value of the ApplyImmediately parameter. + // Specifies whether the modifications in this request and any pending modifications + // are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow + // setting for the DB cluster. If this parameter is disabled, changes to the + // DB cluster are applied during the next maintenance window. + // + // Most modifications can be applied immediately or during the next scheduled + // maintenance window. Some modifications, such as turning on deletion protection + // and changing the master password, are applied immediately—regardless of + // when you choose to apply them. // // By default, this parameter is disabled. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters ApplyImmediately *bool `type:"boolean"` + // Specifies whether minor engine upgrades are applied automatically to the + // DB cluster during the maintenance window. By default, minor engine upgrades + // are applied automatically. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + AutoMinorVersionUpgrade *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services + // Backup. + AwsBackupRecoveryPointArn *string `min:"43" type:"string"` + // The target backtrack window, in seconds. To disable backtracking, set this // value to 0. // - // Currently, Backtrack is only supported for Aurora MySQL DB clusters. + // Valid for Cluster Type: Aurora MySQL DB clusters only // // Default: 0 // @@ -32765,41 +47185,92 @@ type ModifyDBClusterInput struct { // hours). BacktrackWindow *int64 `type:"long"` - // The number of days for which automated backups are retained. You must specify - // a minimum value of 1. + // The number of days for which automated backups are retained. Specify a minimum + // value of 1. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // Default: 1 // // Constraints: // - // * Must be a value from 1 to 35 + // * Must be a value from 1 to 35. BackupRetentionPeriod *int64 `type:"integer"` + // The CA certificate identifier to use for the DB cluster's server certificate. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide. + // + // Valid for Cluster Type: Multi-AZ DB clusters + CACertificateIdentifier *string `type:"string"` + // The configuration setting for the log types to be enabled for export to CloudWatch // Logs for a specific DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // The following values are valid for each DB engine: + // + // * Aurora MySQL - audit | error | general | slowquery + // + // * Aurora PostgreSQL - postgresql + // + // * RDS for MySQL - error | general | slowquery + // + // * RDS for PostgreSQL - postgresql | upgrade + // + // For more information about exporting CloudWatch Logs for Amazon RDS, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // in the Amazon RDS User Guide. + // + // For more information about exporting CloudWatch Logs for Amazon Aurora, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // in the Amazon Aurora User Guide. CloudwatchLogsExportConfiguration *CloudwatchLogsExportConfiguration `type:"structure"` - // A value that indicates whether to copy all tags from the DB cluster to snapshots - // of the DB cluster. The default is not to copy them. + // Specifies whether to copy all tags from the DB cluster to snapshots of the + // DB cluster. The default is not to copy them. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters CopyTagsToSnapshot *bool `type:"boolean"` // The DB cluster identifier for the cluster being modified. This parameter // isn't case-sensitive. // - // Constraints: This identifier must match the identifier of an existing DB - // cluster. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Constraints: + // + // * Must match the identifier of an existing DB cluster. // // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` + // The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, + // for example db.m6gd.xlarge. Not all DB instance classes are available in + // all Amazon Web Services Regions, or for all database engines. + // + // For the full list of DB instance classes and availability for your engine, + // see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + DBClusterInstanceClass *string `type:"string"` + // The name of the DB cluster parameter group to use for the DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DBClusterParameterGroupName *string `type:"string"` // The name of the DB parameter group to apply to all instances of the DB cluster. // // When you apply a parameter group using the DBInstanceParameterGroupName parameter, - // the DB cluster isn't rebooted automatically. Also, parameter changes aren't - // applied during the next maintenance window but instead are applied immediately. + // the DB cluster isn't rebooted automatically. Also, parameter changes are + // applied immediately rather than during the next maintenance window. + // + // Valid for Cluster Type: Aurora DB clusters only // // Default: The existing name setting // @@ -32808,13 +47279,15 @@ type ModifyDBClusterInput struct { // * The DB parameter group must be in the same DB parameter group family // as this DB cluster. // - // * The DBInstanceParameterGroupName parameter is only valid in combination - // with the AllowMajorVersionUpgrade parameter. + // * The DBInstanceParameterGroupName parameter is valid in combination with + // the AllowMajorVersionUpgrade parameter for a major version upgrade only. DBInstanceParameterGroupName *string `type:"string"` - // A value that indicates whether the DB cluster has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. + // Specifies whether the DB cluster has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters DeletionProtection *bool `type:"boolean"` // The Active Directory directory ID to move the DB cluster to. Specify none @@ -32823,92 +47296,297 @@ type ModifyDBClusterInput struct { // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to use when making API calls to the Directory Service. + // + // Valid for Cluster Type: Aurora DB clusters only DomainIAMRoleName *string `type:"string"` - // A value that indicates whether to enable write operations to be forwarded - // from this cluster to the primary cluster in an Aurora global database. The - // resulting changes are replicated back to this cluster. This parameter only - // applies to DB clusters that are secondary clusters in an Aurora global database. - // By default, Aurora disallows write operations for secondary clusters. + // Specifies whether to enable this DB cluster to forward write operations to + // the primary cluster of a global cluster (Aurora global database). By default, + // write operations are not allowed on Aurora DB clusters that are secondary + // clusters in an Aurora global database. + // + // You can set this value only on Aurora DB clusters that are members of an + // Aurora global database. With this parameter enabled, a secondary cluster + // can forward writes to the current primary cluster, and the resulting changes + // are replicated back to this cluster. For the primary DB cluster of an Aurora + // global database, this value is used immediately if the primary is demoted + // by a global cluster API operation, but it does nothing until then. + // + // Valid for Cluster Type: Aurora DB clusters only EnableGlobalWriteForwarding *bool `type:"boolean"` - // A value that indicates whether to enable the HTTP endpoint for an Aurora - // Serverless DB cluster. By default, the HTTP endpoint is disabled. + // Specifies whether to enable the HTTP endpoint for an Aurora Serverless v1 + // DB cluster. By default, the HTTP endpoint isn't enabled. // // When enabled, the HTTP endpoint provides a connectionless web service API - // for running SQL queries on the Aurora Serverless DB cluster. You can also - // query your database from inside the RDS console with the query editor. + // (RDS Data API) for running SQL queries on the Aurora Serverless v1 DB cluster. + // You can also query your database from inside the RDS console with the RDS + // query editor. // - // For more information, see Using the Data API for Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) + // For more information, see Using RDS Data API (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) // in the Amazon Aurora User Guide. + // + // This parameter applies only to Aurora Serverless v1 DB clusters. To enable + // or disable the HTTP endpoint for an Aurora PostgreSQL Serverless v2 or provisioned + // DB cluster, use the EnableHttpEndpoint and DisableHttpEndpoint operations. + // + // Valid for Cluster Type: Aurora DB clusters only EnableHttpEndpoint *bool `type:"boolean"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` + // Specifies whether to enable Aurora Limitless Database. You must enable Aurora + // Limitless Database to create a DB shard group. + // + // Valid for: Aurora DB clusters only + EnableLimitlessDatabase *bool `type:"boolean"` + + // Specifies whether read replicas can forward write operations to the writer + // DB instance in the DB cluster. By default, write operations aren't allowed + // on reader DB instances. + // + // Valid for: Aurora DB clusters only + EnableLocalWriteForwarding *bool `type:"boolean"` + + // Specifies whether to turn on Performance Insights for the DB cluster. + // + // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + // in the Amazon RDS User Guide. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + EnablePerformanceInsights *bool `type:"boolean"` + + // The DB engine mode of the DB cluster, either provisioned or serverless. + // + // The DB engine mode can be modified only from serverless to provisioned. + // + // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). + // + // Valid for Cluster Type: Aurora DB clusters only + EngineMode *string `type:"string"` + // The version number of the database engine to which you want to upgrade. Changing // this parameter results in an outage. The change is applied during the next // maintenance window unless ApplyImmediately is enabled. // - // To list all of the available engine versions for aurora (for MySQL 5.6-compatible - // Aurora), use the following command: - // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" + // If the cluster that you're modifying has one or more read replicas, all replicas + // must be running an engine version that's the same or later than the version + // you specify. // - // To list all of the available engine versions for aurora-mysql (for MySQL - // 5.7-compatible Aurora), use the following command: + // To list all of the available engine versions for Aurora MySQL, use the following + // command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // - // To list all of the available engine versions for aurora-postgresql, use the + // To list all of the available engine versions for Aurora PostgreSQL, use the // following command: // // aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion" + // + // To list all of the available engine versions for RDS for MySQL, use the following + // command: + // + // aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion" + // + // To list all of the available engine versions for RDS for PostgreSQL, use + // the following command: + // + // aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion" + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters EngineVersion *string `type:"string"` - // The new password for the master database user. This password can contain - // any printable ASCII character except "/", """, or "@". + // The amount of Provisioned IOPS (input/output operations per second) to be + // initially allocated for each DB instance in the Multi-AZ DB cluster. + // + // For information about valid IOPS values, see Amazon RDS Provisioned IOPS + // storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // in the Amazon RDS User Guide. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // Constraints: + // + // * Must be a multiple between .5 and 50 of the storage amount for the DB + // cluster. + Iops *int64 `type:"integer"` + + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. + // + // If the DB cluster doesn't manage the master user password with Amazon Web + // Services Secrets Manager, you can turn on this management. In this case, + // you can't specify MasterUserPassword. + // + // If the DB cluster already manages the master user password with Amazon Web + // Services Secrets Manager, and you specify that the master user password is + // not managed with Amazon Web Services Secrets Manager, then you must specify + // MasterUserPassword. In this case, RDS deletes the secret and uses the new + // password for the master user specified by MasterUserPassword. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide and Password management with Amazon Web Services + // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + ManageMasterUserPassword *bool `type:"boolean"` + + // The new password for the master database user. // - // Constraints: Must contain from 8 to 41 characters. + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Constraints: + // + // * Must contain from 8 to 41 characters. + // + // * Can contain any printable ASCII character except "/", """, or "@". + // + // * Can't be specified if ManageMasterUserPassword is turned on. MasterUserPassword *string `type:"string"` + // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + // generated and managed in Amazon Web Services Secrets Manager. + // + // This setting is valid only if both of the following conditions are met: + // + // * The DB cluster doesn't manage the master user password in Amazon Web + // Services Secrets Manager. If the DB cluster already manages the master + // user password in Amazon Web Services Secrets Manager, you can't change + // the KMS key that is used to encrypt the secret. + // + // * You are turning on ManageMasterUserPassword to manage the master user + // password in Amazon Web Services Secrets Manager. If you are turning on + // ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then + // the aws/secretsmanager KMS key is used to encrypt the secret. If the secret + // is in a different Amazon Web Services account, then you can't use the + // aws/secretsmanager KMS key to encrypt the secret, and you must use a customer + // managed KMS key. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. + // + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + MasterUserSecretKmsKeyId *string `type:"string"` + + // The interval, in seconds, between points when Enhanced Monitoring metrics + // are collected for the DB cluster. To turn off collecting Enhanced Monitoring + // metrics, specify 0. + // + // If MonitoringRoleArn is specified, also set MonitoringInterval to a value + // other than 0. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 + MonitoringInterval *int64 `type:"integer"` + + // The Amazon Resource Name (ARN) for the IAM role that permits RDS to send + // Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. + // For information on creating a monitoring role, see To create an IAM role + // for Amazon RDS Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html#USER_Monitoring.OS.IAMRole) + // in the Amazon RDS User Guide. + // + // If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn + // value. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + MonitoringRoleArn *string `type:"string"` + + // The network type of the DB cluster. + // + // The network type is determined by the DBSubnetGroup specified for the DB + // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and + // the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters only + // + // Valid Values: IPV4 | DUAL + NetworkType *string `type:"string"` + // The new DB cluster identifier for the DB cluster when renaming a DB cluster. // This value is stored as a lowercase string. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // - // * Must contain from 1 to 63 letters, numbers, or hyphens + // * Must contain from 1 to 63 letters, numbers, or hyphens. // - // * The first character must be a letter + // * The first character must be a letter. // - // * Can't end with a hyphen or contain two consecutive hyphens + // * Can't end with a hyphen or contain two consecutive hyphens. // // Example: my-cluster2 NewDBClusterIdentifier *string `type:"string"` - // A value that indicates that the DB cluster should be associated with the - // specified option group. Changing this parameter doesn't result in an outage - // except in the following case, and the change is applied during the next maintenance - // window unless the ApplyImmediately is enabled for this request. If the parameter - // change results in an option group that enables OEM, this change can cause - // a brief (sub-second) period during which new connections are rejected but - // existing connections are not interrupted. + // The option group to associate the DB cluster with. // - // Permanent options can't be removed from an option group. The option group - // can't be removed from a DB cluster once it is associated with a DB cluster. + // DB clusters are associated with a default option group that can't be modified. OptionGroupName *string `type:"string"` + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. + // + // If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon + // RDS uses your default KMS key. There is a default KMS key for your Amazon + // Web Services account. Your Amazon Web Services account has a different default + // KMS key for each Amazon Web Services Region. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + PerformanceInsightsKMSKeyId *string `type:"string"` + + // The number of days to retain Performance Insights data. + // + // Valid for Cluster Type: Multi-AZ DB clusters only + // + // Valid Values: + // + // * 7 + // + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) + // + // * 731 + // + // Default: 7 days + // + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // issues an error. + PerformanceInsightsRetentionPeriod *int64 `type:"integer"` + // The port number on which the DB cluster accepts connections. // - // Constraints: Value must be 1150-65535 + // Valid for Cluster Type: Aurora DB clusters only + // + // Valid Values: 1150-65535 // // Default: The same port as the original DB cluster. Port *int64 `type:"integer"` @@ -32917,10 +47595,12 @@ type ModifyDBClusterInput struct { // backups are enabled, using the BackupRetentionPeriod parameter. // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region. To see the time blocks available, see Adjusting - // the Preferred DB Cluster Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // of time for each Amazon Web Services Region. To view the time blocks available, + // see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) // in the Amazon Aurora User Guide. // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // // Constraints: // // * Must be in the format hh24:mi-hh24:mi. @@ -32935,33 +47615,103 @@ type ModifyDBClusterInput struct { // The weekly time range during which system maintenance can occur, in Universal // Coordinated Time (UTC). // - // Format: ddd:hh24:mi-ddd:hh24:mi + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region, occurring on a random day of the week. To see - // the time blocks available, see Adjusting the Preferred DB Cluster Maintenance - // Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // of time for each Amazon Web Services Region, occurring on a random day of + // the week. To see the time blocks available, see Adjusting the Preferred DB + // Cluster Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) // in the Amazon Aurora User Guide. // - // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + // Constraints: // - // Constraints: Minimum 30-minute window. + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. + // + // * Days must be one of Mon | Tue | Wed | Thu | Fri | Sat | Sun. + // + // * Must be in Universal Coordinated Time (UTC). + // + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` + // Specifies whether to rotate the secret managed by Amazon Web Services Secrets + // Manager for the master user password. + // + // This setting is valid only if the master user password is managed by RDS + // in Amazon Web Services Secrets Manager for the DB cluster. The secret value + // contains the updated password. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide and Password management with Amazon Web Services + // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + // in the Amazon Aurora User Guide. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Constraints: + // + // * You must apply the change immediately when rotating the master user + // password. + RotateMasterUserPassword *bool `type:"boolean"` + // The scaling properties of the DB cluster. You can only modify scaling properties // for DB clusters in serverless DB engine mode. + // + // Valid for Cluster Type: Aurora DB clusters only ScalingConfiguration *ScalingConfiguration `type:"structure"` - // A list of VPC security groups that the DB cluster will belong to. + // Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + // + // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) + // in the Amazon Aurora User Guide. + ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfiguration `type:"structure"` + + // The storage type to associate with the DB cluster. + // + // For information on storage types for Aurora DB clusters, see Storage configurations + // for Amazon Aurora DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type). + // For information on storage types for Multi-AZ DB clusters, see Settings for + // creating Multi-AZ DB clusters (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings). + // + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: + // + // * Aurora DB clusters - aurora | aurora-iopt1 + // + // * Multi-AZ DB clusters - io1 | io2 | gp3 + // + // Default: + // + // * Aurora DB clusters - aurora + // + // * Multi-AZ DB clusters - io1 + StorageType *string `type:"string"` + + // A list of EC2 VPC security groups to associate with this DB cluster. + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterInput) GoString() string { return s.String() } @@ -32969,6 +47719,9 @@ func (s ModifyDBClusterInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ModifyDBClusterInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ModifyDBClusterInput"} + if s.AwsBackupRecoveryPointArn != nil && len(*s.AwsBackupRecoveryPointArn) < 43 { + invalidParams.Add(request.NewErrParamMinLen("AwsBackupRecoveryPointArn", 43)) + } if s.DBClusterIdentifier == nil { invalidParams.Add(request.NewErrParamRequired("DBClusterIdentifier")) } @@ -32979,6 +47732,18 @@ func (s *ModifyDBClusterInput) Validate() error { return nil } +// SetAllocatedStorage sets the AllocatedStorage field's value. +func (s *ModifyDBClusterInput) SetAllocatedStorage(v int64) *ModifyDBClusterInput { + s.AllocatedStorage = &v + return s +} + +// SetAllowEngineModeChange sets the AllowEngineModeChange field's value. +func (s *ModifyDBClusterInput) SetAllowEngineModeChange(v bool) *ModifyDBClusterInput { + s.AllowEngineModeChange = &v + return s +} + // SetAllowMajorVersionUpgrade sets the AllowMajorVersionUpgrade field's value. func (s *ModifyDBClusterInput) SetAllowMajorVersionUpgrade(v bool) *ModifyDBClusterInput { s.AllowMajorVersionUpgrade = &v @@ -32991,6 +47756,18 @@ func (s *ModifyDBClusterInput) SetApplyImmediately(v bool) *ModifyDBClusterInput return s } +// SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. +func (s *ModifyDBClusterInput) SetAutoMinorVersionUpgrade(v bool) *ModifyDBClusterInput { + s.AutoMinorVersionUpgrade = &v + return s +} + +// SetAwsBackupRecoveryPointArn sets the AwsBackupRecoveryPointArn field's value. +func (s *ModifyDBClusterInput) SetAwsBackupRecoveryPointArn(v string) *ModifyDBClusterInput { + s.AwsBackupRecoveryPointArn = &v + return s +} + // SetBacktrackWindow sets the BacktrackWindow field's value. func (s *ModifyDBClusterInput) SetBacktrackWindow(v int64) *ModifyDBClusterInput { s.BacktrackWindow = &v @@ -33003,6 +47780,12 @@ func (s *ModifyDBClusterInput) SetBackupRetentionPeriod(v int64) *ModifyDBCluste return s } +// SetCACertificateIdentifier sets the CACertificateIdentifier field's value. +func (s *ModifyDBClusterInput) SetCACertificateIdentifier(v string) *ModifyDBClusterInput { + s.CACertificateIdentifier = &v + return s +} + // SetCloudwatchLogsExportConfiguration sets the CloudwatchLogsExportConfiguration field's value. func (s *ModifyDBClusterInput) SetCloudwatchLogsExportConfiguration(v *CloudwatchLogsExportConfiguration) *ModifyDBClusterInput { s.CloudwatchLogsExportConfiguration = v @@ -33021,6 +47804,12 @@ func (s *ModifyDBClusterInput) SetDBClusterIdentifier(v string) *ModifyDBCluster return s } +// SetDBClusterInstanceClass sets the DBClusterInstanceClass field's value. +func (s *ModifyDBClusterInput) SetDBClusterInstanceClass(v string) *ModifyDBClusterInput { + s.DBClusterInstanceClass = &v + return s +} + // SetDBClusterParameterGroupName sets the DBClusterParameterGroupName field's value. func (s *ModifyDBClusterInput) SetDBClusterParameterGroupName(v string) *ModifyDBClusterInput { s.DBClusterParameterGroupName = &v @@ -33069,18 +47858,78 @@ func (s *ModifyDBClusterInput) SetEnableIAMDatabaseAuthentication(v bool) *Modif return s } +// SetEnableLimitlessDatabase sets the EnableLimitlessDatabase field's value. +func (s *ModifyDBClusterInput) SetEnableLimitlessDatabase(v bool) *ModifyDBClusterInput { + s.EnableLimitlessDatabase = &v + return s +} + +// SetEnableLocalWriteForwarding sets the EnableLocalWriteForwarding field's value. +func (s *ModifyDBClusterInput) SetEnableLocalWriteForwarding(v bool) *ModifyDBClusterInput { + s.EnableLocalWriteForwarding = &v + return s +} + +// SetEnablePerformanceInsights sets the EnablePerformanceInsights field's value. +func (s *ModifyDBClusterInput) SetEnablePerformanceInsights(v bool) *ModifyDBClusterInput { + s.EnablePerformanceInsights = &v + return s +} + +// SetEngineMode sets the EngineMode field's value. +func (s *ModifyDBClusterInput) SetEngineMode(v string) *ModifyDBClusterInput { + s.EngineMode = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *ModifyDBClusterInput) SetEngineVersion(v string) *ModifyDBClusterInput { s.EngineVersion = &v return s } +// SetIops sets the Iops field's value. +func (s *ModifyDBClusterInput) SetIops(v int64) *ModifyDBClusterInput { + s.Iops = &v + return s +} + +// SetManageMasterUserPassword sets the ManageMasterUserPassword field's value. +func (s *ModifyDBClusterInput) SetManageMasterUserPassword(v bool) *ModifyDBClusterInput { + s.ManageMasterUserPassword = &v + return s +} + // SetMasterUserPassword sets the MasterUserPassword field's value. func (s *ModifyDBClusterInput) SetMasterUserPassword(v string) *ModifyDBClusterInput { s.MasterUserPassword = &v return s } +// SetMasterUserSecretKmsKeyId sets the MasterUserSecretKmsKeyId field's value. +func (s *ModifyDBClusterInput) SetMasterUserSecretKmsKeyId(v string) *ModifyDBClusterInput { + s.MasterUserSecretKmsKeyId = &v + return s +} + +// SetMonitoringInterval sets the MonitoringInterval field's value. +func (s *ModifyDBClusterInput) SetMonitoringInterval(v int64) *ModifyDBClusterInput { + s.MonitoringInterval = &v + return s +} + +// SetMonitoringRoleArn sets the MonitoringRoleArn field's value. +func (s *ModifyDBClusterInput) SetMonitoringRoleArn(v string) *ModifyDBClusterInput { + s.MonitoringRoleArn = &v + return s +} + +// SetNetworkType sets the NetworkType field's value. +func (s *ModifyDBClusterInput) SetNetworkType(v string) *ModifyDBClusterInput { + s.NetworkType = &v + return s +} + // SetNewDBClusterIdentifier sets the NewDBClusterIdentifier field's value. func (s *ModifyDBClusterInput) SetNewDBClusterIdentifier(v string) *ModifyDBClusterInput { s.NewDBClusterIdentifier = &v @@ -33093,6 +47942,18 @@ func (s *ModifyDBClusterInput) SetOptionGroupName(v string) *ModifyDBClusterInpu return s } +// SetPerformanceInsightsKMSKeyId sets the PerformanceInsightsKMSKeyId field's value. +func (s *ModifyDBClusterInput) SetPerformanceInsightsKMSKeyId(v string) *ModifyDBClusterInput { + s.PerformanceInsightsKMSKeyId = &v + return s +} + +// SetPerformanceInsightsRetentionPeriod sets the PerformanceInsightsRetentionPeriod field's value. +func (s *ModifyDBClusterInput) SetPerformanceInsightsRetentionPeriod(v int64) *ModifyDBClusterInput { + s.PerformanceInsightsRetentionPeriod = &v + return s +} + // SetPort sets the Port field's value. func (s *ModifyDBClusterInput) SetPort(v int64) *ModifyDBClusterInput { s.Port = &v @@ -33111,12 +47972,30 @@ func (s *ModifyDBClusterInput) SetPreferredMaintenanceWindow(v string) *ModifyDB return s } +// SetRotateMasterUserPassword sets the RotateMasterUserPassword field's value. +func (s *ModifyDBClusterInput) SetRotateMasterUserPassword(v bool) *ModifyDBClusterInput { + s.RotateMasterUserPassword = &v + return s +} + // SetScalingConfiguration sets the ScalingConfiguration field's value. func (s *ModifyDBClusterInput) SetScalingConfiguration(v *ScalingConfiguration) *ModifyDBClusterInput { s.ScalingConfiguration = v return s } +// SetServerlessV2ScalingConfiguration sets the ServerlessV2ScalingConfiguration field's value. +func (s *ModifyDBClusterInput) SetServerlessV2ScalingConfiguration(v *ServerlessV2ScalingConfiguration) *ModifyDBClusterInput { + s.ServerlessV2ScalingConfiguration = v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *ModifyDBClusterInput) SetStorageType(v string) *ModifyDBClusterInput { + s.StorageType = &v + return s +} + // SetVpcSecurityGroupIds sets the VpcSecurityGroupIds field's value. func (s *ModifyDBClusterInput) SetVpcSecurityGroupIds(v []*string) *ModifyDBClusterInput { s.VpcSecurityGroupIds = v @@ -33126,19 +48005,41 @@ func (s *ModifyDBClusterInput) SetVpcSecurityGroupIds(v []*string) *ModifyDBClus type ModifyDBClusterOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterOutput) GoString() string { return s.String() } @@ -33159,16 +48060,35 @@ type ModifyDBClusterParameterGroupInput struct { // A list of parameters in the DB cluster parameter group to modify. // + // Valid Values (for the application method): immediate | pending-reboot + // + // You can use the immediate value with dynamic parameters only. You can use + // the pending-reboot value for both dynamic and static parameters. + // + // When the application method is immediate, changes to dynamic parameters are + // applied immediately to the DB clusters associated with the parameter group. + // When the application method is pending-reboot, changes to dynamic and static + // parameters are applied after a reboot without failover to the DB clusters + // associated with the parameter group. + // // Parameters is a required field Parameters []*Parameter `locationNameList:"Parameter" type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterParameterGroupInput) GoString() string { return s.String() } @@ -33206,11 +48126,11 @@ type ModifyDBClusterSnapshotAttributeInput struct { // The name of the DB cluster snapshot attribute to modify. // - // To manage authorization for other AWS accounts to copy or restore a manual - // DB cluster snapshot, set this value to restore. + // To manage authorization for other Amazon Web Services accounts to copy or + // restore a manual DB cluster snapshot, set this value to restore. // // To view the list of attributes available to modify, use the DescribeDBClusterSnapshotAttributes - // API action. + // API operation. // // AttributeName is a required field AttributeName *string `type:"string" required:"true"` @@ -33223,31 +48143,41 @@ type ModifyDBClusterSnapshotAttributeInput struct { // A list of DB cluster snapshot attributes to add to the attribute specified // by AttributeName. // - // To authorize other AWS accounts to copy or restore a manual DB cluster snapshot, - // set this list to include one or more AWS account IDs, or all to make the - // manual DB cluster snapshot restorable by any AWS account. Do not add the - // all value for any manual DB cluster snapshots that contain private information - // that you don't want available to all AWS accounts. + // To authorize other Amazon Web Services accounts to copy or restore a manual + // DB cluster snapshot, set this list to include one or more Amazon Web Services + // account IDs, or all to make the manual DB cluster snapshot restorable by + // any Amazon Web Services account. Do not add the all value for any manual + // DB cluster snapshots that contain private information that you don't want + // available to all Amazon Web Services accounts. ValuesToAdd []*string `locationNameList:"AttributeValue" type:"list"` // A list of DB cluster snapshot attributes to remove from the attribute specified // by AttributeName. // - // To remove authorization for other AWS accounts to copy or restore a manual - // DB cluster snapshot, set this list to include one or more AWS account identifiers, - // or all to remove authorization for any AWS account to copy or restore the - // DB cluster snapshot. If you specify all, an AWS account whose account ID - // is explicitly added to the restore attribute can still copy or restore a - // manual DB cluster snapshot. + // To remove authorization for other Amazon Web Services accounts to copy or + // restore a manual DB cluster snapshot, set this list to include one or more + // Amazon Web Services account identifiers, or all to remove authorization for + // any Amazon Web Services account to copy or restore the DB cluster snapshot. + // If you specify all, an Amazon Web Services account whose account ID is explicitly + // added to the restore attribute can still copy or restore a manual DB cluster + // snapshot. ValuesToRemove []*string `locationNameList:"AttributeValue" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterSnapshotAttributeInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterSnapshotAttributeInput) GoString() string { return s.String() } @@ -33298,18 +48228,26 @@ type ModifyDBClusterSnapshotAttributeOutput struct { // Contains the results of a successful call to the DescribeDBClusterSnapshotAttributes // API action. // - // Manual DB cluster snapshot attributes are used to authorize other AWS accounts - // to copy or restore a manual DB cluster snapshot. For more information, see - // the ModifyDBClusterSnapshotAttribute API action. + // Manual DB cluster snapshot attributes are used to authorize other Amazon + // Web Services accounts to copy or restore a manual DB cluster snapshot. For + // more information, see the ModifyDBClusterSnapshotAttribute API action. DBClusterSnapshotAttributesResult *DBClusterSnapshotAttributesResult `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterSnapshotAttributeOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBClusterSnapshotAttributeOutput) GoString() string { return s.String() } @@ -33323,82 +48261,116 @@ func (s *ModifyDBClusterSnapshotAttributeOutput) SetDBClusterSnapshotAttributesR type ModifyDBInstanceInput struct { _ struct{} `type:"structure"` - // The new amount of storage (in gibibytes) to allocate for the DB instance. + // The new amount of storage in gibibytes (GiB) to allocate for the DB instance. // - // For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied must be at - // least 10% greater than the current value. Values that are not at least 10% - // greater than the existing value are rounded up so that they are 10% greater - // than the current value. + // For RDS for Db2, MariaDB, RDS for MySQL, RDS for Oracle, and RDS for PostgreSQL, + // the value supplied must be at least 10% greater than the current value. Values + // that are not at least 10% greater than the existing value are rounded up + // so that they are 10% greater than the current value. // // For the valid values for allocated storage for each engine, see CreateDBInstance. + // + // Constraints: + // + // * When you increase the allocated storage for a DB instance that uses + // Provisioned IOPS (gp3, io1, or io2 storage type), you must also specify + // the Iops parameter. You can use the current value for Iops. AllocatedStorage *int64 `type:"integer"` - // A value that indicates whether major version upgrades are allowed. Changing - // this parameter doesn't result in an outage and the change is asynchronously - // applied as soon as possible. + // Specifies whether major version upgrades are allowed. Changing this parameter + // doesn't result in an outage and the change is asynchronously applied as soon + // as possible. + // + // This setting doesn't apply to RDS Custom DB instances. // - // Constraints: Major version upgrades must be allowed when specifying a value - // for the EngineVersion parameter that is a different major version than the - // DB instance's current version. + // Constraints: + // + // * Major version upgrades must be allowed when specifying a value for the + // EngineVersion parameter that's a different major version than the DB instance's + // current version. AllowMajorVersionUpgrade *bool `type:"boolean"` - // A value that indicates whether the modifications in this request and any - // pending modifications are asynchronously applied as soon as possible, regardless - // of the PreferredMaintenanceWindow setting for the DB instance. By default, - // this parameter is disabled. + // Specifies whether the modifications in this request and any pending modifications + // are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow + // setting for the DB instance. By default, this parameter is disabled. // // If this parameter is disabled, changes to the DB instance are applied during // the next maintenance window. Some parameter changes can cause an outage and // are applied on the next call to RebootDBInstance, or the next failure reboot. // Review the table of parameters in Modifying a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html) - // in the Amazon RDS User Guide. to see the impact of enabling or disabling - // ApplyImmediately for each modified parameter and to determine when the changes - // are applied. + // in the Amazon RDS User Guide to see the impact of enabling or disabling ApplyImmediately + // for each modified parameter and to determine when the changes are applied. ApplyImmediately *bool `type:"boolean"` - // A value that indicates whether minor version upgrades are applied automatically - // to the DB instance during the maintenance window. Changing this parameter - // doesn't result in an outage except in the following case and the change is - // asynchronously applied as soon as possible. An outage results if this parameter - // is enabled during the maintenance window, and a newer minor version is available, - // and RDS has enabled auto patching for that engine version. + // Specifies whether minor version upgrades are applied automatically to the + // DB instance during the maintenance window. An outage occurs when all the + // following conditions are met: + // + // * The automatic upgrade is enabled for the maintenance window. + // + // * A newer minor version is available. + // + // * RDS has enabled automatic patching for the engine version. + // + // If any of the preceding conditions isn't met, Amazon RDS applies the change + // as soon as possible and doesn't cause an outage. + // + // For an RDS Custom DB instance, don't enable this setting. Otherwise, the + // operation returns an error. AutoMinorVersionUpgrade *bool `type:"boolean"` + // The automation mode of the RDS Custom DB instance. If full, the DB instance + // automates monitoring and instance recovery. If all paused, the instance pauses + // automation for the duration set by ResumeFullAutomationModeMinutes. + AutomationMode *string `type:"string" enum:"AutomationMode"` + + // The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services + // Backup. + // + // This setting doesn't apply to RDS Custom DB instances. + AwsBackupRecoveryPointArn *string `min:"43" type:"string"` + // The number of days to retain automated backups. Setting this parameter to // a positive number enables backups. Setting this parameter to 0 disables automated // backups. // - // Changing this parameter can result in an outage if you change from 0 to a - // non-zero value or from a non-zero value to 0. These changes are applied during - // the next maintenance window unless the ApplyImmediately parameter is enabled - // for this request. If you change the parameter from one non-zero value to - // another non-zero value, the change is asynchronously applied as soon as possible. + // Enabling and disabling backups can result in a brief I/O suspension that + // lasts from a few seconds to a few minutes, depending on the size and class + // of your DB instance. // - // Amazon Aurora + // These changes are applied during the next maintenance window unless the ApplyImmediately + // parameter is enabled for this request. If you change the parameter from one + // non-zero value to another non-zero value, the change is asynchronously applied + // as soon as possible. // - // Not applicable. The retention period for automated backups is managed by - // the DB cluster. For more information, see ModifyDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. The retention period + // for automated backups is managed by the DB cluster. For more information, + // see ModifyDBCluster. // // Default: Uses existing setting // // Constraints: // - // * Must be a value from 0 to 35 - // - // * Can be specified for a MySQL read replica only if the source is running - // MySQL 5.6 or later + // * Must be a value from 0 to 35. // - // * Can be specified for a PostgreSQL read replica only if the source is - // running PostgreSQL 9.3.5 + // * Can't be set to 0 if the DB instance is a source to read replicas. // - // * Can't be set to 0 if the DB instance is a source to read replicas + // * Can't be set to 0 for an RDS Custom for Oracle DB instance. BackupRetentionPeriod *int64 `type:"integer"` - // Indicates the certificate that needs to be associated with the instance. + // The CA certificate identifier to use for the DB instance's server certificate. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. CACertificateIdentifier *string `type:"string"` - // A value that indicates whether the DB instance is restarted when you rotate - // your SSL/TLS certificate. + // Specifies whether the DB instance is restarted when you rotate your SSL/TLS + // certificate. // // By default, the DB instance is restarted when you rotate your SSL/TLS certificate. // The certificate is not updated until the DB instance is restarted. @@ -33416,59 +48388,80 @@ type ModifyDBInstanceInput struct { // * For more information about rotating your SSL/TLS certificate for Aurora // DB engines, see Rotating Your SSL/TLS Certificate (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) // in the Amazon Aurora User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. CertificateRotationRestart *bool `type:"boolean"` - // The configuration setting for the log types to be enabled for export to CloudWatch - // Logs for a specific DB instance. + // The log types to be enabled for export to CloudWatch Logs for a specific + // DB instance. // // A change to the CloudwatchLogsExportConfiguration parameter is always applied // to the DB instance immediately. Therefore, the ApplyImmediately parameter // has no effect. + // + // This setting doesn't apply to RDS Custom DB instances. CloudwatchLogsExportConfiguration *CloudwatchLogsExportConfiguration `type:"structure"` - // A value that indicates whether to copy all tags from the DB instance to snapshots - // of the DB instance. By default, tags are not copied. - // - // Amazon Aurora + // Specifies whether to copy all tags from the DB instance to snapshots of the + // DB instance. By default, tags aren't copied. // - // Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting - // this value for an Aurora DB instance has no effect on the DB cluster setting. - // For more information, see ModifyDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. Copying tags to + // snapshots is managed by the DB cluster. Setting this value for an Aurora + // DB instance has no effect on the DB cluster setting. For more information, + // see ModifyDBCluster. CopyTagsToSnapshot *bool `type:"boolean"` - // The new compute and memory capacity of the DB instance, for example, db.m4.large. - // Not all DB instance classes are available in all AWS Regions, or for all - // database engines. For the full list of DB instance classes, and availability - // for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) - // in the Amazon RDS User Guide. + // The new compute and memory capacity of the DB instance, for example db.m4.large. + // Not all DB instance classes are available in all Amazon Web Services Regions, + // or for all database engines. For the full list of DB instance classes, and + // availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide or Aurora DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) + // in the Amazon Aurora User Guide. For RDS Custom, see DB instance class support + // for RDS Custom for Oracle (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits.html#custom-reqs-limits.instances) + // and DB instance class support for RDS Custom for SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits-MS.html#custom-reqs-limits.instancesMS). // // If you modify the DB instance class, an outage occurs during the change. - // The change is applied during the next maintenance window, unless ApplyImmediately - // is enabled for this request. + // The change is applied during the next maintenance window, unless you specify + // ApplyImmediately in your request. // // Default: Uses existing setting + // + // Constraints: + // + // * If you are modifying the DB instance class and upgrading the engine + // version at the same time, the currently running engine version must be + // supported on the specified DB instance class. Otherwise, the operation + // returns an error. In this case, first run the operation to upgrade the + // engine version, and then run it again to modify the DB instance class. DBInstanceClass *string `type:"string"` - // The DB instance identifier. This value is stored as a lowercase string. + // The identifier of DB instance to modify. This value is stored as a lowercase + // string. // // Constraints: // - // * Must match the identifier of an existing DBInstance. + // * Must match the identifier of an existing DB instance. // // DBInstanceIdentifier is a required field DBInstanceIdentifier *string `type:"string" required:"true"` - // The name of the DB parameter group to apply to the DB instance. Changing - // this setting doesn't result in an outage. The parameter group name itself - // is changed immediately, but the actual parameter changes are not applied + // The name of the DB parameter group to apply to the DB instance. + // + // Changing this setting doesn't result in an outage. The parameter group name + // itself is changed immediately, but the actual parameter changes are not applied // until you reboot the instance without failover. In this case, the DB instance - // isn't rebooted automatically and the parameter changes isn't applied during - // the next maintenance window. + // isn't rebooted automatically, and the parameter changes aren't applied during + // the next maintenance window. However, if you modify dynamic parameters in + // the newly associated DB parameter group, these changes are applied immediately + // without a reboot. + // + // This setting doesn't apply to RDS Custom DB instances. // // Default: Uses existing setting // - // Constraints: The DB parameter group must be in the same DB parameter group - // family as this DB instance. + // Constraints: + // + // * Must be in the same DB parameter group family as the DB instance. DBParameterGroupName *string `type:"string"` // The port number on which the database accepts connections. @@ -33476,108 +48469,200 @@ type ModifyDBInstanceInput struct { // The value of the DBPortNumber parameter must not match any of the port values // specified for options in the option group for the DB instance. // - // Your database will restart when you change the DBPortNumber value regardless - // of the value of the ApplyImmediately parameter. - // - // MySQL - // - // Default: 3306 - // - // Valid values: 1150-65535 + // If you change the DBPortNumber value, your database restarts regardless of + // the value of the ApplyImmediately parameter. // - // MariaDB - // - // Default: 3306 - // - // Valid values: 1150-65535 - // - // PostgreSQL + // This setting doesn't apply to RDS Custom DB instances. // - // Default: 5432 + // Valid Values: 1150-65535 // - // Valid values: 1150-65535 + // Default: // - // Type: Integer - // - // Oracle + // * Amazon Aurora - 3306 // - // Default: 1521 + // * RDS for Db2 - 50000 // - // Valid values: 1150-65535 + // * RDS for MariaDB - 3306 // - // SQL Server + // * RDS for Microsoft SQL Server - 1433 // - // Default: 1433 + // * RDS for MySQL - 3306 // - // Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and - // 49152-49156. + // * RDS for Oracle - 1521 // - // Amazon Aurora + // * RDS for PostgreSQL - 5432 // - // Default: 3306 + // Constraints: // - // Valid values: 1150-65535 + // * For RDS for Microsoft SQL Server, the value can't be 1234, 1434, 3260, + // 3343, 3389, 47001, or 49152-49156. DBPortNumber *int64 `type:"integer"` // A list of DB security groups to authorize on this DB instance. Changing this // setting doesn't result in an outage and the change is asynchronously applied // as soon as possible. // + // This setting doesn't apply to RDS Custom DB instances. + // // Constraints: // - // * If supplied, must match existing DBSecurityGroups. + // * If supplied, must match existing DB security groups. DBSecurityGroups []*string `locationNameList:"DBSecurityGroupName" type:"list"` // The new DB subnet group for the DB instance. You can use this parameter to // move your DB instance to a different VPC. If your DB instance isn't in a // VPC, you can also use this parameter to move your DB instance into a VPC. - // For more information, see Updating the VPC for a DB Instance (http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Non-VPC2VPC) + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Non-VPC2VPC) // in the Amazon RDS User Guide. // // Changing the subnet group causes an outage during the change. The change // is applied during the next maintenance window, unless you enable ApplyImmediately. // - // Constraints: If supplied, must match the name of an existing DBSubnetGroup. + // This setting doesn't apply to RDS Custom DB instances. + // + // Constraints: + // + // * If supplied, must match existing DB subnet group. // - // Example: mySubnetGroup + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. For more information, see Deleting a DB - // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + // Indicates whether the DB instance has a dedicated log volume (DLV) enabled. + DedicatedLogVolume *bool `type:"boolean"` + + // Specifies whether the DB instance has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. For more information, see Deleting a DB Instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + // + // This setting doesn't apply to Amazon Aurora DB instances. You can enable + // or disable deletion protection for the DB cluster. For more information, + // see ModifyDBCluster. DB instances in a DB cluster can be deleted even when + // deletion protection is enabled for the DB cluster. DeletionProtection *bool `type:"boolean"` + // Specifies whether to remove the DB instance from the Active Directory domain. + DisableDomain *bool `type:"boolean"` + // The Active Directory directory ID to move the DB instance to. Specify none - // to remove the instance from its current domain. The domain must be created - // prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, - // and PostgreSQL DB instances can be created in an Active Directory Domain. + // to remove the instance from its current domain. You must create the domain + // before this operation. Currently, you can create only Db2, MySQL, Microsoft + // SQL Server, Oracle, and PostgreSQL DB instances in an Active Directory Domain. // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. Domain *string `type:"string"` + // The ARN for the Secrets Manager secret with the credentials for the user + // joining the domain. + // + // Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456 + DomainAuthSecretArn *string `type:"string"` + + // The IPv4 DNS IP addresses of your primary and secondary Active Directory + // domain controllers. + // + // Constraints: + // + // * Two IP addresses must be provided. If there isn't a secondary domain + // controller, use the IP address of the primary domain controller for both + // entries in the list. + // + // Example: 123.124.125.126,234.235.236.237 + DomainDnsIps []*string `type:"list"` + + // The fully qualified domain name (FQDN) of an Active Directory domain. + // + // Constraints: + // + // * Can't be longer than 64 characters. + // + // Example: mymanagedADtest.mymanagedAD.mydomain + DomainFqdn *string `type:"string"` + // The name of the IAM role to use when making API calls to the Directory Service. + // + // This setting doesn't apply to RDS Custom DB instances. DomainIAMRoleName *string `type:"string"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // The Active Directory organizational unit for your DB instance to join. + // + // Constraints: + // + // * Must be in the distinguished name format. // - // This setting doesn't apply to Amazon Aurora. Mapping AWS IAM accounts to - // database accounts is managed by the DB cluster. + // * Can't be longer than 64 characters. + // + // Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain + DomainOu *string `type:"string"` + + // Specifies whether to enable a customer-owned IP address (CoIP) for an RDS + // on Outposts DB instance. + // + // A CoIP provides local or external connectivity to resources in your Outpost + // subnets through your on-premises network. For some use cases, a CoIP can + // provide lower latency for connections to the DB instance from outside of + // its virtual private cloud (VPC) on your local network. + // + // For more information about RDS on Outposts, see Working with Amazon RDS on + // Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + // + // For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + // in the Amazon Web Services Outposts User Guide. + EnableCustomerOwnedIp *bool `type:"boolean"` + + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. + // + // This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services + // IAM accounts to database accounts is managed by the DB cluster. // // For more information about IAM database authentication, see IAM Database // Authentication for MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to enable Performance Insights for the DB - // instance. + // Specifies whether to enable Performance Insights for the DB instance. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) - // in the Amazon Relational Database Service User Guide. + // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. EnablePerformanceInsights *bool `type:"boolean"` + // The target Oracle DB engine when you convert a non-CDB to a CDB. This intermediate + // step is necessary to upgrade an Oracle Database 19c non-CDB to an Oracle + // Database 21c CDB. + // + // Note the following requirements: + // + // * Make sure that you specify oracle-ee-cdb or oracle-se2-cdb. + // + // * Make sure that your DB engine runs Oracle Database 19c with an April + // 2021 or later RU. + // + // Note the following limitations: + // + // * You can't convert a CDB to a non-CDB. + // + // * You can't convert a replica database. + // + // * You can't convert a non-CDB to a CDB and upgrade the engine version + // in the same command. + // + // * You can't convert the existing custom parameter or option group when + // it has options or parameters that are permanent or persistent. In this + // situation, the DB instance reverts to the default option and parameter + // group. To avoid reverting to the default, specify a new parameter group + // with --db-parameter-group-name and a new option group with --option-group-name. + Engine *string `type:"string"` + // The version number of the database engine to upgrade to. Changing this parameter // results in an outage and the change is applied during the next maintenance // window unless the ApplyImmediately parameter is enabled for this request. @@ -33587,8 +48672,24 @@ type ModifyDBInstanceInput struct { // new engine version must be specified. The new DB parameter group can be the // default for that DB parameter group family. // - // For information about valid engine versions, see CreateDBInstance, or call - // DescribeDBEngineVersions. + // If you specify only a major version, Amazon RDS updates the DB instance to + // the default minor version if the current minor version is lower. For information + // about valid engine versions, see CreateDBInstance, or call DescribeDBEngineVersions. + // + // If the instance that you're modifying is acting as a read replica, the engine + // version that you specify must be the same or higher than the version that + // the source DB instance or cluster is running. + // + // In RDS Custom for Oracle, this parameter is supported for read replicas only + // if they are in the PATCH_DB_FAILURE lifecycle. + // + // Constraints: + // + // * If you are upgrading the engine version and modifying the DB instance + // class at the same time, the currently running engine version must be supported + // on the specified DB instance class. Otherwise, the operation returns an + // error. In this case, first run the operation to upgrade the engine version, + // and then run it again to modify the DB instance class. EngineVersion *string `type:"string"` // The new Provisioned IOPS (I/O operations per second) value for the RDS instance. @@ -33612,95 +48713,211 @@ type ModifyDBInstanceInput struct { // modifying the instance, rebooting the instance, deleting the instance, creating // a read replica for the instance, and creating a DB snapshot of the instance. // - // Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied - // must be at least 10% greater than the current value. Values that are not - // at least 10% greater than the existing value are rounded up so that they - // are 10% greater than the current value. + // Constraints: + // + // * For RDS for MariaDB, RDS for MySQL, RDS for Oracle, and RDS for PostgreSQL + // - The value supplied must be at least 10% greater than the current value. + // Values that are not at least 10% greater than the existing value are rounded + // up so that they are 10% greater than the current value. + // + // * When you increase the Provisioned IOPS, you must also specify the AllocatedStorage + // parameter. You can use the current value for AllocatedStorage. // // Default: Uses existing setting Iops *int64 `type:"integer"` // The license model for the DB instance. // - // Valid values: license-included | bring-your-own-license | general-public-license + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + // + // Valid Values: + // + // * RDS for Db2 - bring-your-own-license + // + // * RDS for MariaDB - general-public-license + // + // * RDS for Microsoft SQL Server - license-included + // + // * RDS for MySQL - general-public-license + // + // * RDS for Oracle - bring-your-own-license | license-included + // + // * RDS for PostgreSQL - postgresql-license LicenseModel *string `type:"string"` - // The new password for the master user. The password can include any printable - // ASCII character except "/", """, or "@". + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. + // + // If the DB instance doesn't manage the master user password with Amazon Web + // Services Secrets Manager, you can turn on this management. In this case, + // you can't specify MasterUserPassword. + // + // If the DB instance already manages the master user password with Amazon Web + // Services Secrets Manager, and you specify that the master user password is + // not managed with Amazon Web Services Secrets Manager, then you must specify + // MasterUserPassword. In this case, Amazon RDS deletes the secret and uses + // the new password for the master user specified by MasterUserPassword. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide. + // + // Constraints: + // + // * Can't manage the master user password with Amazon Web Services Secrets + // Manager if MasterUserPassword is specified. + ManageMasterUserPassword *bool `type:"boolean"` + + // The new password for the master user. // // Changing this parameter doesn't result in an outage and the change is asynchronously // applied as soon as possible. Between the time of the request and the completion // of the request, the MasterUserPassword element exists in the PendingModifiedValues // element of the operation response. // - // Amazon Aurora + // Amazon RDS API operations never return the password, so this operation provides + // a way to regain access to a primary instance user if the password is lost. + // This includes restoring privileges that might have been accidentally revoked. // - // Not applicable. The password for the master user is managed by the DB cluster. - // For more information, see ModifyDBCluster. + // This setting doesn't apply to the following DB instances: // - // Default: Uses existing setting + // * Amazon Aurora (The password for the master user is managed by the DB + // cluster. For more information, see ModifyDBCluster.) // - // MariaDB + // * RDS Custom // - // Constraints: Must contain from 8 to 41 characters. + // Default: Uses existing setting // - // Microsoft SQL Server + // Constraints: // - // Constraints: Must contain from 8 to 128 characters. + // * Can't be specified if ManageMasterUserPassword is turned on. // - // MySQL + // * Can include any printable ASCII character except "/", """, or "@". For + // RDS for Oracle, can't include the "&" (ampersand) or the "'" (single quotes) + // character. // - // Constraints: Must contain from 8 to 41 characters. + // Length Constraints: // - // Oracle + // * RDS for Db2 - Must contain from 8 to 255 characters. // - // Constraints: Must contain from 8 to 30 characters. + // * RDS for MariaDB - Must contain from 8 to 41 characters. // - // PostgreSQL + // * RDS for Microsoft SQL Server - Must contain from 8 to 128 characters. // - // Constraints: Must contain from 8 to 128 characters. + // * RDS for MySQL - Must contain from 8 to 41 characters. // - // Amazon RDS API actions never return the password, so this action provides - // a way to regain access to a primary instance user if the password is lost. - // This includes restoring privileges that might have been accidentally revoked. + // * RDS for Oracle - Must contain from 8 to 30 characters. + // + // * RDS for PostgreSQL - Must contain from 8 to 128 characters. MasterUserPassword *string `type:"string"` - // The upper limit to which Amazon RDS can automatically scale the storage of - // the DB instance. + // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + // generated and managed in Amazon Web Services Secrets Manager. + // + // This setting is valid only if both of the following conditions are met: + // + // * The DB instance doesn't manage the master user password in Amazon Web + // Services Secrets Manager. If the DB instance already manages the master + // user password in Amazon Web Services Secrets Manager, you can't change + // the KMS key used to encrypt the secret. + // + // * You are turning on ManageMasterUserPassword to manage the master user + // password in Amazon Web Services Secrets Manager. If you are turning on + // ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then + // the aws/secretsmanager KMS key is used to encrypt the secret. If the secret + // is in a different Amazon Web Services account, then you can't use the + // aws/secretsmanager KMS key to encrypt the secret, and you must use a customer + // managed KMS key. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. + // + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. + MasterUserSecretKmsKeyId *string `type:"string"` + + // The upper limit in gibibytes (GiB) to which Amazon RDS can automatically + // scale the storage of the DB instance. + // + // For more information about this setting, including limitations that apply + // to it, see Managing capacity automatically with Amazon RDS storage autoscaling + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) + // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics - // are collected for the DB instance. To disable collecting Enhanced Monitoring - // metrics, specify 0. The default is 0. + // are collected for the DB instance. To disable collection of Enhanced Monitoring + // metrics, specify 0. // - // If MonitoringRoleArn is specified, then you must also set MonitoringInterval - // to a value other than 0. + // If MonitoringRoleArn is specified, set MonitoringInterval to a value other + // than 0. // - // Valid Values: 0, 1, 5, 10, 15, 30, 60 + // This setting doesn't apply to RDS Custom DB instances. + // + // Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60 + // + // Default: 0 MonitoringInterval *int64 `type:"integer"` // The ARN for the IAM role that permits RDS to send enhanced monitoring metrics // to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. - // For information on creating a monitoring role, go to To create an IAM role + // For information on creating a monitoring role, see To create an IAM role // for Amazon RDS Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html#USER_Monitoring.OS.IAMRole) // in the Amazon RDS User Guide. // - // If MonitoringInterval is set to a value other than 0, then you must supply - // a MonitoringRoleArn value. + // If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn + // value. + // + // This setting doesn't apply to RDS Custom DB instances. MonitoringRoleArn *string `type:"string"` - // A value that indicates whether the DB instance is a Multi-AZ deployment. - // Changing this parameter doesn't result in an outage and the change is applied - // during the next maintenance window unless the ApplyImmediately parameter - // is enabled for this request. + // Specifies whether the DB instance is a Multi-AZ deployment. Changing this + // parameter doesn't result in an outage. The change is applied during the next + // maintenance window unless the ApplyImmediately parameter is enabled for this + // request. + // + // This setting doesn't apply to RDS Custom DB instances. MultiAZ *bool `type:"boolean"` - // The new DB instance identifier for the DB instance when renaming a DB instance. - // When you change the DB instance identifier, an instance reboot occurs immediately + // Specifies whether the to convert your DB instance from the single-tenant + // configuration to the multi-tenant configuration. This parameter is supported + // only for RDS for Oracle CDB instances. + // + // During the conversion, RDS creates an initial tenant database and associates + // the DB name, master user name, character set, and national character set + // metadata with this database. The tags associated with the instance also propagate + // to the initial tenant database. You can add more tenant databases to your + // DB instance by using the CreateTenantDatabase operation. + // + // The conversion to the multi-tenant configuration is permanent and irreversible, + // so you can't later convert back to the single-tenant configuration. When + // you specify this parameter, you must also specify ApplyImmediately. + MultiTenant *bool `type:"boolean"` + + // The network type of the DB instance. + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + // + // Valid Values: IPV4 | DUAL + NetworkType *string `type:"string"` + + // The new identifier for the DB instance when renaming a DB instance. When + // you change the DB instance identifier, an instance reboot occurs immediately // if you enable ApplyImmediately, or will occur during the next maintenance - // window if you disable Apply Immediately. This value is stored as a lowercase + // window if you disable ApplyImmediately. This value is stored as a lowercase // string. // + // This setting doesn't apply to RDS Custom DB instances. + // // Constraints: // // * Must contain from 1 to 63 letters, numbers, or hyphens. @@ -33712,94 +48929,133 @@ type ModifyDBInstanceInput struct { // Example: mydbinstance NewDBInstanceIdentifier *string `type:"string"` - // Indicates that the DB instance should be associated with the specified option - // group. Changing this parameter doesn't result in an outage except in the - // following case and the change is applied during the next maintenance window - // unless the ApplyImmediately parameter is enabled for this request. If the - // parameter change results in an option group that enables OEM, this change - // can cause a brief (sub-second) period during which new connections are rejected - // but existing connections are not interrupted. + // The option group to associate the DB instance with. + // + // Changing this parameter doesn't result in an outage, with one exception. + // If the parameter change results in an option group that enables OEM, it can + // cause a brief period, lasting less than a second, during which new connections + // are rejected but existing connections aren't interrupted. + // + // The change is applied during the next maintenance window unless the ApplyImmediately + // parameter is enabled for this request. // // Permanent options, such as the TDE option for Oracle Advanced Security TDE, // can't be removed from an option group, and that option group can't be removed - // from a DB instance once it is associated with a DB instance + // from a DB instance after it is associated with a DB instance. + // + // This setting doesn't apply to RDS Custom DB instances. OptionGroupName *string `type:"string"` - // The AWS KMS key identifier for encryption of Performance Insights data. + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. // - // If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon - // RDS uses your default CMK. There is a default CMK for your AWS account. Your - // AWS account has a different default CMK for each AWS Region. + // If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon + // RDS uses your default KMS key. There is a default KMS key for your Amazon + // Web Services account. Your Amazon Web Services account has a different default + // KMS key for each Amazon Web Services Region. + // + // This setting doesn't apply to RDS Custom DB instances. PerformanceInsightsKMSKeyId *string `type:"string"` - // The amount of time, in days, to retain Performance Insights data. Valid values - // are 7 or 731 (2 years). + // The number of days to retain Performance Insights data. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // Valid Values: + // + // * 7 + // + // * month * 31, where month is a number of months from 1-23. Examples: 93 + // (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) + // + // * 731 + // + // Default: 7 days + // + // If you specify a retention period that isn't valid, such as 94, Amazon RDS + // returns an error. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The daily time range during which automated backups are created if automated // backups are enabled, as determined by the BackupRetentionPeriod parameter. // Changing this parameter doesn't result in an outage and the change is asynchronously - // applied as soon as possible. - // - // Amazon Aurora + // applied as soon as possible. The default is a 30-minute window selected at + // random from an 8-hour block of time for each Amazon Web Services Region. + // For more information, see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) + // in the Amazon RDS User Guide. // - // Not applicable. The daily time range for creating automated backups is managed - // by the DB cluster. For more information, see ModifyDBCluster. + // This setting doesn't apply to Amazon Aurora DB instances. The daily time + // range for creating automated backups is managed by the DB cluster. For more + // information, see ModifyDBCluster. // // Constraints: // - // * Must be in the format hh24:mi-hh24:mi + // * Must be in the format hh24:mi-hh24:mi. // - // * Must be in Universal Time Coordinated (UTC) + // * Must be in Universal Coordinated Time (UTC). // - // * Must not conflict with the preferred maintenance window + // * Must not conflict with the preferred maintenance window. // - // * Must be at least 30 minutes + // * Must be at least 30 minutes. PreferredBackupWindow *string `type:"string"` - // The weekly time range (in UTC) during which system maintenance can occur, - // which might result in an outage. Changing this parameter doesn't result in - // an outage, except in the following situation, and the change is asynchronously - // applied as soon as possible. If there are pending actions that cause a reboot, - // and the maintenance window is changed to include the current time, then changing - // this parameter will cause a reboot of the DB instance. If moving this window + // The weekly time range during which system maintenance can occur, which might + // result in an outage. Changing this parameter doesn't result in an outage, + // except in the following situation, and the change is asynchronously applied + // as soon as possible. If there are pending actions that cause a reboot, and + // the maintenance window is changed to include the current time, then changing + // this parameter causes a reboot of the DB instance. If you change this window // to the current time, there must be at least 30 minutes between the current // time and end of the window to ensure pending changes are applied. // + // For more information, see Amazon RDS Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance) + // in the Amazon RDS User Guide. + // // Default: Uses existing setting // - // Format: ddd:hh24:mi-ddd:hh24:mi + // Constraints: + // + // * Must be in the format ddd:hh24:mi-ddd:hh24:mi. + // + // * The day values must be mon | tue | wed | thu | fri | sat | sun. // - // Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun + // * Must be in Universal Coordinated Time (UTC). + // + // * Must not conflict with the preferred backup window. // - // Constraints: Must be at least 30 minutes + // * Must be at least 30 minutes. PreferredMaintenanceWindow *string `type:"string"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. + // + // This setting doesn't apply to RDS Custom DB instances. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that specifies the order in which an Aurora Replica is promoted to - // the primary instance after a failure of the existing primary instance. For - // more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + // The order of priority in which an Aurora Replica is promoted to the primary + // instance after a failure of the existing primary instance. For more information, + // see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) // in the Amazon Aurora User Guide. // + // This setting doesn't apply to RDS Custom DB instances. + // // Default: 1 // // Valid Values: 0 - 15 PromotionTier *int64 `type:"integer"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // - // When the DB instance is publicly accessible, its DNS endpoint resolves to - // the private IP address from within the DB instance's VPC, and to the public - // IP address from outside of the DB instance's VPC. Access to the DB instance - // is ultimately controlled by the security group it uses, and that public access - // is not permitted if the security group assigned to the DB instance doesn't - // permit it. + // When the DB instance is publicly accessible and you connect from outside + // of the DB instance's virtual private cloud (VPC), its Domain Name System + // (DNS) endpoint resolves to the public IP address. When you connect from within + // the same VPC as the DB instance, the endpoint resolves to the private IP + // address. Access to the DB instance is ultimately controlled by the security + // group it uses. That public access isn't permitted if the security group assigned + // to the DB instance doesn't permit it. // // When the DB instance isn't publicly accessible, it is an internal DB instance // with a DNS name that resolves to a private IP address. @@ -33824,12 +49080,50 @@ type ModifyDBInstanceInput struct { // serve a read-only workload. For more information, see Working with Oracle // Read Replicas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom DB instances. ReplicaMode *string `type:"string" enum:"ReplicaMode"` - // Specifies the storage type to be associated with the DB instance. + // The number of minutes to pause the automation. When the time period ends, + // RDS Custom resumes full automation. + // + // Default: 60 + // + // Constraints: + // + // * Must be at least 60. + // + // * Must be no more than 1,440. + ResumeFullAutomationModeMinutes *int64 `type:"integer"` + + // Specifies whether to rotate the secret managed by Amazon Web Services Secrets + // Manager for the master user password. + // + // This setting is valid only if the master user password is managed by RDS + // in Amazon Web Services Secrets Manager for the DB cluster. The secret value + // contains the updated password. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide. + // + // Constraints: + // + // * You must apply the change immediately when rotating the master user + // password. + RotateMasterUserPassword *bool `type:"boolean"` + + // The storage throughput value for the DB instance. + // + // This setting applies only to the gp3 storage type. // - // If you specify Provisioned IOPS (io1), you must also include a value for - // the Iops parameter. + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + StorageThroughput *int64 `type:"integer"` + + // The storage type to associate with the DB instance. + // + // If you specify io1, io2, or gp3 you must also include a value for the Iops + // parameter. // // If you choose to migrate your DB instance from using standard storage to // using Provisioned IOPS, or from using Provisioned IOPS to using standard @@ -33844,42 +49138,58 @@ type ModifyDBInstanceInput struct { // modifying the instance, rebooting the instance, deleting the instance, creating // a read replica for the instance, and creating a DB snapshot of the instance. // - // Valid values: standard | gp2 | io1 + // Valid Values: gp2 | gp3 | io1 | io2 | standard // - // Default: io1 if the Iops parameter is specified, otherwise gp2 + // Default: io1, if the Iops parameter is specified. Otherwise, gp2. StorageType *string `type:"string"` // The ARN from the key store with which to associate the instance for TDE encryption. + // + // This setting doesn't apply to RDS Custom DB instances. TdeCredentialArn *string `type:"string"` // The password for the given ARN from the key store in order to access the // device. + // + // This setting doesn't apply to RDS Custom DB instances. TdeCredentialPassword *string `type:"string"` - // A value that indicates whether the DB instance class of the DB instance uses - // its default processor features. + // Specifies whether the DB instance class of the DB instance uses its default + // processor features. + // + // This setting doesn't apply to RDS Custom DB instances. UseDefaultProcessorFeatures *bool `type:"boolean"` - // A list of EC2 VPC security groups to authorize on this DB instance. This - // change is asynchronously applied as soon as possible. + // A list of Amazon EC2 VPC security groups to associate with this DB instance. + // This change is asynchronously applied as soon as possible. // - // Amazon Aurora + // This setting doesn't apply to the following DB instances: // - // Not applicable. The associated list of EC2 VPC security groups is managed - // by the DB cluster. For more information, see ModifyDBCluster. + // * Amazon Aurora (The associated list of EC2 VPC security groups is managed + // by the DB cluster. For more information, see ModifyDBCluster.) + // + // * RDS Custom // // Constraints: // - // * If supplied, must match existing VpcSecurityGroupIds. + // * If supplied, must match existing VPC security group IDs. VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBInstanceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBInstanceInput) GoString() string { return s.String() } @@ -33887,6 +49197,9 @@ func (s ModifyDBInstanceInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ModifyDBInstanceInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ModifyDBInstanceInput"} + if s.AwsBackupRecoveryPointArn != nil && len(*s.AwsBackupRecoveryPointArn) < 43 { + invalidParams.Add(request.NewErrParamMinLen("AwsBackupRecoveryPointArn", 43)) + } if s.DBInstanceIdentifier == nil { invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) } @@ -33921,6 +49234,18 @@ func (s *ModifyDBInstanceInput) SetAutoMinorVersionUpgrade(v bool) *ModifyDBInst return s } +// SetAutomationMode sets the AutomationMode field's value. +func (s *ModifyDBInstanceInput) SetAutomationMode(v string) *ModifyDBInstanceInput { + s.AutomationMode = &v + return s +} + +// SetAwsBackupRecoveryPointArn sets the AwsBackupRecoveryPointArn field's value. +func (s *ModifyDBInstanceInput) SetAwsBackupRecoveryPointArn(v string) *ModifyDBInstanceInput { + s.AwsBackupRecoveryPointArn = &v + return s +} + // SetBackupRetentionPeriod sets the BackupRetentionPeriod field's value. func (s *ModifyDBInstanceInput) SetBackupRetentionPeriod(v int64) *ModifyDBInstanceInput { s.BackupRetentionPeriod = &v @@ -33987,24 +49312,66 @@ func (s *ModifyDBInstanceInput) SetDBSubnetGroupName(v string) *ModifyDBInstance return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *ModifyDBInstanceInput) SetDedicatedLogVolume(v bool) *ModifyDBInstanceInput { + s.DedicatedLogVolume = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *ModifyDBInstanceInput) SetDeletionProtection(v bool) *ModifyDBInstanceInput { s.DeletionProtection = &v return s } +// SetDisableDomain sets the DisableDomain field's value. +func (s *ModifyDBInstanceInput) SetDisableDomain(v bool) *ModifyDBInstanceInput { + s.DisableDomain = &v + return s +} + // SetDomain sets the Domain field's value. func (s *ModifyDBInstanceInput) SetDomain(v string) *ModifyDBInstanceInput { s.Domain = &v return s } +// SetDomainAuthSecretArn sets the DomainAuthSecretArn field's value. +func (s *ModifyDBInstanceInput) SetDomainAuthSecretArn(v string) *ModifyDBInstanceInput { + s.DomainAuthSecretArn = &v + return s +} + +// SetDomainDnsIps sets the DomainDnsIps field's value. +func (s *ModifyDBInstanceInput) SetDomainDnsIps(v []*string) *ModifyDBInstanceInput { + s.DomainDnsIps = v + return s +} + +// SetDomainFqdn sets the DomainFqdn field's value. +func (s *ModifyDBInstanceInput) SetDomainFqdn(v string) *ModifyDBInstanceInput { + s.DomainFqdn = &v + return s +} + // SetDomainIAMRoleName sets the DomainIAMRoleName field's value. func (s *ModifyDBInstanceInput) SetDomainIAMRoleName(v string) *ModifyDBInstanceInput { s.DomainIAMRoleName = &v return s } +// SetDomainOu sets the DomainOu field's value. +func (s *ModifyDBInstanceInput) SetDomainOu(v string) *ModifyDBInstanceInput { + s.DomainOu = &v + return s +} + +// SetEnableCustomerOwnedIp sets the EnableCustomerOwnedIp field's value. +func (s *ModifyDBInstanceInput) SetEnableCustomerOwnedIp(v bool) *ModifyDBInstanceInput { + s.EnableCustomerOwnedIp = &v + return s +} + // SetEnableIAMDatabaseAuthentication sets the EnableIAMDatabaseAuthentication field's value. func (s *ModifyDBInstanceInput) SetEnableIAMDatabaseAuthentication(v bool) *ModifyDBInstanceInput { s.EnableIAMDatabaseAuthentication = &v @@ -34017,6 +49384,12 @@ func (s *ModifyDBInstanceInput) SetEnablePerformanceInsights(v bool) *ModifyDBIn return s } +// SetEngine sets the Engine field's value. +func (s *ModifyDBInstanceInput) SetEngine(v string) *ModifyDBInstanceInput { + s.Engine = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *ModifyDBInstanceInput) SetEngineVersion(v string) *ModifyDBInstanceInput { s.EngineVersion = &v @@ -34035,12 +49408,24 @@ func (s *ModifyDBInstanceInput) SetLicenseModel(v string) *ModifyDBInstanceInput return s } +// SetManageMasterUserPassword sets the ManageMasterUserPassword field's value. +func (s *ModifyDBInstanceInput) SetManageMasterUserPassword(v bool) *ModifyDBInstanceInput { + s.ManageMasterUserPassword = &v + return s +} + // SetMasterUserPassword sets the MasterUserPassword field's value. func (s *ModifyDBInstanceInput) SetMasterUserPassword(v string) *ModifyDBInstanceInput { s.MasterUserPassword = &v return s } +// SetMasterUserSecretKmsKeyId sets the MasterUserSecretKmsKeyId field's value. +func (s *ModifyDBInstanceInput) SetMasterUserSecretKmsKeyId(v string) *ModifyDBInstanceInput { + s.MasterUserSecretKmsKeyId = &v + return s +} + // SetMaxAllocatedStorage sets the MaxAllocatedStorage field's value. func (s *ModifyDBInstanceInput) SetMaxAllocatedStorage(v int64) *ModifyDBInstanceInput { s.MaxAllocatedStorage = &v @@ -34065,6 +49450,18 @@ func (s *ModifyDBInstanceInput) SetMultiAZ(v bool) *ModifyDBInstanceInput { return s } +// SetMultiTenant sets the MultiTenant field's value. +func (s *ModifyDBInstanceInput) SetMultiTenant(v bool) *ModifyDBInstanceInput { + s.MultiTenant = &v + return s +} + +// SetNetworkType sets the NetworkType field's value. +func (s *ModifyDBInstanceInput) SetNetworkType(v string) *ModifyDBInstanceInput { + s.NetworkType = &v + return s +} + // SetNewDBInstanceIdentifier sets the NewDBInstanceIdentifier field's value. func (s *ModifyDBInstanceInput) SetNewDBInstanceIdentifier(v string) *ModifyDBInstanceInput { s.NewDBInstanceIdentifier = &v @@ -34125,6 +49522,24 @@ func (s *ModifyDBInstanceInput) SetReplicaMode(v string) *ModifyDBInstanceInput return s } +// SetResumeFullAutomationModeMinutes sets the ResumeFullAutomationModeMinutes field's value. +func (s *ModifyDBInstanceInput) SetResumeFullAutomationModeMinutes(v int64) *ModifyDBInstanceInput { + s.ResumeFullAutomationModeMinutes = &v + return s +} + +// SetRotateMasterUserPassword sets the RotateMasterUserPassword field's value. +func (s *ModifyDBInstanceInput) SetRotateMasterUserPassword(v bool) *ModifyDBInstanceInput { + s.RotateMasterUserPassword = &v + return s +} + +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *ModifyDBInstanceInput) SetStorageThroughput(v int64) *ModifyDBInstanceInput { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *ModifyDBInstanceInput) SetStorageType(v string) *ModifyDBInstanceInput { s.StorageType = &v @@ -34160,16 +49575,27 @@ type ModifyDBInstanceOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBInstanceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBInstanceOutput) GoString() string { return s.String() } @@ -34192,27 +49618,48 @@ type ModifyDBParameterGroupInput struct { // DBParameterGroupName is a required field DBParameterGroupName *string `type:"string" required:"true"` - // An array of parameter names, values, and the apply method for the parameter - // update. At least one parameter name, value, and apply method must be supplied; - // later arguments are optional. A maximum of 20 parameters can be modified - // in a single request. + // An array of parameter names, values, and the application methods for the + // parameter update. At least one parameter name, value, and application method + // must be supplied; later arguments are optional. A maximum of 20 parameters + // can be modified in a single request. // // Valid Values (for the application method): immediate | pending-reboot // // You can use the immediate value with dynamic parameters only. You can use - // the pending-reboot value for both dynamic and static parameters, and changes - // are applied when you reboot the DB instance without failover. + // the pending-reboot value for both dynamic and static parameters. + // + // When the application method is immediate, changes to dynamic parameters are + // applied immediately to the DB instances associated with the parameter group. + // + // When the application method is pending-reboot, changes to dynamic and static + // parameters are applied after a reboot without failover to the DB instances + // associated with the parameter group. + // + // You can't use pending-reboot with dynamic parameters on RDS for SQL Server + // DB instances. Use immediate. + // + // For more information on modifying DB parameters, see Working with DB parameter + // groups (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) + // in the Amazon RDS User Guide. // // Parameters is a required field Parameters []*Parameter `locationNameList:"Parameter" type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBParameterGroupInput) GoString() string { return s.String() } @@ -34245,6 +49692,113 @@ func (s *ModifyDBParameterGroupInput) SetParameters(v []*Parameter) *ModifyDBPar return s } +type ModifyDBProxyEndpointInput struct { + _ struct{} `type:"structure"` + + // The name of the DB proxy sociated with the DB proxy endpoint that you want + // to modify. + // + // DBProxyEndpointName is a required field + DBProxyEndpointName *string `min:"1" type:"string" required:"true"` + + // The new identifier for the DBProxyEndpoint. An identifier must begin with + // a letter and must contain only ASCII letters, digits, and hyphens; it can't + // end with a hyphen or contain two consecutive hyphens. + NewDBProxyEndpointName *string `min:"1" type:"string"` + + // The VPC security group IDs for the DB proxy endpoint. When the DB proxy endpoint + // uses a different VPC than the original proxy, you also specify a different + // set of security group IDs than for the original proxy. + VpcSecurityGroupIds []*string `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBProxyEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBProxyEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyDBProxyEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyDBProxyEndpointInput"} + if s.DBProxyEndpointName == nil { + invalidParams.Add(request.NewErrParamRequired("DBProxyEndpointName")) + } + if s.DBProxyEndpointName != nil && len(*s.DBProxyEndpointName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBProxyEndpointName", 1)) + } + if s.NewDBProxyEndpointName != nil && len(*s.NewDBProxyEndpointName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NewDBProxyEndpointName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBProxyEndpointName sets the DBProxyEndpointName field's value. +func (s *ModifyDBProxyEndpointInput) SetDBProxyEndpointName(v string) *ModifyDBProxyEndpointInput { + s.DBProxyEndpointName = &v + return s +} + +// SetNewDBProxyEndpointName sets the NewDBProxyEndpointName field's value. +func (s *ModifyDBProxyEndpointInput) SetNewDBProxyEndpointName(v string) *ModifyDBProxyEndpointInput { + s.NewDBProxyEndpointName = &v + return s +} + +// SetVpcSecurityGroupIds sets the VpcSecurityGroupIds field's value. +func (s *ModifyDBProxyEndpointInput) SetVpcSecurityGroupIds(v []*string) *ModifyDBProxyEndpointInput { + s.VpcSecurityGroupIds = v + return s +} + +type ModifyDBProxyEndpointOutput struct { + _ struct{} `type:"structure"` + + // The DBProxyEndpoint object representing the new settings for the DB proxy + // endpoint. + DBProxyEndpoint *DBProxyEndpoint `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBProxyEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBProxyEndpointOutput) GoString() string { + return s.String() +} + +// SetDBProxyEndpoint sets the DBProxyEndpoint field's value. +func (s *ModifyDBProxyEndpointOutput) SetDBProxyEndpoint(v *DBProxyEndpoint) *ModifyDBProxyEndpointOutput { + s.DBProxyEndpoint = v + return s +} + type ModifyDBProxyInput struct { _ struct{} `type:"structure"` @@ -34281,19 +49835,27 @@ type ModifyDBProxyInput struct { RequireTLS *bool `type:"boolean"` // The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access - // secrets in AWS Secrets Manager. + // secrets in Amazon Web Services Secrets Manager. RoleArn *string `type:"string"` // The new list of security groups for the DBProxy. SecurityGroups []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyInput) GoString() string { return s.String() } @@ -34366,12 +49928,20 @@ type ModifyDBProxyOutput struct { DBProxy *DBProxy `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyOutput) GoString() string { return s.String() } @@ -34389,7 +49959,7 @@ type ModifyDBProxyTargetGroupInput struct { // for the target group. ConnectionPoolConfig *ConnectionPoolConfiguration `type:"structure"` - // The name of the new proxy to which to assign the target group. + // The name of the proxy. // // DBProxyName is a required field DBProxyName *string `type:"string" required:"true"` @@ -34399,18 +49969,26 @@ type ModifyDBProxyTargetGroupInput struct { // end with a hyphen or contain two consecutive hyphens. NewName *string `type:"string"` - // The name of the new target group to assign to the proxy. + // The name of the target group to modify. // // TargetGroupName is a required field TargetGroupName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyTargetGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyTargetGroupInput) GoString() string { return s.String() } @@ -34462,12 +50040,20 @@ type ModifyDBProxyTargetGroupOutput struct { DBProxyTargetGroup *DBProxyTargetGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyTargetGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBProxyTargetGroupOutput) GoString() string { return s.String() } @@ -34478,16 +50064,314 @@ func (s *ModifyDBProxyTargetGroupOutput) SetDBProxyTargetGroup(v *DBProxyTargetG return s } +type ModifyDBRecommendationInput struct { + _ struct{} `type:"structure"` + + // The language of the modified recommendation. + Locale *string `type:"string"` + + // The identifier of the recommendation to update. + // + // RecommendationId is a required field + RecommendationId *string `type:"string" required:"true"` + + // The list of recommended action status to update. You can update multiple + // recommended actions at one time. + RecommendedActionUpdates []*RecommendedActionUpdate `type:"list"` + + // The recommendation status to update. + // + // Valid values: + // + // * active + // + // * dismissed + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBRecommendationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBRecommendationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyDBRecommendationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyDBRecommendationInput"} + if s.RecommendationId == nil { + invalidParams.Add(request.NewErrParamRequired("RecommendationId")) + } + if s.RecommendedActionUpdates != nil { + for i, v := range s.RecommendedActionUpdates { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RecommendedActionUpdates", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLocale sets the Locale field's value. +func (s *ModifyDBRecommendationInput) SetLocale(v string) *ModifyDBRecommendationInput { + s.Locale = &v + return s +} + +// SetRecommendationId sets the RecommendationId field's value. +func (s *ModifyDBRecommendationInput) SetRecommendationId(v string) *ModifyDBRecommendationInput { + s.RecommendationId = &v + return s +} + +// SetRecommendedActionUpdates sets the RecommendedActionUpdates field's value. +func (s *ModifyDBRecommendationInput) SetRecommendedActionUpdates(v []*RecommendedActionUpdate) *ModifyDBRecommendationInput { + s.RecommendedActionUpdates = v + return s +} + +// SetStatus sets the Status field's value. +func (s *ModifyDBRecommendationInput) SetStatus(v string) *ModifyDBRecommendationInput { + s.Status = &v + return s +} + +type ModifyDBRecommendationOutput struct { + _ struct{} `type:"structure"` + + // The recommendation for your DB instances, DB clusters, and DB parameter groups. + DBRecommendation *DBRecommendation `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBRecommendationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBRecommendationOutput) GoString() string { + return s.String() +} + +// SetDBRecommendation sets the DBRecommendation field's value. +func (s *ModifyDBRecommendationOutput) SetDBRecommendation(v *DBRecommendation) *ModifyDBRecommendationOutput { + s.DBRecommendation = v + return s +} + +type ModifyDBShardGroupInput struct { + _ struct{} `type:"structure"` + + // The name of the DB shard group to modify. + // + // DBShardGroupIdentifier is a required field + DBShardGroupIdentifier *string `min:"1" type:"string" required:"true"` + + // The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + MaxACU *float64 `type:"double"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBShardGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBShardGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyDBShardGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyDBShardGroupInput"} + if s.DBShardGroupIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBShardGroupIdentifier")) + } + if s.DBShardGroupIdentifier != nil && len(*s.DBShardGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBShardGroupIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *ModifyDBShardGroupInput) SetDBShardGroupIdentifier(v string) *ModifyDBShardGroupInput { + s.DBShardGroupIdentifier = &v + return s +} + +// SetMaxACU sets the MaxACU field's value. +func (s *ModifyDBShardGroupInput) SetMaxACU(v float64) *ModifyDBShardGroupInput { + s.MaxACU = &v + return s +} + +type ModifyDBShardGroupOutput struct { + _ struct{} `type:"structure"` + + // Specifies whether to create standby instances for the DB shard group. Valid + // values are the following: + // + // * 0 - Creates a single, primary DB instance for each physical shard. This + // is the default value, and the only one supported for the preview. + // + // * 1 - Creates a primary DB instance and a standby instance in a different + // Availability Zone (AZ) for each physical shard. + // + // * 2 - Creates a primary DB instance and two standby instances in different + // AZs for each physical shard. + ComputeRedundancy *int64 `type:"integer"` + + // The name of the primary DB cluster for the DB shard group. + DBClusterIdentifier *string `type:"string"` + + // The name of the DB shard group. + DBShardGroupIdentifier *string `min:"1" type:"string"` + + // The Amazon Web Services Region-unique, immutable identifier for the DB shard + // group. + DBShardGroupResourceId *string `type:"string"` + + // The connection endpoint for the DB shard group. + Endpoint *string `type:"string"` + + // The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + MaxACU *float64 `type:"double"` + + // Indicates whether the DB shard group is publicly accessible. + // + // When the DB shard group is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB shard group's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB shard group's VPC. Access to the DB shard group is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB shard group doesn't permit it. + // + // When the DB shard group isn't publicly accessible, it is an internal DB shard + // group with a DNS name that resolves to a private IP address. + // + // For more information, see CreateDBShardGroup. + // + // This setting is only for Aurora Limitless Database. + PubliclyAccessible *bool `type:"boolean"` + + // The status of the DB shard group. + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBShardGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyDBShardGroupOutput) GoString() string { + return s.String() +} + +// SetComputeRedundancy sets the ComputeRedundancy field's value. +func (s *ModifyDBShardGroupOutput) SetComputeRedundancy(v int64) *ModifyDBShardGroupOutput { + s.ComputeRedundancy = &v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *ModifyDBShardGroupOutput) SetDBClusterIdentifier(v string) *ModifyDBShardGroupOutput { + s.DBClusterIdentifier = &v + return s +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *ModifyDBShardGroupOutput) SetDBShardGroupIdentifier(v string) *ModifyDBShardGroupOutput { + s.DBShardGroupIdentifier = &v + return s +} + +// SetDBShardGroupResourceId sets the DBShardGroupResourceId field's value. +func (s *ModifyDBShardGroupOutput) SetDBShardGroupResourceId(v string) *ModifyDBShardGroupOutput { + s.DBShardGroupResourceId = &v + return s +} + +// SetEndpoint sets the Endpoint field's value. +func (s *ModifyDBShardGroupOutput) SetEndpoint(v string) *ModifyDBShardGroupOutput { + s.Endpoint = &v + return s +} + +// SetMaxACU sets the MaxACU field's value. +func (s *ModifyDBShardGroupOutput) SetMaxACU(v float64) *ModifyDBShardGroupOutput { + s.MaxACU = &v + return s +} + +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *ModifyDBShardGroupOutput) SetPubliclyAccessible(v bool) *ModifyDBShardGroupOutput { + s.PubliclyAccessible = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ModifyDBShardGroupOutput) SetStatus(v string) *ModifyDBShardGroupOutput { + s.Status = &v + return s +} + type ModifyDBSnapshotAttributeInput struct { _ struct{} `type:"structure"` // The name of the DB snapshot attribute to modify. // - // To manage authorization for other AWS accounts to copy or restore a manual - // DB snapshot, set this value to restore. + // To manage authorization for other Amazon Web Services accounts to copy or + // restore a manual DB snapshot, set this value to restore. // // To view the list of attributes available to modify, use the DescribeDBSnapshotAttributes - // API action. + // API operation. // // AttributeName is a required field AttributeName *string `type:"string" required:"true"` @@ -34499,30 +50383,40 @@ type ModifyDBSnapshotAttributeInput struct { // A list of DB snapshot attributes to add to the attribute specified by AttributeName. // - // To authorize other AWS accounts to copy or restore a manual snapshot, set - // this list to include one or more AWS account IDs, or all to make the manual - // DB snapshot restorable by any AWS account. Do not add the all value for any - // manual DB snapshots that contain private information that you don't want - // available to all AWS accounts. + // To authorize other Amazon Web Services accounts to copy or restore a manual + // snapshot, set this list to include one or more Amazon Web Services account + // IDs, or all to make the manual DB snapshot restorable by any Amazon Web Services + // account. Do not add the all value for any manual DB snapshots that contain + // private information that you don't want available to all Amazon Web Services + // accounts. ValuesToAdd []*string `locationNameList:"AttributeValue" type:"list"` // A list of DB snapshot attributes to remove from the attribute specified by // AttributeName. // - // To remove authorization for other AWS accounts to copy or restore a manual - // snapshot, set this list to include one or more AWS account identifiers, or - // all to remove authorization for any AWS account to copy or restore the DB - // snapshot. If you specify all, an AWS account whose account ID is explicitly - // added to the restore attribute can still copy or restore the manual DB snapshot. + // To remove authorization for other Amazon Web Services accounts to copy or + // restore a manual snapshot, set this list to include one or more Amazon Web + // Services account identifiers, or all to remove authorization for any Amazon + // Web Services account to copy or restore the DB snapshot. If you specify all, + // an Amazon Web Services account whose account ID is explicitly added to the + // restore attribute can still copy or restore the manual DB snapshot. ValuesToRemove []*string `locationNameList:"AttributeValue" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotAttributeInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotAttributeInput) GoString() string { return s.String() } @@ -34573,18 +50467,26 @@ type ModifyDBSnapshotAttributeOutput struct { // Contains the results of a successful call to the DescribeDBSnapshotAttributes // API action. // - // Manual DB snapshot attributes are used to authorize other AWS accounts to - // copy or restore a manual DB snapshot. For more information, see the ModifyDBSnapshotAttribute - // API action. + // Manual DB snapshot attributes are used to authorize other Amazon Web Services + // accounts to copy or restore a manual DB snapshot. For more information, see + // the ModifyDBSnapshotAttribute API action. DBSnapshotAttributesResult *DBSnapshotAttributesResult `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotAttributeOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotAttributeOutput) GoString() string { return s.String() } @@ -34610,10 +50512,16 @@ type ModifyDBSnapshotInput struct { // // MySQL // - // * 5.5.46 (supported for 5.1 DB snapshots) + // For the list of engine versions that are available for upgrading a DB snapshot, + // see Upgrading a MySQL DB snapshot engine version (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/mysql-upgrade-snapshot.html) + // in the Amazon RDS User Guide. // // Oracle // + // * 19.0.0.0.ru-2022-01.rur-2022-01.r1 (supported for 12.2.0.1 DB snapshots) + // + // * 19.0.0.0.ru-2022-07.rur-2022-07.r1 (supported for 12.1.0.2 DB snapshots) + // // * 12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots) // // * 11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots) @@ -34623,25 +50531,34 @@ type ModifyDBSnapshotInput struct { // PostgreSQL // // For the list of engine versions that are available for upgrading a DB snapshot, - // see Upgrading the PostgreSQL DB Engine for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.PostgreSQL.html#USER_UpgradeDBInstance.PostgreSQL.MajorVersion). + // see Upgrading a PostgreSQL DB snapshot engine version (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBSnapshot.PostgreSQL.html) + // in the Amazon RDS User Guide. EngineVersion *string `type:"string"` // The option group to identify with the upgraded DB snapshot. // // You can specify this parameter when you upgrade an Oracle DB snapshot. The // same option group considerations apply when upgrading a DB snapshot as when - // upgrading a DB instance. For more information, see Option Group Considerations - // (http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Oracle.html#USER_UpgradeDBInstance.Oracle.OGPG.OG) + // upgrading a DB instance. For more information, see Option group considerations + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Oracle.html#USER_UpgradeDBInstance.Oracle.OGPG.OG) // in the Amazon RDS User Guide. OptionGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotInput) GoString() string { return s.String() } @@ -34686,12 +50603,20 @@ type ModifyDBSnapshotOutput struct { DBSnapshot *DBSnapshot `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSnapshotOutput) GoString() string { return s.String() } @@ -34714,7 +50639,7 @@ type ModifyDBSubnetGroupInput struct { // Constraints: Must match the name of an existing DBSubnetGroup. Must not be // default. // - // Example: mySubnetgroup + // Example: mydbsubnetgroup // // DBSubnetGroupName is a required field DBSubnetGroupName *string `type:"string" required:"true"` @@ -34725,12 +50650,20 @@ type ModifyDBSubnetGroupInput struct { SubnetIds []*string `locationNameList:"SubnetIdentifier" type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSubnetGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSubnetGroupInput) GoString() string { return s.String() } @@ -34779,12 +50712,20 @@ type ModifyDBSubnetGroupOutput struct { DBSubnetGroup *DBSubnetGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSubnetGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyDBSubnetGroupOutput) GoString() string { return s.String() } @@ -34798,7 +50739,7 @@ func (s *ModifyDBSubnetGroupOutput) SetDBSubnetGroup(v *DBSubnetGroup) *ModifyDB type ModifyEventSubscriptionInput struct { _ struct{} `type:"structure"` - // A value that indicates whether to activate the subscription. + // Specifies whether to activate the subscription. Enabled *bool `type:"boolean"` // A list of event categories for a source type (SourceType) that you want to @@ -34814,10 +50755,12 @@ type ModifyEventSubscriptionInput struct { // The type of source that is generating the events. For example, if you want // to be notified of events generated by a DB instance, you would set this parameter - // to db-instance. If this value isn't specified, all events are returned. + // to db-instance. For RDS Proxy events, specify db-proxy. If this value isn't + // specified, all events are returned. // - // Valid values: db-instance | db-cluster | db-parameter-group | db-security-group - // | db-snapshot | db-cluster-snapshot + // Valid Values:db-instance | db-cluster | db-parameter-group | db-security-group + // | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version + // | blue-green-deployment SourceType *string `type:"string"` // The name of the RDS event notification subscription. @@ -34826,12 +50769,20 @@ type ModifyEventSubscriptionInput struct { SubscriptionName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyEventSubscriptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyEventSubscriptionInput) GoString() string { return s.String() } @@ -34887,12 +50838,20 @@ type ModifyEventSubscriptionOutput struct { EventSubscription *EventSubscription `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyEventSubscriptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyEventSubscriptionOutput) GoString() string { return s.String() } @@ -34906,50 +50865,96 @@ func (s *ModifyEventSubscriptionOutput) SetEventSubscription(v *EventSubscriptio type ModifyGlobalClusterInput struct { _ struct{} `type:"structure"` - // Indicates if the global database cluster has deletion protection enabled. + // Specifies whether to allow major version upgrades. + // + // Constraints: Must be enabled if you specify a value for the EngineVersion + // parameter that's a different major version than the global cluster's current + // version. + // + // If you upgrade the major version of a global database, the cluster and DB + // instance parameter groups are set to the default parameter groups for the + // new version. Apply any custom parameter groups after completing the upgrade. + AllowMajorVersionUpgrade *bool `type:"boolean"` + + // Specifies whether to enable deletion protection for the global database cluster. // The global database cluster can't be deleted when deletion protection is // enabled. DeletionProtection *bool `type:"boolean"` - // The DB cluster identifier for the global cluster being modified. This parameter - // isn't case-sensitive. + // The version number of the database engine to which you want to upgrade. + // + // To list all of the available engine versions for aurora-mysql (for MySQL-based + // Aurora global databases), use the following command: + // + // aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases + // == `true`].[EngineVersion]' + // + // To list all of the available engine versions for aurora-postgresql (for PostgreSQL-based + // Aurora global databases), use the following command: + // + // aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases + // == `true`].[EngineVersion]' + EngineVersion *string `type:"string"` + + // The cluster identifier for the global cluster to modify. This parameter isn't + // case-sensitive. // // Constraints: // // * Must match the identifier of an existing global database cluster. GlobalClusterIdentifier *string `type:"string"` - // The new cluster identifier for the global database cluster when modifying - // a global database cluster. This value is stored as a lowercase string. + // The new cluster identifier for the global database cluster. This value is + // stored as a lowercase string. // // Constraints: // - // * Must contain from 1 to 63 letters, numbers, or hyphens + // * Must contain from 1 to 63 letters, numbers, or hyphens. // - // * The first character must be a letter + // * The first character must be a letter. // - // * Can't end with a hyphen or contain two consecutive hyphens + // * Can't end with a hyphen or contain two consecutive hyphens. // // Example: my-cluster2 NewGlobalClusterIdentifier *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyGlobalClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyGlobalClusterInput) GoString() string { return s.String() } +// SetAllowMajorVersionUpgrade sets the AllowMajorVersionUpgrade field's value. +func (s *ModifyGlobalClusterInput) SetAllowMajorVersionUpgrade(v bool) *ModifyGlobalClusterInput { + s.AllowMajorVersionUpgrade = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *ModifyGlobalClusterInput) SetDeletionProtection(v bool) *ModifyGlobalClusterInput { s.DeletionProtection = &v return s } +// SetEngineVersion sets the EngineVersion field's value. +func (s *ModifyGlobalClusterInput) SetEngineVersion(v string) *ModifyGlobalClusterInput { + s.EngineVersion = &v + return s +} + // SetGlobalClusterIdentifier sets the GlobalClusterIdentifier field's value. func (s *ModifyGlobalClusterInput) SetGlobalClusterIdentifier(v string) *ModifyGlobalClusterInput { s.GlobalClusterIdentifier = &v @@ -34969,12 +50974,20 @@ type ModifyGlobalClusterOutput struct { GlobalCluster *GlobalCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyGlobalClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyGlobalClusterOutput) GoString() string { return s.String() } @@ -34985,12 +50998,231 @@ func (s *ModifyGlobalClusterOutput) SetGlobalCluster(v *GlobalCluster) *ModifyGl return s } +type ModifyIntegrationInput struct { + _ struct{} `type:"structure"` + + // A new data filter for the integration. For more information, see Data filtering + // for Aurora zero-ETL integrations with Amazon Redshift (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Zero_ETL_Filtering.html). + DataFilter *string `min:"1" type:"string"` + + // A new description for the integration. + Description *string `type:"string"` + + // The unique identifier of the integration to modify. + // + // IntegrationIdentifier is a required field + IntegrationIdentifier *string `min:"1" type:"string" required:"true"` + + // A new name for the integration. + IntegrationName *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyIntegrationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyIntegrationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyIntegrationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyIntegrationInput"} + if s.DataFilter != nil && len(*s.DataFilter) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DataFilter", 1)) + } + if s.IntegrationIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("IntegrationIdentifier")) + } + if s.IntegrationIdentifier != nil && len(*s.IntegrationIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IntegrationIdentifier", 1)) + } + if s.IntegrationName != nil && len(*s.IntegrationName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IntegrationName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDataFilter sets the DataFilter field's value. +func (s *ModifyIntegrationInput) SetDataFilter(v string) *ModifyIntegrationInput { + s.DataFilter = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyIntegrationInput) SetDescription(v string) *ModifyIntegrationInput { + s.Description = &v + return s +} + +// SetIntegrationIdentifier sets the IntegrationIdentifier field's value. +func (s *ModifyIntegrationInput) SetIntegrationIdentifier(v string) *ModifyIntegrationInput { + s.IntegrationIdentifier = &v + return s +} + +// SetIntegrationName sets the IntegrationName field's value. +func (s *ModifyIntegrationInput) SetIntegrationName(v string) *ModifyIntegrationInput { + s.IntegrationName = &v + return s +} + +// A zero-ETL integration with Amazon Redshift. +type ModifyIntegrationOutput struct { + _ struct{} `type:"structure"` + + // The encryption context for the integration. For more information, see Encryption + // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the Amazon Web Services Key Management Service Developer Guide. + AdditionalEncryptionContext map[string]*string `type:"map"` + + // The time when the integration was created, in Universal Coordinated Time + // (UTC). + CreateTime *time.Time `type:"timestamp"` + + // Data filters for the integration. These filters determine which tables from + // the source database are sent to the target Amazon Redshift data warehouse. + DataFilter *string `min:"1" type:"string"` + + // A description of the integration. + Description *string `type:"string"` + + // Any errors associated with the integration. + Errors []*IntegrationError `locationNameList:"IntegrationError" type:"list"` + + // The ARN of the integration. + IntegrationArn *string `min:"1" type:"string"` + + // The name of the integration. + IntegrationName *string `min:"1" type:"string"` + + // The Amazon Web Services Key Management System (Amazon Web Services KMS) key + // identifier for the key used to to encrypt the integration. + KMSKeyId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the database used as the source for replication. + SourceArn *string `min:"1" type:"string"` + + // The current status of the integration. + Status *string `type:"string" enum:"IntegrationStatus"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + Tags []*Tag `locationNameList:"Tag" type:"list"` + + // The ARN of the Redshift data warehouse used as the target for replication. + TargetArn *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyIntegrationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyIntegrationOutput) GoString() string { + return s.String() +} + +// SetAdditionalEncryptionContext sets the AdditionalEncryptionContext field's value. +func (s *ModifyIntegrationOutput) SetAdditionalEncryptionContext(v map[string]*string) *ModifyIntegrationOutput { + s.AdditionalEncryptionContext = v + return s +} + +// SetCreateTime sets the CreateTime field's value. +func (s *ModifyIntegrationOutput) SetCreateTime(v time.Time) *ModifyIntegrationOutput { + s.CreateTime = &v + return s +} + +// SetDataFilter sets the DataFilter field's value. +func (s *ModifyIntegrationOutput) SetDataFilter(v string) *ModifyIntegrationOutput { + s.DataFilter = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyIntegrationOutput) SetDescription(v string) *ModifyIntegrationOutput { + s.Description = &v + return s +} + +// SetErrors sets the Errors field's value. +func (s *ModifyIntegrationOutput) SetErrors(v []*IntegrationError) *ModifyIntegrationOutput { + s.Errors = v + return s +} + +// SetIntegrationArn sets the IntegrationArn field's value. +func (s *ModifyIntegrationOutput) SetIntegrationArn(v string) *ModifyIntegrationOutput { + s.IntegrationArn = &v + return s +} + +// SetIntegrationName sets the IntegrationName field's value. +func (s *ModifyIntegrationOutput) SetIntegrationName(v string) *ModifyIntegrationOutput { + s.IntegrationName = &v + return s +} + +// SetKMSKeyId sets the KMSKeyId field's value. +func (s *ModifyIntegrationOutput) SetKMSKeyId(v string) *ModifyIntegrationOutput { + s.KMSKeyId = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *ModifyIntegrationOutput) SetSourceArn(v string) *ModifyIntegrationOutput { + s.SourceArn = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ModifyIntegrationOutput) SetStatus(v string) *ModifyIntegrationOutput { + s.Status = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *ModifyIntegrationOutput) SetTags(v []*Tag) *ModifyIntegrationOutput { + s.Tags = v + return s +} + +// SetTargetArn sets the TargetArn field's value. +func (s *ModifyIntegrationOutput) SetTargetArn(v string) *ModifyIntegrationOutput { + s.TargetArn = &v + return s +} + type ModifyOptionGroupInput struct { _ struct{} `type:"structure"` - // A value that indicates whether to apply the change immediately or during - // the next maintenance window for each instance associated with the option - // group. + // Specifies whether to apply the change immediately or during the next maintenance + // window for each instance associated with the option group. ApplyImmediately *bool `type:"boolean"` // The name of the option group to be modified. @@ -35010,12 +51242,20 @@ type ModifyOptionGroupInput struct { OptionsToRemove []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyOptionGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyOptionGroupInput) GoString() string { return s.String() } @@ -35073,12 +51313,20 @@ type ModifyOptionGroupOutput struct { OptionGroup *OptionGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyOptionGroupOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ModifyOptionGroupOutput) GoString() string { return s.String() } @@ -35089,7 +51337,152 @@ func (s *ModifyOptionGroupOutput) SetOptionGroup(v *OptionGroup) *ModifyOptionGr return s } -// Option details. +type ModifyTenantDatabaseInput struct { + _ struct{} `type:"structure"` + + // The identifier of the DB instance that contains the tenant database that + // you are modifying. This parameter isn't case-sensitive. + // + // Constraints: + // + // * Must match the identifier of an existing DB instance. + // + // DBInstanceIdentifier is a required field + DBInstanceIdentifier *string `type:"string" required:"true"` + + // The new password for the master user of the specified tenant database in + // your DB instance. + // + // Amazon RDS operations never return the password, so this action provides + // a way to regain access to a tenant database user if the password is lost. + // This includes restoring privileges that might have been accidentally revoked. + // + // Constraints: + // + // * Can include any printable ASCII character except /, " (double quote), + // @, & (ampersand), and ' (single quote). + // + // Length constraints: + // + // * Must contain between 8 and 30 characters. + // + // MasterUserPassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyTenantDatabaseInput's + // String and GoString methods. + MasterUserPassword *string `type:"string" sensitive:"true"` + + // The new name of the tenant database when renaming a tenant database. This + // parameter isn’t case-sensitive. + // + // Constraints: + // + // * Can't be the string null or any other reserved word. + // + // * Can't be longer than 8 characters. + NewTenantDBName *string `type:"string"` + + // The user-supplied name of the tenant database that you want to modify. This + // parameter isn’t case-sensitive. + // + // Constraints: + // + // * Must match the identifier of an existing tenant database. + // + // TenantDBName is a required field + TenantDBName *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTenantDatabaseInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTenantDatabaseInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyTenantDatabaseInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyTenantDatabaseInput"} + if s.DBInstanceIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) + } + if s.TenantDBName == nil { + invalidParams.Add(request.NewErrParamRequired("TenantDBName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *ModifyTenantDatabaseInput) SetDBInstanceIdentifier(v string) *ModifyTenantDatabaseInput { + s.DBInstanceIdentifier = &v + return s +} + +// SetMasterUserPassword sets the MasterUserPassword field's value. +func (s *ModifyTenantDatabaseInput) SetMasterUserPassword(v string) *ModifyTenantDatabaseInput { + s.MasterUserPassword = &v + return s +} + +// SetNewTenantDBName sets the NewTenantDBName field's value. +func (s *ModifyTenantDatabaseInput) SetNewTenantDBName(v string) *ModifyTenantDatabaseInput { + s.NewTenantDBName = &v + return s +} + +// SetTenantDBName sets the TenantDBName field's value. +func (s *ModifyTenantDatabaseInput) SetTenantDBName(v string) *ModifyTenantDatabaseInput { + s.TenantDBName = &v + return s +} + +type ModifyTenantDatabaseOutput struct { + _ struct{} `type:"structure"` + + // A tenant database in the DB instance. This data type is an element in the + // response to the DescribeTenantDatabases action. + TenantDatabase *TenantDatabase `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTenantDatabaseOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyTenantDatabaseOutput) GoString() string { + return s.String() +} + +// SetTenantDatabase sets the TenantDatabase field's value. +func (s *ModifyTenantDatabaseOutput) SetTenantDatabase(v *TenantDatabase) *ModifyTenantDatabaseOutput { + s.TenantDatabase = v + return s +} + +// The details of an option. type Option struct { _ struct{} `type:"structure"` @@ -35109,10 +51502,10 @@ type Option struct { // The version of the option. OptionVersion *string `type:"string"` - // Indicate if this option is permanent. + // Indicates whether this option is permanent. Permanent *bool `type:"boolean"` - // Indicate if this option is persistent. + // Indicates whether this option is persistent. Persistent *bool `type:"boolean"` // If required, the port configured for this option to use. @@ -35123,12 +51516,20 @@ type Option struct { VpcSecurityGroupMemberships []*VpcSecurityGroupMembership `locationNameList:"VpcSecurityGroupMembership" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Option) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Option) GoString() string { return s.String() } @@ -35212,12 +51613,20 @@ type OptionConfiguration struct { VpcSecurityGroupMemberships []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionConfiguration) GoString() string { return s.String() } @@ -35279,13 +51688,16 @@ type OptionGroup struct { // VPC and non-VPC instances. AllowsVpcAndNonVpcInstanceMemberships *bool `type:"boolean"` + // Indicates when the option group was copied. + CopyTimestamp *time.Time `type:"timestamp"` + // Indicates the name of the engine that this option group can be applied to. EngineName *string `type:"string"` // Indicates the major engine version associated with this option group. MajorEngineVersion *string `type:"string"` - // The Amazon Resource Name (ARN) for the option group. + // Specifies the Amazon Resource Name (ARN) for the option group. OptionGroupArn *string `type:"string"` // Provides a description of the option group. @@ -35297,6 +51709,13 @@ type OptionGroup struct { // Indicates what options are available in the option group. Options []*Option `locationNameList:"Option" type:"list"` + // Specifies the Amazon Web Services account ID for the option group from which + // this option group is copied. + SourceAccountId *string `type:"string"` + + // Specifies the name of the option group from which this option group is copied. + SourceOptionGroup *string `type:"string"` + // If AllowsVpcAndNonVpcInstanceMemberships is false, this field is blank. If // AllowsVpcAndNonVpcInstanceMemberships is true and this field is blank, then // this option group can be applied to both VPC and non-VPC instances. If this @@ -35305,12 +51724,20 @@ type OptionGroup struct { VpcId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroup) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroup) GoString() string { return s.String() } @@ -35321,6 +51748,12 @@ func (s *OptionGroup) SetAllowsVpcAndNonVpcInstanceMemberships(v bool) *OptionGr return s } +// SetCopyTimestamp sets the CopyTimestamp field's value. +func (s *OptionGroup) SetCopyTimestamp(v time.Time) *OptionGroup { + s.CopyTimestamp = &v + return s +} + // SetEngineName sets the EngineName field's value. func (s *OptionGroup) SetEngineName(v string) *OptionGroup { s.EngineName = &v @@ -35357,6 +51790,18 @@ func (s *OptionGroup) SetOptions(v []*Option) *OptionGroup { return s } +// SetSourceAccountId sets the SourceAccountId field's value. +func (s *OptionGroup) SetSourceAccountId(v string) *OptionGroup { + s.SourceAccountId = &v + return s +} + +// SetSourceOptionGroup sets the SourceOptionGroup field's value. +func (s *OptionGroup) SetSourceOptionGroup(v string) *OptionGroup { + s.SourceOptionGroup = &v + return s +} + // SetVpcId sets the VpcId field's value. func (s *OptionGroup) SetVpcId(v string) *OptionGroup { s.VpcId = &v @@ -35376,12 +51821,20 @@ type OptionGroupMembership struct { Status *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroupMembership) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroupMembership) GoString() string { return s.String() } @@ -35402,6 +51855,9 @@ func (s *OptionGroupMembership) SetStatus(v string) *OptionGroupMembership { type OptionGroupOption struct { _ struct{} `type:"structure"` + // Indicates whether the option can be copied across Amazon Web Services accounts. + CopyableCrossAccount *bool `type:"boolean"` + // If the option requires a port, specifies the default port for the option. DefaultPort *int64 `type:"integer"` @@ -35443,7 +51899,7 @@ type OptionGroupOption struct { // group. Persistent *bool `type:"boolean"` - // Specifies whether the option requires a port. + // Indicates whether the option requires a port. PortRequired *bool `type:"boolean"` // If true, you must enable the Auto Minor Version Upgrade setting for your @@ -35460,16 +51916,30 @@ type OptionGroupOption struct { VpcOnly *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroupOption) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroupOption) GoString() string { return s.String() } +// SetCopyableCrossAccount sets the CopyableCrossAccount field's value. +func (s *OptionGroupOption) SetCopyableCrossAccount(v bool) *OptionGroupOption { + s.CopyableCrossAccount = &v + return s +} + // SetDefaultPort sets the DefaultPort field's value. func (s *OptionGroupOption) SetDefaultPort(v int64) *OptionGroupOption { s.DefaultPort = &v @@ -35581,12 +52051,12 @@ type OptionGroupOptionSetting struct { // The default value for the option group option. DefaultValue *string `type:"string"` - // Boolean value where true indicates that this option group option can be changed - // from the default value. + // Indicates whether this option group option can be changed from the default + // value. IsModifiable *bool `type:"boolean"` - // Boolean value where true indicates that a value must be specified for this - // option setting of the option group option. + // Indicates whether a value must be specified for this option setting of the + // option group option. IsRequired *bool `type:"boolean"` // The minimum DB engine version required for the corresponding allowed value @@ -35600,12 +52070,20 @@ type OptionGroupOptionSetting struct { SettingName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroupOptionSetting) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionGroupOptionSetting) GoString() string { return s.String() } @@ -35680,11 +52158,10 @@ type OptionSetting struct { // The description of the option setting. Description *string `type:"string"` - // Indicates if the option setting is part of a collection. + // Indicates whether the option setting is part of a collection. IsCollection *bool `type:"boolean"` - // A Boolean value that, when true, indicates the option setting can be modified - // from the default. + // Indicates whether the option setting can be modified from the default. IsModifiable *bool `type:"boolean"` // The name of the option that has settings that you can set. @@ -35694,12 +52171,20 @@ type OptionSetting struct { Value *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionSetting) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionSetting) GoString() string { return s.String() } @@ -35763,19 +52248,27 @@ func (s *OptionSetting) SetValue(v string) *OptionSetting { type OptionVersion struct { _ struct{} `type:"structure"` - // True if the version is the default version of the option, and otherwise false. + // Indicates whether the version is the default version of the option. IsDefault *bool `type:"boolean"` // The version of the option. Version *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionVersion) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OptionVersion) GoString() string { return s.String() } @@ -35830,6 +52323,12 @@ type OrderableDBInstanceOption struct { // Maximum storage size for a DB instance. MaxStorageSize *int64 `type:"integer"` + // Maximum storage throughput for a DB instance. + MaxStorageThroughputPerDbInstance *int64 `type:"integer"` + + // Maximum storage throughput to provisioned IOPS ratio for a DB instance. + MaxStorageThroughputPerIops *float64 `type:"double"` + // Minimum total provisioned IOPS for a DB instance. MinIopsPerDbInstance *int64 `type:"integer"` @@ -35839,31 +52338,62 @@ type OrderableDBInstanceOption struct { // Minimum storage size for a DB instance. MinStorageSize *int64 `type:"integer"` + // Minimum storage throughput for a DB instance. + MinStorageThroughputPerDbInstance *int64 `type:"integer"` + + // Minimum storage throughput to provisioned IOPS ratio for a DB instance. + MinStorageThroughputPerIops *float64 `type:"double"` + // Indicates whether a DB instance is Multi-AZ capable. MultiAZCapable *bool `type:"boolean"` - // Whether a DB instance supports RDS on Outposts. + // Indicates whether a DB instance supports RDS on Outposts. // - // For more information about RDS on Outposts, see Amazon RDS on AWS Outposts - // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // For more information about RDS on Outposts, see Amazon RDS on Amazon Web + // Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) // in the Amazon RDS User Guide. OutpostCapable *bool `type:"boolean"` // Indicates whether a DB instance can have a read replica. ReadReplicaCapable *bool `type:"boolean"` - // Indicates the storage type for a DB instance. + // The storage type for a DB instance. StorageType *string `type:"string"` + // The list of supported modes for Database Activity Streams. Aurora PostgreSQL + // returns the value [sync, async]. Aurora MySQL and RDS for Oracle return [async] + // only. If Database Activity Streams isn't supported, the return value is an + // empty list. + SupportedActivityStreamModes []*string `type:"list"` + // A list of the supported DB engine modes. SupportedEngineModes []*string `type:"list"` + // The network types supported by the DB instance (IPV4 or DUAL). + // + // A DB instance can support only the IPv4 protocol or the IPv4 and the IPv6 + // protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + SupportedNetworkTypes []*string `type:"list"` + + // Indicates whether DB instances can be configured as a Multi-AZ DB cluster. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. + SupportsClusters *bool `type:"boolean"` + + // Indicates whether a DB instance supports using a dedicated log volume (DLV). + SupportsDedicatedLogVolume *bool `type:"boolean"` + // Indicates whether a DB instance supports Enhanced Monitoring at intervals // from 1 to 60 seconds. SupportsEnhancedMonitoring *bool `type:"boolean"` - // A value that indicates whether you can use Aurora global databases with a - // specific combination of other DB engine attributes. + // Indicates whether you can use Aurora global databases with a specific combination + // of other DB engine attributes. SupportsGlobalDatabases *bool `type:"boolean"` // Indicates whether a DB instance supports IAM database authentication. @@ -35872,29 +52402,40 @@ type OrderableDBInstanceOption struct { // Indicates whether a DB instance supports provisioned IOPS. SupportsIops *bool `type:"boolean"` - // Whether a DB instance supports Kerberos Authentication. + // Indicates whether a DB instance supports Kerberos Authentication. SupportsKerberosAuthentication *bool `type:"boolean"` - // True if a DB instance supports Performance Insights, otherwise false. + // Indicates whether a DB instance supports Performance Insights. SupportsPerformanceInsights *bool `type:"boolean"` - // Whether Amazon RDS can automatically scale storage for DB instances that - // use the specified DB instance class. + // Indicates whether Amazon RDS can automatically scale storage for DB instances + // that use the specified DB instance class. SupportsStorageAutoscaling *bool `type:"boolean"` // Indicates whether a DB instance supports encrypted storage. SupportsStorageEncryption *bool `type:"boolean"` + // Indicates whether a DB instance supports storage throughput. + SupportsStorageThroughput *bool `type:"boolean"` + // Indicates whether a DB instance is in a VPC. Vpc *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OrderableDBInstanceOption) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OrderableDBInstanceOption) GoString() string { return s.String() } @@ -35959,6 +52500,18 @@ func (s *OrderableDBInstanceOption) SetMaxStorageSize(v int64) *OrderableDBInsta return s } +// SetMaxStorageThroughputPerDbInstance sets the MaxStorageThroughputPerDbInstance field's value. +func (s *OrderableDBInstanceOption) SetMaxStorageThroughputPerDbInstance(v int64) *OrderableDBInstanceOption { + s.MaxStorageThroughputPerDbInstance = &v + return s +} + +// SetMaxStorageThroughputPerIops sets the MaxStorageThroughputPerIops field's value. +func (s *OrderableDBInstanceOption) SetMaxStorageThroughputPerIops(v float64) *OrderableDBInstanceOption { + s.MaxStorageThroughputPerIops = &v + return s +} + // SetMinIopsPerDbInstance sets the MinIopsPerDbInstance field's value. func (s *OrderableDBInstanceOption) SetMinIopsPerDbInstance(v int64) *OrderableDBInstanceOption { s.MinIopsPerDbInstance = &v @@ -35977,6 +52530,18 @@ func (s *OrderableDBInstanceOption) SetMinStorageSize(v int64) *OrderableDBInsta return s } +// SetMinStorageThroughputPerDbInstance sets the MinStorageThroughputPerDbInstance field's value. +func (s *OrderableDBInstanceOption) SetMinStorageThroughputPerDbInstance(v int64) *OrderableDBInstanceOption { + s.MinStorageThroughputPerDbInstance = &v + return s +} + +// SetMinStorageThroughputPerIops sets the MinStorageThroughputPerIops field's value. +func (s *OrderableDBInstanceOption) SetMinStorageThroughputPerIops(v float64) *OrderableDBInstanceOption { + s.MinStorageThroughputPerIops = &v + return s +} + // SetMultiAZCapable sets the MultiAZCapable field's value. func (s *OrderableDBInstanceOption) SetMultiAZCapable(v bool) *OrderableDBInstanceOption { s.MultiAZCapable = &v @@ -36001,12 +52566,36 @@ func (s *OrderableDBInstanceOption) SetStorageType(v string) *OrderableDBInstanc return s } +// SetSupportedActivityStreamModes sets the SupportedActivityStreamModes field's value. +func (s *OrderableDBInstanceOption) SetSupportedActivityStreamModes(v []*string) *OrderableDBInstanceOption { + s.SupportedActivityStreamModes = v + return s +} + // SetSupportedEngineModes sets the SupportedEngineModes field's value. func (s *OrderableDBInstanceOption) SetSupportedEngineModes(v []*string) *OrderableDBInstanceOption { s.SupportedEngineModes = v return s } +// SetSupportedNetworkTypes sets the SupportedNetworkTypes field's value. +func (s *OrderableDBInstanceOption) SetSupportedNetworkTypes(v []*string) *OrderableDBInstanceOption { + s.SupportedNetworkTypes = v + return s +} + +// SetSupportsClusters sets the SupportsClusters field's value. +func (s *OrderableDBInstanceOption) SetSupportsClusters(v bool) *OrderableDBInstanceOption { + s.SupportsClusters = &v + return s +} + +// SetSupportsDedicatedLogVolume sets the SupportsDedicatedLogVolume field's value. +func (s *OrderableDBInstanceOption) SetSupportsDedicatedLogVolume(v bool) *OrderableDBInstanceOption { + s.SupportsDedicatedLogVolume = &v + return s +} + // SetSupportsEnhancedMonitoring sets the SupportsEnhancedMonitoring field's value. func (s *OrderableDBInstanceOption) SetSupportsEnhancedMonitoring(v bool) *OrderableDBInstanceOption { s.SupportsEnhancedMonitoring = &v @@ -36055,6 +52644,12 @@ func (s *OrderableDBInstanceOption) SetSupportsStorageEncryption(v bool) *Ordera return s } +// SetSupportsStorageThroughput sets the SupportsStorageThroughput field's value. +func (s *OrderableDBInstanceOption) SetSupportsStorageThroughput(v bool) *OrderableDBInstanceOption { + s.SupportsStorageThroughput = &v + return s +} + // SetVpc sets the Vpc field's value. func (s *OrderableDBInstanceOption) SetVpc(v bool) *OrderableDBInstanceOption { s.Vpc = &v @@ -36063,8 +52658,8 @@ func (s *OrderableDBInstanceOption) SetVpc(v bool) *OrderableDBInstanceOption { // A data type that represents an Outpost. // -// For more information about RDS on Outposts, see Amazon RDS on AWS Outposts -// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) +// For more information about RDS on Outposts, see Amazon RDS on Amazon Web +// Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) // in the Amazon RDS User Guide. type Outpost struct { _ struct{} `type:"structure"` @@ -36073,12 +52668,20 @@ type Outpost struct { Arn *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Outpost) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Outpost) GoString() string { return s.String() } @@ -36120,25 +52723,33 @@ type Parameter struct { // The earliest engine version to which the parameter can apply. MinimumEngineVersion *string `type:"string"` - // Specifies the name of the parameter. + // The name of the parameter. ParameterName *string `type:"string"` - // Specifies the value of the parameter. + // The value of the parameter. ParameterValue *string `type:"string"` - // Indicates the source of the parameter value. + // The source of the parameter value. Source *string `type:"string"` // The valid DB engine modes. SupportedEngineModes []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Parameter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Parameter) GoString() string { return s.String() } @@ -36223,12 +52834,20 @@ type PendingCloudwatchLogsExports struct { LogTypesToEnable []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PendingCloudwatchLogsExports) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PendingCloudwatchLogsExports) GoString() string { return s.String() } @@ -36250,7 +52869,11 @@ type PendingMaintenanceAction struct { _ struct{} `type:"structure"` // The type of pending maintenance action that is available for the resource. - // Valid actions are system-update, db-upgrade, hardware-maintenance, and ca-certificate-rotation. + // + // For more information about maintenance actions, see Maintaining a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html). + // + // Valid Values:system-update | db-upgrade | hardware-maintenance | ca-certificate-rotation Action *string `type:"string"` // The date of the maintenance window when the action is applied. The maintenance @@ -36280,12 +52903,20 @@ type PendingMaintenanceAction struct { OptInStatus *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PendingMaintenanceAction) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PendingMaintenanceAction) GoString() string { return s.String() } @@ -36326,36 +52957,54 @@ func (s *PendingMaintenanceAction) SetOptInStatus(v string) *PendingMaintenanceA return s } -// This data type is used as a response element in the ModifyDBInstance action. +// This data type is used as a response element in the ModifyDBInstance operation +// and contains changes that will be applied during the next maintenance window. type PendingModifiedValues struct { _ struct{} `type:"structure"` - // Contains the new AllocatedStorage size for the DB instance that will be applied - // or is currently being applied. + // The allocated storage size for the DB instance specified in gibibytes (GiB). AllocatedStorage *int64 `type:"integer"` - // Specifies the pending number of days for which automated backups are retained. + // The automation mode of the RDS Custom DB instance: full or all-paused. If + // full, the DB instance automates monitoring and instance recovery. If all-paused, + // the instance pauses automation for the duration set by --resume-full-automation-mode-minutes. + AutomationMode *string `type:"string" enum:"AutomationMode"` + + // The number of days for which automated backups are retained. BackupRetentionPeriod *int64 `type:"integer"` - // Specifies the identifier of the CA certificate for the DB instance. + // The identifier of the CA certificate for the DB instance. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. CACertificateIdentifier *string `type:"string"` - // Contains the new DBInstanceClass for the DB instance that will be applied - // or is currently being applied. + // The name of the compute and memory capacity class for the DB instance. DBInstanceClass *string `type:"string"` - // Contains the new DBInstanceIdentifier for the DB instance that will be applied - // or is currently being applied. + // The database identifier for the DB instance. DBInstanceIdentifier *string `type:"string"` - // The new DB subnet group for the DB instance. + // The DB subnet group for the DB instance. DBSubnetGroupName *string `type:"string"` - // Indicates the database engine version. + // Indicates whether the DB instance has a dedicated log volume (DLV) enabled.> + DedicatedLogVolume *bool `type:"boolean"` + + // The database engine of the DB instance. + Engine *string `type:"string"` + + // The database engine version. EngineVersion *string `type:"string"` - // Specifies the new Provisioned IOPS value for the DB instance that will be - // applied or is currently being applied. + // Indicates whether mapping of Amazon Web Services Identity and Access Management + // (IAM) accounts to database accounts is enabled. + IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` + + // The Provisioned IOPS value for the DB instance. Iops *int64 `type:"integer"` // The license model for the DB instance. @@ -36363,34 +53012,53 @@ type PendingModifiedValues struct { // Valid values: license-included | bring-your-own-license | general-public-license LicenseModel *string `type:"string"` - // Contains the pending or currently-in-progress change of the master credentials - // for the DB instance. + // The master credentials for the DB instance. MasterUserPassword *string `type:"string"` - // Indicates that the Single-AZ DB instance is to change to a Multi-AZ deployment. + // Indicates whether the Single-AZ DB instance will change to a Multi-AZ deployment. MultiAZ *bool `type:"boolean"` + // Indicates whether the DB instance will change to the multi-tenant configuration + // (TRUE) or the single-tenant configuration (FALSE). + MultiTenant *bool `type:"boolean"` + // A list of the log types whose configuration is still pending. In other words, // these log types are in the process of being activated or deactivated. PendingCloudwatchLogsExports *PendingCloudwatchLogsExports `type:"structure"` - // Specifies the pending port for the DB instance. + // The port for the DB instance. Port *int64 `type:"integer"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // Specifies the storage type to be associated with the DB instance. + // The number of minutes to pause the automation. When the time period ends, + // RDS Custom resumes full automation. The minimum value is 60 (default). The + // maximum value is 1,440. + ResumeFullAutomationModeTime *time.Time `type:"timestamp"` + + // The storage throughput of the DB instance. + StorageThroughput *int64 `type:"integer"` + + // The storage type of the DB instance. StorageType *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PendingModifiedValues) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PendingModifiedValues) GoString() string { return s.String() } @@ -36401,6 +53069,12 @@ func (s *PendingModifiedValues) SetAllocatedStorage(v int64) *PendingModifiedVal return s } +// SetAutomationMode sets the AutomationMode field's value. +func (s *PendingModifiedValues) SetAutomationMode(v string) *PendingModifiedValues { + s.AutomationMode = &v + return s +} + // SetBackupRetentionPeriod sets the BackupRetentionPeriod field's value. func (s *PendingModifiedValues) SetBackupRetentionPeriod(v int64) *PendingModifiedValues { s.BackupRetentionPeriod = &v @@ -36431,12 +53105,30 @@ func (s *PendingModifiedValues) SetDBSubnetGroupName(v string) *PendingModifiedV return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *PendingModifiedValues) SetDedicatedLogVolume(v bool) *PendingModifiedValues { + s.DedicatedLogVolume = &v + return s +} + +// SetEngine sets the Engine field's value. +func (s *PendingModifiedValues) SetEngine(v string) *PendingModifiedValues { + s.Engine = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *PendingModifiedValues) SetEngineVersion(v string) *PendingModifiedValues { s.EngineVersion = &v return s } +// SetIAMDatabaseAuthenticationEnabled sets the IAMDatabaseAuthenticationEnabled field's value. +func (s *PendingModifiedValues) SetIAMDatabaseAuthenticationEnabled(v bool) *PendingModifiedValues { + s.IAMDatabaseAuthenticationEnabled = &v + return s +} + // SetIops sets the Iops field's value. func (s *PendingModifiedValues) SetIops(v int64) *PendingModifiedValues { s.Iops = &v @@ -36461,6 +53153,12 @@ func (s *PendingModifiedValues) SetMultiAZ(v bool) *PendingModifiedValues { return s } +// SetMultiTenant sets the MultiTenant field's value. +func (s *PendingModifiedValues) SetMultiTenant(v bool) *PendingModifiedValues { + s.MultiTenant = &v + return s +} + // SetPendingCloudwatchLogsExports sets the PendingCloudwatchLogsExports field's value. func (s *PendingModifiedValues) SetPendingCloudwatchLogsExports(v *PendingCloudwatchLogsExports) *PendingModifiedValues { s.PendingCloudwatchLogsExports = v @@ -36479,12 +53177,223 @@ func (s *PendingModifiedValues) SetProcessorFeatures(v []*ProcessorFeature) *Pen return s } +// SetResumeFullAutomationModeTime sets the ResumeFullAutomationModeTime field's value. +func (s *PendingModifiedValues) SetResumeFullAutomationModeTime(v time.Time) *PendingModifiedValues { + s.ResumeFullAutomationModeTime = &v + return s +} + +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *PendingModifiedValues) SetStorageThroughput(v int64) *PendingModifiedValues { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *PendingModifiedValues) SetStorageType(v string) *PendingModifiedValues { s.StorageType = &v return s } +// A logical grouping of Performance Insights metrics for a related subject +// area. For example, the db.sql dimension group consists of the following dimensions: +// +// - db.sql.id - The hash of a running SQL statement, generated by Performance +// Insights. +// +// - db.sql.db_id - Either the SQL ID generated by the database engine, or +// a value generated by Performance Insights that begins with pi-. +// +// - db.sql.statement - The full text of the SQL statement that is running, +// for example, SELECT * FROM employees. +// +// - db.sql_tokenized.id - The hash of the SQL digest generated by Performance +// Insights. +// +// Each response element returns a maximum of 500 bytes. For larger elements, +// such as SQL statements, only the first 500 bytes are returned. +type PerformanceInsightsMetricDimensionGroup struct { + _ struct{} `type:"structure"` + + // A list of specific dimensions from a dimension group. If this list isn't + // included, then all of the dimensions in the group were requested, or are + // present in the response. + Dimensions []*string `type:"list"` + + // The available dimension groups for Performance Insights metric type. + Group *string `type:"string"` + + // The maximum number of items to fetch for this dimension group. + Limit *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PerformanceInsightsMetricDimensionGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PerformanceInsightsMetricDimensionGroup) GoString() string { + return s.String() +} + +// SetDimensions sets the Dimensions field's value. +func (s *PerformanceInsightsMetricDimensionGroup) SetDimensions(v []*string) *PerformanceInsightsMetricDimensionGroup { + s.Dimensions = v + return s +} + +// SetGroup sets the Group field's value. +func (s *PerformanceInsightsMetricDimensionGroup) SetGroup(v string) *PerformanceInsightsMetricDimensionGroup { + s.Group = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *PerformanceInsightsMetricDimensionGroup) SetLimit(v int64) *PerformanceInsightsMetricDimensionGroup { + s.Limit = &v + return s +} + +// A single Performance Insights metric query to process. You must provide the +// metric to the query. If other parameters aren't specified, Performance Insights +// returns all data points for the specified metric. Optionally, you can request +// the data points to be aggregated by dimension group (GroupBy) and return +// only those data points that match your criteria (Filter). +// +// Constraints: +// +// - Must be a valid Performance Insights query. +type PerformanceInsightsMetricQuery struct { + _ struct{} `type:"structure"` + + // A specification for how to aggregate the data points from a query result. + // You must specify a valid dimension group. Performance Insights will return + // all of the dimensions within that group, unless you provide the names of + // specific dimensions within that group. You can also request that Performance + // Insights return a limited number of values for a dimension. + GroupBy *PerformanceInsightsMetricDimensionGroup `type:"structure"` + + // The name of a Performance Insights metric to be measured. + // + // Valid Values: + // + // * db.load.avg - A scaled representation of the number of active sessions + // for the database engine. + // + // * db.sampledload.avg - The raw number of active sessions for the database + // engine. + // + // * The counter metrics listed in Performance Insights operating system + // counters (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights_Counters.html#USER_PerfInsights_Counters.OS) + // in the Amazon Aurora User Guide. + // + // If the number of active sessions is less than an internal Performance Insights + // threshold, db.load.avg and db.sampledload.avg are the same value. If the + // number of active sessions is greater than the internal threshold, Performance + // Insights samples the active sessions, with db.load.avg showing the scaled + // values, db.sampledload.avg showing the raw values, and db.sampledload.avg + // less than db.load.avg. For most use cases, you can query db.load.avg only. + Metric *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PerformanceInsightsMetricQuery) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PerformanceInsightsMetricQuery) GoString() string { + return s.String() +} + +// SetGroupBy sets the GroupBy field's value. +func (s *PerformanceInsightsMetricQuery) SetGroupBy(v *PerformanceInsightsMetricDimensionGroup) *PerformanceInsightsMetricQuery { + s.GroupBy = v + return s +} + +// SetMetric sets the Metric field's value. +func (s *PerformanceInsightsMetricQuery) SetMetric(v string) *PerformanceInsightsMetricQuery { + s.Metric = &v + return s +} + +// Details of the performance issue. +type PerformanceIssueDetails struct { + _ struct{} `type:"structure"` + + // The analysis of the performance issue. The information might contain markdown. + Analysis *string `type:"string"` + + // The time when the performance issue stopped. + EndTime *time.Time `type:"timestamp"` + + // The metrics that are relevant to the performance issue. + Metrics []*Metric `type:"list"` + + // The time when the performance issue started. + StartTime *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PerformanceIssueDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PerformanceIssueDetails) GoString() string { + return s.String() +} + +// SetAnalysis sets the Analysis field's value. +func (s *PerformanceIssueDetails) SetAnalysis(v string) *PerformanceIssueDetails { + s.Analysis = &v + return s +} + +// SetEndTime sets the EndTime field's value. +func (s *PerformanceIssueDetails) SetEndTime(v time.Time) *PerformanceIssueDetails { + s.EndTime = &v + return s +} + +// SetMetrics sets the Metrics field's value. +func (s *PerformanceIssueDetails) SetMetrics(v []*Metric) *PerformanceIssueDetails { + s.Metrics = v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *PerformanceIssueDetails) SetStartTime(v time.Time) *PerformanceIssueDetails { + s.StartTime = &v + return s +} + // Contains the processor features of a DB instance class. // // To specify the number of CPU cores, use the coreCount feature name for the @@ -36494,15 +53403,15 @@ func (s *PendingModifiedValues) SetStorageType(v string) *PendingModifiedValues // You can set the processor features of the DB instance class for a DB instance // when you call one of the following actions: // -// * CreateDBInstance +// - CreateDBInstance // -// * ModifyDBInstance +// - ModifyDBInstance // -// * RestoreDBInstanceFromDBSnapshot +// - RestoreDBInstanceFromDBSnapshot // -// * RestoreDBInstanceFromS3 +// - RestoreDBInstanceFromS3 // -// * RestoreDBInstanceToPointInTime +// - RestoreDBInstanceToPointInTime // // You can view the valid processor values for a particular instance class by // calling the DescribeOrderableDBInstanceOptions action and specifying the @@ -36511,24 +53420,24 @@ func (s *PendingModifiedValues) SetStorageType(v string) *PendingModifiedValues // In addition, you can use the following actions for DB instance class processor // information: // -// * DescribeDBInstances +// - DescribeDBInstances // -// * DescribeDBSnapshots +// - DescribeDBSnapshots // -// * DescribeValidDBInstanceModifications +// - DescribeValidDBInstanceModifications // // If you call DescribeDBInstances, ProcessorFeature returns non-null values // only if the following conditions are met: // -// * You are accessing an Oracle DB instance. +// - You are accessing an Oracle DB instance. // -// * Your Oracle DB instance class supports configuring the number of CPU -// cores and threads per core. +// - Your Oracle DB instance class supports configuring the number of CPU +// cores and threads per core. // -// * The current number CPU cores and threads is set to a non-default value. +// - The current number CPU cores and threads is set to a non-default value. // -// For more information, see Configuring the Processor of the DB Instance Class -// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor) +// For more information, see Configuring the processor for a DB instance class +// in RDS for Oracle (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor) // in the Amazon RDS User Guide. type ProcessorFeature struct { _ struct{} `type:"structure"` @@ -36536,16 +53445,24 @@ type ProcessorFeature struct { // The name of the processor feature. Valid names are coreCount and threadsPerCore. Name *string `type:"string"` - // The value of a processor feature name. + // The value of a processor feature. Value *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ProcessorFeature) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ProcessorFeature) GoString() string { return s.String() } @@ -36578,12 +53495,20 @@ type PromoteReadReplicaDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaDBClusterInput) GoString() string { return s.String() } @@ -36610,19 +53535,41 @@ func (s *PromoteReadReplicaDBClusterInput) SetDBClusterIdentifier(v string) *Pro type PromoteReadReplicaDBClusterOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaDBClusterOutput) GoString() string { return s.String() } @@ -36664,8 +53611,8 @@ type PromoteReadReplicaInput struct { // backups are enabled, using the BackupRetentionPeriod parameter. // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region. To see the time blocks available, see Adjusting - // the Preferred Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AdjustingTheMaintenanceWindow.html) + // of time for each Amazon Web Services Region. To see the time blocks available, + // see Adjusting the Preferred Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AdjustingTheMaintenanceWindow.html) // in the Amazon RDS User Guide. // // Constraints: @@ -36680,12 +53627,20 @@ type PromoteReadReplicaInput struct { PreferredBackupWindow *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaInput) GoString() string { return s.String() } @@ -36726,16 +53681,27 @@ type PromoteReadReplicaOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PromoteReadReplicaOutput) GoString() string { return s.String() } @@ -36771,12 +53737,20 @@ type PurchaseReservedDBInstancesOfferingInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PurchaseReservedDBInstancesOfferingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PurchaseReservedDBInstancesOfferingInput) GoString() string { return s.String() } @@ -36826,12 +53800,20 @@ type PurchaseReservedDBInstancesOfferingOutput struct { ReservedDBInstance *ReservedDBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PurchaseReservedDBInstancesOfferingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PurchaseReservedDBInstancesOfferingOutput) GoString() string { return s.String() } @@ -36859,12 +53841,20 @@ type Range struct { To *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Range) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Range) GoString() string { return s.String() } @@ -36887,6 +53877,154 @@ func (s *Range) SetTo(v int64) *Range { return s } +// Reserved for future use. +type RdsCustomClusterConfiguration struct { + _ struct{} `type:"structure"` + + // Reserved for future use. + InterconnectSubnetId *string `type:"string"` + + // Reserved for future use. + ReplicaMode *string `type:"string" enum:"ReplicaMode"` + + // Reserved for future use. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RdsCustomClusterConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RdsCustomClusterConfiguration) GoString() string { + return s.String() +} + +// SetInterconnectSubnetId sets the InterconnectSubnetId field's value. +func (s *RdsCustomClusterConfiguration) SetInterconnectSubnetId(v string) *RdsCustomClusterConfiguration { + s.InterconnectSubnetId = &v + return s +} + +// SetReplicaMode sets the ReplicaMode field's value. +func (s *RdsCustomClusterConfiguration) SetReplicaMode(v string) *RdsCustomClusterConfiguration { + s.ReplicaMode = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *RdsCustomClusterConfiguration) SetTransitGatewayMulticastDomainId(v string) *RdsCustomClusterConfiguration { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type RebootDBClusterInput struct { + _ struct{} `type:"structure"` + + // The DB cluster identifier. This parameter is stored as a lowercase string. + // + // Constraints: + // + // * Must match the identifier of an existing DBCluster. + // + // DBClusterIdentifier is a required field + DBClusterIdentifier *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBClusterInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBClusterInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RebootDBClusterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RebootDBClusterInput"} + if s.DBClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBClusterIdentifier")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *RebootDBClusterInput) SetDBClusterIdentifier(v string) *RebootDBClusterInput { + s.DBClusterIdentifier = &v + return s +} + +type RebootDBClusterOutput struct { + _ struct{} `type:"structure"` + + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. + DBCluster *DBCluster `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBClusterOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBClusterOutput) GoString() string { + return s.String() +} + +// SetDBCluster sets the DBCluster field's value. +func (s *RebootDBClusterOutput) SetDBCluster(v *DBCluster) *RebootDBClusterOutput { + s.DBCluster = v + return s +} + type RebootDBInstanceInput struct { _ struct{} `type:"structure"` @@ -36899,20 +54037,27 @@ type RebootDBInstanceInput struct { // DBInstanceIdentifier is a required field DBInstanceIdentifier *string `type:"string" required:"true"` - // A value that indicates whether the reboot is conducted through a Multi-AZ - // failover. + // Specifies whether the reboot is conducted through a Multi-AZ failover. // // Constraint: You can't enable force failover if the instance isn't configured // for Multi-AZ. ForceFailover *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RebootDBInstanceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RebootDBInstanceInput) GoString() string { return s.String() } @@ -36947,16 +54092,27 @@ type RebootDBInstanceOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RebootDBInstanceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RebootDBInstanceOutput) GoString() string { return s.String() } @@ -36967,6 +54123,405 @@ func (s *RebootDBInstanceOutput) SetDBInstance(v *DBInstance) *RebootDBInstanceO return s } +type RebootDBShardGroupInput struct { + _ struct{} `type:"structure"` + + // The name of the DB shard group to reboot. + // + // DBShardGroupIdentifier is a required field + DBShardGroupIdentifier *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBShardGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBShardGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RebootDBShardGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RebootDBShardGroupInput"} + if s.DBShardGroupIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBShardGroupIdentifier")) + } + if s.DBShardGroupIdentifier != nil && len(*s.DBShardGroupIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DBShardGroupIdentifier", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *RebootDBShardGroupInput) SetDBShardGroupIdentifier(v string) *RebootDBShardGroupInput { + s.DBShardGroupIdentifier = &v + return s +} + +type RebootDBShardGroupOutput struct { + _ struct{} `type:"structure"` + + // Specifies whether to create standby instances for the DB shard group. Valid + // values are the following: + // + // * 0 - Creates a single, primary DB instance for each physical shard. This + // is the default value, and the only one supported for the preview. + // + // * 1 - Creates a primary DB instance and a standby instance in a different + // Availability Zone (AZ) for each physical shard. + // + // * 2 - Creates a primary DB instance and two standby instances in different + // AZs for each physical shard. + ComputeRedundancy *int64 `type:"integer"` + + // The name of the primary DB cluster for the DB shard group. + DBClusterIdentifier *string `type:"string"` + + // The name of the DB shard group. + DBShardGroupIdentifier *string `min:"1" type:"string"` + + // The Amazon Web Services Region-unique, immutable identifier for the DB shard + // group. + DBShardGroupResourceId *string `type:"string"` + + // The connection endpoint for the DB shard group. + Endpoint *string `type:"string"` + + // The maximum capacity of the DB shard group in Aurora capacity units (ACUs). + MaxACU *float64 `type:"double"` + + // Indicates whether the DB shard group is publicly accessible. + // + // When the DB shard group is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB shard group's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB shard group's VPC. Access to the DB shard group is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB shard group doesn't permit it. + // + // When the DB shard group isn't publicly accessible, it is an internal DB shard + // group with a DNS name that resolves to a private IP address. + // + // For more information, see CreateDBShardGroup. + // + // This setting is only for Aurora Limitless Database. + PubliclyAccessible *bool `type:"boolean"` + + // The status of the DB shard group. + Status *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBShardGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RebootDBShardGroupOutput) GoString() string { + return s.String() +} + +// SetComputeRedundancy sets the ComputeRedundancy field's value. +func (s *RebootDBShardGroupOutput) SetComputeRedundancy(v int64) *RebootDBShardGroupOutput { + s.ComputeRedundancy = &v + return s +} + +// SetDBClusterIdentifier sets the DBClusterIdentifier field's value. +func (s *RebootDBShardGroupOutput) SetDBClusterIdentifier(v string) *RebootDBShardGroupOutput { + s.DBClusterIdentifier = &v + return s +} + +// SetDBShardGroupIdentifier sets the DBShardGroupIdentifier field's value. +func (s *RebootDBShardGroupOutput) SetDBShardGroupIdentifier(v string) *RebootDBShardGroupOutput { + s.DBShardGroupIdentifier = &v + return s +} + +// SetDBShardGroupResourceId sets the DBShardGroupResourceId field's value. +func (s *RebootDBShardGroupOutput) SetDBShardGroupResourceId(v string) *RebootDBShardGroupOutput { + s.DBShardGroupResourceId = &v + return s +} + +// SetEndpoint sets the Endpoint field's value. +func (s *RebootDBShardGroupOutput) SetEndpoint(v string) *RebootDBShardGroupOutput { + s.Endpoint = &v + return s +} + +// SetMaxACU sets the MaxACU field's value. +func (s *RebootDBShardGroupOutput) SetMaxACU(v float64) *RebootDBShardGroupOutput { + s.MaxACU = &v + return s +} + +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *RebootDBShardGroupOutput) SetPubliclyAccessible(v bool) *RebootDBShardGroupOutput { + s.PubliclyAccessible = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *RebootDBShardGroupOutput) SetStatus(v string) *RebootDBShardGroupOutput { + s.Status = &v + return s +} + +// The recommended actions to apply to resolve the issues associated with your +// DB instances, DB clusters, and DB parameter groups. +type RecommendedAction struct { + _ struct{} `type:"structure"` + + // The unique identifier of the recommended action. + ActionId *string `type:"string"` + + // The methods to apply the recommended action. + // + // Valid values: + // + // * manual - The action requires you to resolve the recommendation manually. + // + // * immediately - The action is applied immediately. + // + // * next-maintainance-window - The action is applied during the next scheduled + // maintainance. + ApplyModes []*string `type:"list"` + + // The supporting attributes to explain the recommended action. + ContextAttributes []*ContextAttribute `type:"list"` + + // A detailed description of the action. The description might contain markdown. + Description *string `type:"string"` + + // The details of the issue. + IssueDetails *IssueDetails `type:"structure"` + + // An API operation for the action. + Operation *string `type:"string"` + + // The parameters for the API operation. + Parameters []*RecommendedActionParameter `type:"list"` + + // The status of the action. + // + // * ready + // + // * applied + // + // * scheduled + // + // * resolved + Status *string `type:"string"` + + // A short description to summarize the action. The description might contain + // markdown. + Title *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecommendedAction) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecommendedAction) GoString() string { + return s.String() +} + +// SetActionId sets the ActionId field's value. +func (s *RecommendedAction) SetActionId(v string) *RecommendedAction { + s.ActionId = &v + return s +} + +// SetApplyModes sets the ApplyModes field's value. +func (s *RecommendedAction) SetApplyModes(v []*string) *RecommendedAction { + s.ApplyModes = v + return s +} + +// SetContextAttributes sets the ContextAttributes field's value. +func (s *RecommendedAction) SetContextAttributes(v []*ContextAttribute) *RecommendedAction { + s.ContextAttributes = v + return s +} + +// SetDescription sets the Description field's value. +func (s *RecommendedAction) SetDescription(v string) *RecommendedAction { + s.Description = &v + return s +} + +// SetIssueDetails sets the IssueDetails field's value. +func (s *RecommendedAction) SetIssueDetails(v *IssueDetails) *RecommendedAction { + s.IssueDetails = v + return s +} + +// SetOperation sets the Operation field's value. +func (s *RecommendedAction) SetOperation(v string) *RecommendedAction { + s.Operation = &v + return s +} + +// SetParameters sets the Parameters field's value. +func (s *RecommendedAction) SetParameters(v []*RecommendedActionParameter) *RecommendedAction { + s.Parameters = v + return s +} + +// SetStatus sets the Status field's value. +func (s *RecommendedAction) SetStatus(v string) *RecommendedAction { + s.Status = &v + return s +} + +// SetTitle sets the Title field's value. +func (s *RecommendedAction) SetTitle(v string) *RecommendedAction { + s.Title = &v + return s +} + +// A single parameter to use with the RecommendedAction API operation to apply +// the action. +type RecommendedActionParameter struct { + _ struct{} `type:"structure"` + + // The key of the parameter to use with the RecommendedAction API operation. + Key *string `type:"string"` + + // The value of the parameter to use with the RecommendedAction API operation. + Value *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecommendedActionParameter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecommendedActionParameter) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *RecommendedActionParameter) SetKey(v string) *RecommendedActionParameter { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *RecommendedActionParameter) SetValue(v string) *RecommendedActionParameter { + s.Value = &v + return s +} + +// The recommended status to update for the specified recommendation action +// ID. +type RecommendedActionUpdate struct { + _ struct{} `type:"structure"` + + // A unique identifier of the updated recommendation action. + // + // ActionId is a required field + ActionId *string `type:"string" required:"true"` + + // The status of the updated recommendation action. + // + // * applied + // + // * scheduled + // + // Status is a required field + Status *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecommendedActionUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RecommendedActionUpdate) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RecommendedActionUpdate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RecommendedActionUpdate"} + if s.ActionId == nil { + invalidParams.Add(request.NewErrParamRequired("ActionId")) + } + if s.Status == nil { + invalidParams.Add(request.NewErrParamRequired("Status")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetActionId sets the ActionId field's value. +func (s *RecommendedActionUpdate) SetActionId(v string) *RecommendedActionUpdate { + s.ActionId = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *RecommendedActionUpdate) SetStatus(v string) *RecommendedActionUpdate { + s.Status = &v + return s +} + // This data type is used as a response element in the DescribeReservedDBInstances // and DescribeReservedDBInstancesOfferings actions. type RecurringCharge struct { @@ -36979,12 +54534,20 @@ type RecurringCharge struct { RecurringChargeFrequency *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RecurringCharge) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RecurringCharge) GoString() string { return s.String() } @@ -37001,6 +54564,38 @@ func (s *RecurringCharge) SetRecurringChargeFrequency(v string) *RecurringCharge return s } +// The reference details of a metric. +type ReferenceDetails struct { + _ struct{} `type:"structure"` + + // The metric reference details when the reference is a scalar. + ScalarReferenceDetails *ScalarReferenceDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReferenceDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReferenceDetails) GoString() string { + return s.String() +} + +// SetScalarReferenceDetails sets the ScalarReferenceDetails field's value. +func (s *ReferenceDetails) SetScalarReferenceDetails(v *ScalarReferenceDetails) *ReferenceDetails { + s.ScalarReferenceDetails = v + return s +} + type RegisterDBProxyTargetsInput struct { _ struct{} `type:"structure"` @@ -37019,12 +54614,20 @@ type RegisterDBProxyTargetsInput struct { TargetGroupName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RegisterDBProxyTargetsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RegisterDBProxyTargetsInput) GoString() string { return s.String() } @@ -37074,12 +54677,20 @@ type RegisterDBProxyTargetsOutput struct { DBProxyTargets []*DBProxyTarget `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RegisterDBProxyTargetsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RegisterDBProxyTargetsOutput) GoString() string { return s.String() } @@ -37101,12 +54712,20 @@ type RemoveFromGlobalClusterInput struct { GlobalClusterIdentifier *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveFromGlobalClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveFromGlobalClusterInput) GoString() string { return s.String() } @@ -37130,12 +54749,20 @@ type RemoveFromGlobalClusterOutput struct { GlobalCluster *GlobalCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveFromGlobalClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveFromGlobalClusterOutput) GoString() string { return s.String() } @@ -37155,7 +54782,7 @@ type RemoveRoleFromDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` // The name of the feature for the DB cluster that the IAM role is to be disassociated - // from. For the list of supported feature names, see DBEngineVersion. + // from. For information about supported feature names, see DBEngineVersion. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role to disassociate from the Aurora @@ -37165,12 +54792,20 @@ type RemoveRoleFromDBClusterInput struct { RoleArn *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBClusterInput) GoString() string { return s.String() } @@ -37213,12 +54848,20 @@ type RemoveRoleFromDBClusterOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBClusterOutput) GoString() string { return s.String() } @@ -37232,7 +54875,7 @@ type RemoveRoleFromDBInstanceInput struct { DBInstanceIdentifier *string `type:"string" required:"true"` // The name of the feature for the DB instance that the IAM role is to be disassociated - // from. For the list of supported feature names, see DBEngineVersion. + // from. For information about supported feature names, see DBEngineVersion. // // FeatureName is a required field FeatureName *string `type:"string" required:"true"` @@ -37244,12 +54887,20 @@ type RemoveRoleFromDBInstanceInput struct { RoleArn *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBInstanceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBInstanceInput) GoString() string { return s.String() } @@ -37295,12 +54946,20 @@ type RemoveRoleFromDBInstanceOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBInstanceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveRoleFromDBInstanceOutput) GoString() string { return s.String() } @@ -37321,12 +54980,20 @@ type RemoveSourceIdentifierFromSubscriptionInput struct { SubscriptionName *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveSourceIdentifierFromSubscriptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveSourceIdentifierFromSubscriptionInput) GoString() string { return s.String() } @@ -37367,12 +55034,20 @@ type RemoveSourceIdentifierFromSubscriptionOutput struct { EventSubscription *EventSubscription `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveSourceIdentifierFromSubscriptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveSourceIdentifierFromSubscriptionOutput) GoString() string { return s.String() } @@ -37400,12 +55075,20 @@ type RemoveTagsFromResourceInput struct { TagKeys []*string `type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveTagsFromResourceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveTagsFromResourceInput) GoString() string { return s.String() } @@ -37442,12 +55125,20 @@ type RemoveTagsFromResourceOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveTagsFromResourceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RemoveTagsFromResourceOutput) GoString() string { return s.String() } @@ -37474,11 +55165,11 @@ type ReservedDBInstance struct { // The unique identifier for the lease associated with the reserved DB instance. // - // AWS Support might request the lease ID for an issue related to a reserved - // DB instance. + // Amazon Web Services Support might request the lease ID for an issue related + // to a reserved DB instance. LeaseId *string `type:"string"` - // Indicates if the reservation applies to Multi-AZ deployments. + // Indicates whether the reservation applies to Multi-AZ deployments. MultiAZ *bool `type:"boolean"` // The offering type of this reserved DB instance. @@ -37509,12 +55200,20 @@ type ReservedDBInstance struct { UsagePrice *float64 `type:"double"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReservedDBInstance) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReservedDBInstance) GoString() string { return s.String() } @@ -37632,7 +55331,7 @@ type ReservedDBInstancesOffering struct { // The fixed price charged for this offering. FixedPrice *float64 `type:"double"` - // Indicates if the offering applies to Multi-AZ deployments. + // Indicates whether the offering applies to Multi-AZ deployments. MultiAZ *bool `type:"boolean"` // The offering type. @@ -37651,12 +55350,20 @@ type ReservedDBInstancesOffering struct { UsagePrice *float64 `type:"double"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReservedDBInstancesOffering) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReservedDBInstancesOffering) GoString() string { return s.String() } @@ -37734,18 +55441,26 @@ type ResetDBClusterParameterGroupInput struct { // is enabled. Parameters []*Parameter `locationNameList:"Parameter" type:"list"` - // A value that indicates whether to reset all parameters in the DB cluster - // parameter group to their default values. You can't use this parameter if - // there is a list of parameter names specified for the Parameters parameter. + // Specifies whether to reset all parameters in the DB cluster parameter group + // to their default values. You can't use this parameter if there is a list + // of parameter names specified for the Parameters parameter. ResetAllParameters *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ResetDBClusterParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ResetDBClusterParameterGroupInput) GoString() string { return s.String() } @@ -37819,18 +55534,26 @@ type ResetDBParameterGroupInput struct { // Valid Values (for Apply method): pending-reboot Parameters []*Parameter `locationNameList:"Parameter" type:"list"` - // A value that indicates whether to reset all parameters in the DB parameter - // group to default values. By default, all parameters in the DB parameter group - // are reset to default values. + // Specifies whether to reset all parameters in the DB parameter group to default + // values. By default, all parameters in the DB parameter group are reset to + // default values. ResetAllParameters *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ResetDBParameterGroupInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ResetDBParameterGroupInput) GoString() string { return s.String() } @@ -37878,12 +55601,20 @@ type ResourcePendingMaintenanceActions struct { ResourceIdentifier *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ResourcePendingMaintenanceActions) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ResourcePendingMaintenanceActions) GoString() string { return s.String() } @@ -37934,8 +55665,8 @@ type RestoreDBClusterFromS3Input struct { // with the specified CharacterSet. CharacterSetName *string `type:"string"` - // A value that indicates whether to copy all tags from the restored DB cluster - // to snapshots of the restored DB cluster. The default is not to copy them. + // Specifies whether to copy all tags from the restored DB cluster to snapshots + // of the restored DB cluster. The default is not to copy them. CopyTagsToSnapshot *bool `type:"boolean"` // The name of the DB cluster to create from the source data in the Amazon S3 @@ -37955,7 +55686,8 @@ type RestoreDBClusterFromS3Input struct { DBClusterIdentifier *string `type:"string" required:"true"` // The name of the DB cluster parameter group to associate with the restored - // DB cluster. If this argument is omitted, default.aurora5.6 is used. + // DB cluster. If this argument is omitted, the default parameter group for + // the engine version is used. // // Constraints: // @@ -37966,15 +55698,15 @@ type RestoreDBClusterFromS3Input struct { // // Constraints: If supplied, must match the name of an existing DBSubnetGroup. // - // Example: mySubnetgroup + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` // The database name for the restored DB cluster. DatabaseName *string `type:"string"` - // A value that indicates whether the DB cluster has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. + // Specifies whether to enable deletion protection for the DB cluster. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. DeletionProtection *bool `type:"boolean"` // Specify the Active Directory directory ID to restore the DB cluster in. The @@ -37991,13 +55723,20 @@ type RestoreDBClusterFromS3Input struct { DomainIAMRoleName *string `type:"string"` // The list of logs that the restored DB cluster is to export to CloudWatch - // Logs. The values in the list depend on the DB engine being used. For more - // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // Logs. The values in the list depend on the DB engine being used. + // + // Aurora MySQL + // + // Possible values are audit, error, general, and slowquery. + // + // For more information about exporting CloudWatch Logs for Amazon Aurora, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon Aurora User Guide. EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon Aurora User Guide. @@ -38005,57 +55744,108 @@ type RestoreDBClusterFromS3Input struct { // The name of the database engine to be used for this DB cluster. // - // Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for - // MySQL 5.7-compatible Aurora), and aurora-postgresql + // Valid Values: aurora-mysql (for Aurora MySQL) // // Engine is a required field Engine *string `type:"string" required:"true"` - // The version number of the database engine to use. + // The life cycle type for this DB cluster. // - // To list all of the available engine versions for aurora (for MySQL 5.6-compatible - // Aurora), use the following command: + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB cluster to a higher engine version, if the major + // engine version is past its end of standard support date. // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: // - // To list all of the available engine versions for aurora-mysql (for MySQL - // 5.7-compatible Aurora), use the following command: + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide // - // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide // - // To list all of the available engine versions for aurora-postgresql, use the - // following command: + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters // - // aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion" + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled // - // Aurora MySQL + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + + // The version number of the database engine to use. // - // Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.12, 5.7.mysql_aurora.2.04.5 + // To list all of the available engine versions for aurora-mysql (Aurora MySQL), + // use the following command: // - // Aurora PostgreSQL + // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // - // Example: 9.6.3, 10.7 + // Aurora MySQL + // + // Examples: 5.7.mysql_aurora.2.12.0, 8.0.mysql_aurora.3.04.0 EngineVersion *string `type:"string"` - // The AWS KMS key identifier for an encrypted DB cluster. + // The Amazon Web Services KMS key identifier for an encrypted DB cluster. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). To use a CMK in a different AWS - // account, specify the key ARN or alias ARN. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. // // If the StorageEncrypted parameter is enabled, and you do not specify a value - // for the KmsKeyId parameter, then Amazon RDS will use your default CMK. There - // is a default CMK for your AWS account. Your AWS account has a different default - // CMK for each AWS Region. + // for the KmsKeyId parameter, then Amazon RDS will use your default KMS key. + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. KmsKeyId *string `type:"string"` + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide and Password management with Amazon Web Services + // Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + // in the Amazon Aurora User Guide. + // + // Constraints: + // + // * Can't manage the master user password with Amazon Web Services Secrets + // Manager if MasterUserPassword is specified. + ManageMasterUserPassword *bool `type:"boolean"` + // The password for the master database user. This password can contain any // printable ASCII character except "/", """, or "@". // - // Constraints: Must contain from 8 to 41 characters. + // Constraints: // - // MasterUserPassword is a required field - MasterUserPassword *string `type:"string" required:"true"` + // * Must contain from 8 to 41 characters. + // + // * Can't be specified if ManageMasterUserPassword is turned on. + MasterUserPassword *string `type:"string"` + + // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + // generated and managed in Amazon Web Services Secrets Manager. + // + // This setting is valid only if the master user password is managed by RDS + // in Amazon Web Services Secrets Manager for the DB cluster. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. + // + // If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + // KMS key is used to encrypt the secret. If the secret is in a different Amazon + // Web Services account, then you can't use the aws/secretsmanager KMS key to + // encrypt the secret, and you must use a customer managed KMS key. + // + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. + MasterUserSecretKmsKeyId *string `type:"string"` // The name of the master user for the restored DB cluster. // @@ -38070,6 +55860,22 @@ type RestoreDBClusterFromS3Input struct { // MasterUsername is a required field MasterUsername *string `type:"string" required:"true"` + // The network type of the DB cluster. + // + // Valid Values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and + // the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + NetworkType *string `type:"string"` + // A value that indicates that the restored DB cluster should be associated // with the specified option group. // @@ -38087,8 +55893,8 @@ type RestoreDBClusterFromS3Input struct { // backups are enabled using the BackupRetentionPeriod parameter. // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region. To see the time blocks available, see Adjusting - // the Preferred Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // of time for each Amazon Web Services Region. To view the time blocks available, + // see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) // in the Amazon Aurora User Guide. // // Constraints: @@ -38108,9 +55914,9 @@ type RestoreDBClusterFromS3Input struct { // Format: ddd:hh24:mi-ddd:hh24:mi // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each AWS Region, occurring on a random day of the week. To see - // the time blocks available, see Adjusting the Preferred Maintenance Window - // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // of time for each Amazon Web Services Region, occurring on a random day of + // the week. To see the time blocks available, see Adjusting the Preferred Maintenance + // Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) // in the Amazon Aurora User Guide. // // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. @@ -38124,9 +55930,9 @@ type RestoreDBClusterFromS3Input struct { // S3BucketName is a required field S3BucketName *string `type:"string" required:"true"` - // The Amazon Resource Name (ARN) of the AWS Identity and Access Management - // (IAM) role that authorizes Amazon RDS to access the Amazon S3 bucket on your - // behalf. + // The Amazon Resource Name (ARN) of the Amazon Web Services Identity and Access + // Management (IAM) role that authorizes Amazon RDS to access the Amazon S3 + // bucket on your behalf. // // S3IngestionRoleArn is a required field S3IngestionRoleArn *string `type:"string" required:"true"` @@ -38137,26 +55943,41 @@ type RestoreDBClusterFromS3Input struct { // the Amazon S3 bucket. S3Prefix *string `type:"string"` + // Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + // + // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) + // in the Amazon Aurora User Guide. + ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfiguration `type:"structure"` + // The identifier for the database engine that was backed up to create the files // stored in the Amazon S3 bucket. // - // Valid values: mysql + // Valid Values: mysql // // SourceEngine is a required field SourceEngine *string `type:"string" required:"true"` // The version of the database that the backup files were created from. // - // MySQL versions 5.5, 5.6, and 5.7 are supported. + // MySQL versions 5.7 and 8.0 are supported. // - // Example: 5.6.40, 5.7.28 + // Example: 5.7.40, 8.0.28 // // SourceEngineVersion is a required field SourceEngineVersion *string `type:"string" required:"true"` - // A value that indicates whether the restored DB cluster is encrypted. + // Specifies whether the restored DB cluster is encrypted. StorageEncrypted *bool `type:"boolean"` + // Specifies the storage type to be associated with the DB cluster. + // + // Valid Values: aurora, aurora-iopt1 + // + // Default: aurora + // + // Valid for: Aurora DB clusters only + StorageType *string `type:"string"` + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. Tags []*Tag `locationNameList:"Tag" type:"list"` @@ -38165,12 +55986,20 @@ type RestoreDBClusterFromS3Input struct { VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromS3Input) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromS3Input) GoString() string { return s.String() } @@ -38184,9 +56013,6 @@ func (s *RestoreDBClusterFromS3Input) Validate() error { if s.Engine == nil { invalidParams.Add(request.NewErrParamRequired("Engine")) } - if s.MasterUserPassword == nil { - invalidParams.Add(request.NewErrParamRequired("MasterUserPassword")) - } if s.MasterUsername == nil { invalidParams.Add(request.NewErrParamRequired("MasterUsername")) } @@ -38299,6 +56125,12 @@ func (s *RestoreDBClusterFromS3Input) SetEngine(v string) *RestoreDBClusterFromS return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBClusterFromS3Input) SetEngineLifecycleSupport(v string) *RestoreDBClusterFromS3Input { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *RestoreDBClusterFromS3Input) SetEngineVersion(v string) *RestoreDBClusterFromS3Input { s.EngineVersion = &v @@ -38311,18 +56143,36 @@ func (s *RestoreDBClusterFromS3Input) SetKmsKeyId(v string) *RestoreDBClusterFro return s } +// SetManageMasterUserPassword sets the ManageMasterUserPassword field's value. +func (s *RestoreDBClusterFromS3Input) SetManageMasterUserPassword(v bool) *RestoreDBClusterFromS3Input { + s.ManageMasterUserPassword = &v + return s +} + // SetMasterUserPassword sets the MasterUserPassword field's value. func (s *RestoreDBClusterFromS3Input) SetMasterUserPassword(v string) *RestoreDBClusterFromS3Input { s.MasterUserPassword = &v return s } +// SetMasterUserSecretKmsKeyId sets the MasterUserSecretKmsKeyId field's value. +func (s *RestoreDBClusterFromS3Input) SetMasterUserSecretKmsKeyId(v string) *RestoreDBClusterFromS3Input { + s.MasterUserSecretKmsKeyId = &v + return s +} + // SetMasterUsername sets the MasterUsername field's value. func (s *RestoreDBClusterFromS3Input) SetMasterUsername(v string) *RestoreDBClusterFromS3Input { s.MasterUsername = &v return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBClusterFromS3Input) SetNetworkType(v string) *RestoreDBClusterFromS3Input { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBClusterFromS3Input) SetOptionGroupName(v string) *RestoreDBClusterFromS3Input { s.OptionGroupName = &v @@ -38365,6 +56215,12 @@ func (s *RestoreDBClusterFromS3Input) SetS3Prefix(v string) *RestoreDBClusterFro return s } +// SetServerlessV2ScalingConfiguration sets the ServerlessV2ScalingConfiguration field's value. +func (s *RestoreDBClusterFromS3Input) SetServerlessV2ScalingConfiguration(v *ServerlessV2ScalingConfiguration) *RestoreDBClusterFromS3Input { + s.ServerlessV2ScalingConfiguration = v + return s +} + // SetSourceEngine sets the SourceEngine field's value. func (s *RestoreDBClusterFromS3Input) SetSourceEngine(v string) *RestoreDBClusterFromS3Input { s.SourceEngine = &v @@ -38383,6 +56239,12 @@ func (s *RestoreDBClusterFromS3Input) SetStorageEncrypted(v bool) *RestoreDBClus return s } +// SetStorageType sets the StorageType field's value. +func (s *RestoreDBClusterFromS3Input) SetStorageType(v string) *RestoreDBClusterFromS3Input { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *RestoreDBClusterFromS3Input) SetTags(v []*Tag) *RestoreDBClusterFromS3Input { s.Tags = v @@ -38398,19 +56260,41 @@ func (s *RestoreDBClusterFromS3Input) SetVpcSecurityGroupIds(v []*string) *Resto type RestoreDBClusterFromS3Output struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromS3Output) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromS3Output) GoString() string { return s.String() } @@ -38426,6 +56310,8 @@ type RestoreDBClusterFromSnapshotInput struct { // Provides the list of Availability Zones (AZs) where instances in the restored // DB cluster can be created. + // + // Valid for: Aurora DB clusters only AvailabilityZones []*string `locationNameList:"AvailabilityZone" type:"list"` // The target backtrack window, in seconds. To disable backtracking, set this @@ -38439,10 +56325,14 @@ type RestoreDBClusterFromSnapshotInput struct { // // * If specified, this value must be set to a number from 0 to 259,200 (72 // hours). + // + // Valid for: Aurora DB clusters only BacktrackWindow *int64 `type:"long"` - // A value that indicates whether to copy all tags from the restored DB cluster - // to snapshots of the restored DB cluster. The default is not to copy them. + // Specifies whether to copy all tags from the restored DB cluster to snapshots + // of the restored DB cluster. The default is not to copy them. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters CopyTagsToSnapshot *bool `type:"boolean"` // The name of the DB cluster to create from the DB snapshot or DB cluster snapshot. @@ -38458,9 +56348,22 @@ type RestoreDBClusterFromSnapshotInput struct { // // Example: my-snapshot-id // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` + // The compute and memory capacity of the each DB instance in the Multi-AZ DB + // cluster, for example db.m6gd.xlarge. Not all DB instance classes are available + // in all Amazon Web Services Regions, or for all database engines. + // + // For the full list of DB instance classes, and availability for your engine, + // see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. + // + // Valid for: Multi-AZ DB clusters only + DBClusterInstanceClass *string `type:"string"` + // The name of the DB cluster parameter group to associate with this DB cluster. // If this argument is omitted, the default DB cluster parameter group for the // specified engine is used. @@ -38475,47 +56378,86 @@ type RestoreDBClusterFromSnapshotInput struct { // * First character must be a letter. // // * Can't end with a hyphen or contain two consecutive hyphens. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters DBClusterParameterGroupName *string `type:"string"` // The name of the DB subnet group to use for the new DB cluster. // // Constraints: If supplied, must match the name of an existing DB subnet group. // - // Example: mySubnetgroup + // Example: mydbsubnetgroup + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters DBSubnetGroupName *string `type:"string"` // The database name for the restored DB cluster. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters DatabaseName *string `type:"string"` - // A value that indicates whether the DB cluster has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. + // Specifies whether to enable deletion protection for the DB cluster. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters DeletionProtection *bool `type:"boolean"` - // Specify the Active Directory directory ID to restore the DB cluster in. The - // domain must be created prior to this operation. Currently, only MySQL, Microsoft + // The Active Directory directory ID to restore the DB cluster in. The domain + // must be created prior to this operation. Currently, only MySQL, Microsoft // SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active // Directory Domain. // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. + // + // Valid for: Aurora DB clusters only Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to be used when making API calls to the Directory + // Service. + // + // Valid for: Aurora DB clusters only DomainIAMRoleName *string `type:"string"` // The list of logs that the restored DB cluster is to export to Amazon CloudWatch - // Logs. The values in the list depend on the DB engine being used. For more - // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // Logs. The values in the list depend on the DB engine being used. + // + // RDS for MySQL + // + // Possible values are error, general, and slowquery. + // + // RDS for PostgreSQL + // + // Possible values are postgresql and upgrade. + // + // Aurora MySQL + // + // Possible values are audit, error, general, and slowquery. + // + // Aurora PostgreSQL + // + // Possible value is postgresql. + // + // For more information about exporting CloudWatch Logs for Amazon RDS, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // in the Amazon RDS User Guide. + // + // For more information about exporting CloudWatch Logs for Amazon Aurora, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon Aurora User Guide. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon Aurora User Guide. + // + // Valid for: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` // The database engine to use for the new DB cluster. @@ -38524,63 +56466,147 @@ type RestoreDBClusterFromSnapshotInput struct { // // Constraint: Must be compatible with the engine of the source // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // // Engine is a required field Engine *string `type:"string" required:"true"` - // The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, - // global, or multimaster. + // The life cycle type for this DB cluster. // - // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). - EngineMode *string `type:"string"` + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB cluster to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: + // + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide + // + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` - // The version of the database engine to use for the new DB cluster. + // The DB engine mode of the DB cluster, either provisioned or serverless. // - // To list all of the available engine versions for aurora (for MySQL 5.6-compatible - // Aurora), use the following command: + // For more information, see CreateDBCluster (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html). // - // aws rds describe-db-engine-versions --engine aurora --query "DBEngineVersions[].EngineVersion" + // Valid for: Aurora DB clusters only + EngineMode *string `type:"string"` + + // The version of the database engine to use for the new DB cluster. If you + // don't specify an engine version, the default version for the database engine + // in the Amazon Web Services Region is used. // - // To list all of the available engine versions for aurora-mysql (for MySQL - // 5.7-compatible Aurora), use the following command: + // To list all of the available engine versions for Aurora MySQL, use the following + // command: // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // - // To list all of the available engine versions for aurora-postgresql, use the + // To list all of the available engine versions for Aurora PostgreSQL, use the // following command: // // aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion" // - // If you aren't using the default engine version, then you must specify the - // engine version. + // To list all of the available engine versions for RDS for MySQL, use the following + // command: + // + // aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion" + // + // To list all of the available engine versions for RDS for PostgreSQL, use + // the following command: + // + // aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion" // // Aurora MySQL // - // Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.12, 5.7.mysql_aurora.2.04.5 + // See Database engine updates for Amazon Aurora MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) + // in the Amazon Aurora User Guide. // // Aurora PostgreSQL // - // Example: 9.6.3, 10.7 + // See Amazon Aurora PostgreSQL releases and engine versions (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) + // in the Amazon Aurora User Guide. + // + // MySQL + // + // See Amazon RDS for MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + // in the Amazon RDS User Guide. + // + // PostgreSQL + // + // See Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) + // in the Amazon RDS User Guide. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters EngineVersion *string `type:"string"` - // The AWS KMS key identifier to use when restoring an encrypted DB cluster - // from a DB snapshot or DB cluster snapshot. + // The amount of Provisioned IOPS (input/output operations per second) to be + // initially allocated for each DB instance in the Multi-AZ DB cluster. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). To use a CMK in a different AWS - // account, specify the key ARN or alias ARN. + // For information about valid IOPS values, see Amazon RDS Provisioned IOPS + // storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // in the Amazon RDS User Guide. + // + // Constraints: Must be a multiple between .5 and 50 of the storage amount for + // the DB instance. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + Iops *int64 `type:"integer"` + + // The Amazon Web Services KMS key identifier to use when restoring an encrypted + // DB cluster from a DB snapshot or DB cluster snapshot. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. // // When you don't specify a value for the KmsKeyId parameter, then the following // occurs: // // * If the DB snapshot or DB cluster snapshot in SnapshotIdentifier is encrypted, - // then the restored DB cluster is encrypted using the AWS KMS CMK that was - // used to encrypt the DB snapshot or DB cluster snapshot. + // then the restored DB cluster is encrypted using the KMS key that was used + // to encrypt the DB snapshot or DB cluster snapshot. // // * If the DB snapshot or DB cluster snapshot in SnapshotIdentifier isn't // encrypted, then the restored DB cluster isn't encrypted. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters KmsKeyId *string `type:"string"` + // The network type of the DB cluster. + // + // Valid Values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and + // the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + // + // Valid for: Aurora DB clusters only + NetworkType *string `type:"string"` + // The name of the option group to use for the restored DB cluster. + // + // DB clusters are associated with a default option group that can't be modified. OptionGroupName *string `type:"string"` // The port number on which the new DB cluster accepts connections. @@ -38588,12 +56614,61 @@ type RestoreDBClusterFromSnapshotInput struct { // Constraints: This value must be 1150-65535 // // Default: The same port as the original DB cluster. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters Port *int64 `type:"integer"` + // Specifies whether the DB cluster is publicly accessible. + // + // When the DB cluster is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB cluster's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB cluster's VPC. Access to the DB cluster is ultimately controlled + // by the security group it uses. That public access is not permitted if the + // security group assigned to the DB cluster doesn't permit it. + // + // When the DB cluster isn't publicly accessible, it is an internal DB cluster + // with a DNS name that resolves to a private IP address. + // + // Default: The default behavior varies depending on whether DBSubnetGroupName + // is specified. + // + // If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the default VPC in the target Region doesn’t have an internet gateway + // attached to it, the DB cluster is private. + // + // * If the default VPC in the target Region has an internet gateway attached + // to it, the DB cluster is public. + // + // If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the subnets are part of a VPC that doesn’t have an internet gateway + // attached to it, the DB cluster is private. + // + // * If the subnets are part of a VPC that has an internet gateway attached + // to it, the DB cluster is public. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + PubliclyAccessible *bool `type:"boolean"` + + // Reserved for future use. + RdsCustomClusterConfiguration *RdsCustomClusterConfiguration `type:"structure"` + // For DB clusters in serverless DB engine mode, the scaling properties of the // DB cluster. + // + // Valid for: Aurora DB clusters only ScalingConfiguration *ScalingConfiguration `type:"structure"` + // Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + // + // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) + // in the Amazon Aurora User Guide. + ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfiguration `type:"structure"` + // The identifier for the DB snapshot or DB cluster snapshot to restore from. // // You can use either the name or the Amazon Resource Name (ARN) to specify @@ -38604,22 +56679,49 @@ type RestoreDBClusterFromSnapshotInput struct { // // * Must match the identifier of an existing Snapshot. // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // // SnapshotIdentifier is a required field SnapshotIdentifier *string `type:"string" required:"true"` + // Specifies the storage type to be associated with the DB cluster. + // + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. + // + // Valid Values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB + // clusters) + // + // Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters) + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + StorageType *string `type:"string"` + // The tags to be assigned to the restored DB cluster. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters Tags []*Tag `locationNameList:"Tag" type:"list"` // A list of VPC security groups that the new DB cluster will belong to. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromSnapshotInput) GoString() string { return s.String() } @@ -38667,6 +56769,12 @@ func (s *RestoreDBClusterFromSnapshotInput) SetDBClusterIdentifier(v string) *Re return s } +// SetDBClusterInstanceClass sets the DBClusterInstanceClass field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetDBClusterInstanceClass(v string) *RestoreDBClusterFromSnapshotInput { + s.DBClusterInstanceClass = &v + return s +} + // SetDBClusterParameterGroupName sets the DBClusterParameterGroupName field's value. func (s *RestoreDBClusterFromSnapshotInput) SetDBClusterParameterGroupName(v string) *RestoreDBClusterFromSnapshotInput { s.DBClusterParameterGroupName = &v @@ -38721,6 +56829,12 @@ func (s *RestoreDBClusterFromSnapshotInput) SetEngine(v string) *RestoreDBCluste return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetEngineLifecycleSupport(v string) *RestoreDBClusterFromSnapshotInput { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineMode sets the EngineMode field's value. func (s *RestoreDBClusterFromSnapshotInput) SetEngineMode(v string) *RestoreDBClusterFromSnapshotInput { s.EngineMode = &v @@ -38733,12 +56847,24 @@ func (s *RestoreDBClusterFromSnapshotInput) SetEngineVersion(v string) *RestoreD return s } +// SetIops sets the Iops field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetIops(v int64) *RestoreDBClusterFromSnapshotInput { + s.Iops = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *RestoreDBClusterFromSnapshotInput) SetKmsKeyId(v string) *RestoreDBClusterFromSnapshotInput { s.KmsKeyId = &v return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetNetworkType(v string) *RestoreDBClusterFromSnapshotInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBClusterFromSnapshotInput) SetOptionGroupName(v string) *RestoreDBClusterFromSnapshotInput { s.OptionGroupName = &v @@ -38751,18 +56877,42 @@ func (s *RestoreDBClusterFromSnapshotInput) SetPort(v int64) *RestoreDBClusterFr return s } +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetPubliclyAccessible(v bool) *RestoreDBClusterFromSnapshotInput { + s.PubliclyAccessible = &v + return s +} + +// SetRdsCustomClusterConfiguration sets the RdsCustomClusterConfiguration field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetRdsCustomClusterConfiguration(v *RdsCustomClusterConfiguration) *RestoreDBClusterFromSnapshotInput { + s.RdsCustomClusterConfiguration = v + return s +} + // SetScalingConfiguration sets the ScalingConfiguration field's value. func (s *RestoreDBClusterFromSnapshotInput) SetScalingConfiguration(v *ScalingConfiguration) *RestoreDBClusterFromSnapshotInput { s.ScalingConfiguration = v return s } +// SetServerlessV2ScalingConfiguration sets the ServerlessV2ScalingConfiguration field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetServerlessV2ScalingConfiguration(v *ServerlessV2ScalingConfiguration) *RestoreDBClusterFromSnapshotInput { + s.ServerlessV2ScalingConfiguration = v + return s +} + // SetSnapshotIdentifier sets the SnapshotIdentifier field's value. func (s *RestoreDBClusterFromSnapshotInput) SetSnapshotIdentifier(v string) *RestoreDBClusterFromSnapshotInput { s.SnapshotIdentifier = &v return s } +// SetStorageType sets the StorageType field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetStorageType(v string) *RestoreDBClusterFromSnapshotInput { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *RestoreDBClusterFromSnapshotInput) SetTags(v []*Tag) *RestoreDBClusterFromSnapshotInput { s.Tags = v @@ -38778,19 +56928,41 @@ func (s *RestoreDBClusterFromSnapshotInput) SetVpcSecurityGroupIds(v []*string) type RestoreDBClusterFromSnapshotOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterFromSnapshotOutput) GoString() string { return s.String() } @@ -38807,18 +56979,20 @@ type RestoreDBClusterToPointInTimeInput struct { // The target backtrack window, in seconds. To disable backtracking, set this // value to 0. // - // Currently, Backtrack is only supported for Aurora MySQL DB clusters. - // // Default: 0 // // Constraints: // // * If specified, this value must be set to a number from 0 to 259,200 (72 // hours). + // + // Valid for: Aurora MySQL DB clusters only BacktrackWindow *int64 `type:"long"` - // A value that indicates whether to copy all tags from the restored DB cluster - // to snapshots of the restored DB cluster. The default is not to copy them. + // Specifies whether to copy all tags from the restored DB cluster to snapshots + // of the restored DB cluster. The default is not to copy them. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters CopyTagsToSnapshot *bool `type:"boolean"` // The name of the new DB cluster to be created. @@ -38831,12 +57005,27 @@ type RestoreDBClusterToPointInTimeInput struct { // // * Can't end with a hyphen or contain two consecutive hyphens // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + // // DBClusterIdentifier is a required field DBClusterIdentifier *string `type:"string" required:"true"` - // The name of the DB cluster parameter group to associate with this DB cluster. - // If this argument is omitted, the default DB cluster parameter group for the - // specified engine is used. + // The compute and memory capacity of the each DB instance in the Multi-AZ DB + // cluster, for example db.m6gd.xlarge. Not all DB instance classes are available + // in all Amazon Web Services Regions, or for all database engines. + // + // For the full list of DB instance classes, and availability for your engine, + // see DB instance class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. + // + // Valid for: Multi-AZ DB clusters only + DBClusterInstanceClass *string `type:"string"` + + // The name of the custom DB cluster parameter group to associate with this + // DB cluster. + // + // If the DBClusterParameterGroupName parameter is omitted, the default DB cluster + // parameter group for the specified engine is used. // // Constraints: // @@ -38848,72 +57037,182 @@ type RestoreDBClusterToPointInTimeInput struct { // * First character must be a letter. // // * Can't end with a hyphen or contain two consecutive hyphens. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters DBClusterParameterGroupName *string `type:"string"` // The DB subnet group name to use for the new DB cluster. // // Constraints: If supplied, must match the name of an existing DBSubnetGroup. // - // Example: mySubnetgroup + // Example: mydbsubnetgroup + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB cluster has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. + // Specifies whether to enable deletion protection for the DB cluster. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters DeletionProtection *bool `type:"boolean"` - // Specify the Active Directory directory ID to restore the DB cluster in. The - // domain must be created prior to this operation. + // The Active Directory directory ID to restore the DB cluster in. The domain + // must be created prior to this operation. // // For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication // to authenticate users that connect to the DB cluster. For more information, // see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) // in the Amazon Aurora User Guide. + // + // Valid for: Aurora DB clusters only Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The name of the IAM role to be used when making API calls to the Directory + // Service. + // + // Valid for: Aurora DB clusters only DomainIAMRoleName *string `type:"string"` // The list of logs that the restored DB cluster is to export to CloudWatch - // Logs. The values in the list depend on the DB engine being used. For more - // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // Logs. The values in the list depend on the DB engine being used. + // + // RDS for MySQL + // + // Possible values are error, general, and slowquery. + // + // RDS for PostgreSQL + // + // Possible values are postgresql and upgrade. + // + // Aurora MySQL + // + // Possible values are audit, error, general, and slowquery. + // + // Aurora PostgreSQL + // + // Possible value is postgresql. + // + // For more information about exporting CloudWatch Logs for Amazon RDS, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // in the Amazon RDS User Guide. + // + // For more information about exporting CloudWatch Logs for Amazon Aurora, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon Aurora User Guide. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon Aurora User Guide. + // + // Valid for: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // The AWS KMS key identifier to use when restoring an encrypted DB cluster - // from an encrypted DB cluster. + // The life cycle type for this DB cluster. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard + // support, you can avoid charges for Extended Support by setting the value + // to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB cluster to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB cluster into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB cluster past the end of standard support for that engine + // version. For more information, see the following sections: + // + // * Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html) + // in the Amazon Aurora User Guide + // + // * Amazon RDS - Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide + // + // Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + + // The engine mode of the new cluster. Specify provisioned or serverless, depending + // on the type of the cluster you are creating. You can create an Aurora Serverless + // v1 clone from a provisioned cluster, or a provisioned clone from an Aurora + // Serverless v1 cluster. To create a clone that is an Aurora Serverless v1 + // cluster, the original cluster must be an Aurora Serverless v1 cluster or + // an encrypted provisioned cluster. + // + // Valid for: Aurora DB clusters only + EngineMode *string `type:"string"` + + // The amount of Provisioned IOPS (input/output operations per second) to be + // initially allocated for each DB instance in the Multi-AZ DB cluster. + // + // For information about valid IOPS values, see Amazon RDS Provisioned IOPS + // storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // in the Amazon RDS User Guide. + // + // Constraints: Must be a multiple between .5 and 50 of the storage amount for + // the DB instance. + // + // Valid for: Multi-AZ DB clusters only + Iops *int64 `type:"integer"` + + // The Amazon Web Services KMS key identifier to use when restoring an encrypted + // DB cluster from an encrypted DB cluster. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). To use a CMK in a different AWS - // account, specify the key ARN or alias ARN. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. // // You can restore to a new DB cluster and encrypt the new DB cluster with a - // AWS KMS CMK that is different than the AWS KMS key used to encrypt the source - // DB cluster. The new DB cluster is encrypted with the AWS KMS CMK identified - // by the KmsKeyId parameter. + // KMS key that is different from the KMS key used to encrypt the source DB + // cluster. The new DB cluster is encrypted with the KMS key identified by the + // KmsKeyId parameter. // // If you don't specify a value for the KmsKeyId parameter, then the following // occurs: // // * If the DB cluster is encrypted, then the restored DB cluster is encrypted - // using the AWS KMS CMK that was used to encrypt the source DB cluster. + // using the KMS key that was used to encrypt the source DB cluster. // // * If the DB cluster isn't encrypted, then the restored DB cluster isn't // encrypted. // // If DBClusterIdentifier refers to a DB cluster that isn't encrypted, then // the restore request is rejected. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters KmsKeyId *string `type:"string"` + // The network type of the DB cluster. + // + // Valid Values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and + // the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + // + // Valid for: Aurora DB clusters only + NetworkType *string `type:"string"` + // The name of the option group for the new DB cluster. + // + // DB clusters are associated with a default option group that can't be modified. OptionGroupName *string `type:"string"` // The port number on which the new DB cluster accepts connections. @@ -38921,8 +57220,49 @@ type RestoreDBClusterToPointInTimeInput struct { // Constraints: A value from 1150-65535. // // Default: The default port for the engine. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters Port *int64 `type:"integer"` + // Specifies whether the DB cluster is publicly accessible. + // + // When the DB cluster is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB cluster's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB cluster's VPC. Access to the DB cluster is ultimately controlled + // by the security group it uses. That public access is not permitted if the + // security group assigned to the DB cluster doesn't permit it. + // + // When the DB cluster isn't publicly accessible, it is an internal DB cluster + // with a DNS name that resolves to a private IP address. + // + // Default: The default behavior varies depending on whether DBSubnetGroupName + // is specified. + // + // If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the default VPC in the target Region doesn’t have an internet gateway + // attached to it, the DB cluster is private. + // + // * If the default VPC in the target Region has an internet gateway attached + // to it, the DB cluster is public. + // + // If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, + // the following applies: + // + // * If the subnets are part of a VPC that doesn’t have an internet gateway + // attached to it, the DB cluster is private. + // + // * If the subnets are part of a VPC that has an internet gateway attached + // to it, the DB cluster is public. + // + // Valid for: Multi-AZ DB clusters only + PubliclyAccessible *bool `type:"boolean"` + + // Reserved for future use. + RdsCustomClusterConfiguration *RdsCustomClusterConfiguration `type:"structure"` + // The date and time to restore the DB cluster to. // // Valid Values: Value must be a time in Universal Coordinated Time (UTC) format @@ -38938,6 +57278,8 @@ type RestoreDBClusterToPointInTimeInput struct { // * Can't be specified if the RestoreType parameter is copy-on-write // // Example: 2015-03-07T23:45:00Z + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters RestoreToTime *time.Time `type:"timestamp"` // The type of restore to be performed. You can specify one of the following @@ -38949,43 +57291,82 @@ type RestoreDBClusterToPointInTimeInput struct { // * copy-on-write - The new DB cluster is restored as a clone of the source // DB cluster. // - // Constraints: You can't specify copy-on-write if the engine version of the - // source DB cluster is earlier than 1.11. - // // If you don't specify a RestoreType value, then the new DB cluster is restored // as a full copy of the source DB cluster. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters RestoreType *string `type:"string"` + // For DB clusters in serverless DB engine mode, the scaling properties of the + // DB cluster. + // + // Valid for: Aurora DB clusters only + ScalingConfiguration *ScalingConfiguration `type:"structure"` + + // Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + // + // For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) + // in the Amazon Aurora User Guide. + ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfiguration `type:"structure"` + // The identifier of the source DB cluster from which to restore. // // Constraints: // // * Must match the identifier of an existing DBCluster. // - // SourceDBClusterIdentifier is a required field - SourceDBClusterIdentifier *string `type:"string" required:"true"` + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + SourceDBClusterIdentifier *string `type:"string"` + + // The resource ID of the source DB cluster from which to restore. + SourceDbClusterResourceId *string `type:"string"` + + // Specifies the storage type to be associated with the DB cluster. + // + // When specified for a Multi-AZ DB cluster, a value for the Iops parameter + // is required. + // + // Valid Values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB + // clusters) + // + // Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters) + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters + StorageType *string `type:"string"` // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. Tags []*Tag `locationNameList:"Tag" type:"list"` - // A value that indicates whether to restore the DB cluster to the latest restorable - // backup time. By default, the DB cluster isn't restored to the latest restorable + // Specifies whether to restore the DB cluster to the latest restorable backup + // time. By default, the DB cluster isn't restored to the latest restorable // backup time. // // Constraints: Can't be specified if RestoreToTime parameter is provided. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters UseLatestRestorableTime *bool `type:"boolean"` // A list of VPC security groups that the new DB cluster belongs to. + // + // Valid for: Aurora DB clusters and Multi-AZ DB clusters VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterToPointInTimeInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterToPointInTimeInput) GoString() string { return s.String() } @@ -38996,9 +57377,6 @@ func (s *RestoreDBClusterToPointInTimeInput) Validate() error { if s.DBClusterIdentifier == nil { invalidParams.Add(request.NewErrParamRequired("DBClusterIdentifier")) } - if s.SourceDBClusterIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("SourceDBClusterIdentifier")) - } if invalidParams.Len() > 0 { return invalidParams @@ -39024,6 +57402,12 @@ func (s *RestoreDBClusterToPointInTimeInput) SetDBClusterIdentifier(v string) *R return s } +// SetDBClusterInstanceClass sets the DBClusterInstanceClass field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetDBClusterInstanceClass(v string) *RestoreDBClusterToPointInTimeInput { + s.DBClusterInstanceClass = &v + return s +} + // SetDBClusterParameterGroupName sets the DBClusterParameterGroupName field's value. func (s *RestoreDBClusterToPointInTimeInput) SetDBClusterParameterGroupName(v string) *RestoreDBClusterToPointInTimeInput { s.DBClusterParameterGroupName = &v @@ -39066,12 +57450,36 @@ func (s *RestoreDBClusterToPointInTimeInput) SetEnableIAMDatabaseAuthentication( return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetEngineLifecycleSupport(v string) *RestoreDBClusterToPointInTimeInput { + s.EngineLifecycleSupport = &v + return s +} + +// SetEngineMode sets the EngineMode field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetEngineMode(v string) *RestoreDBClusterToPointInTimeInput { + s.EngineMode = &v + return s +} + +// SetIops sets the Iops field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetIops(v int64) *RestoreDBClusterToPointInTimeInput { + s.Iops = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *RestoreDBClusterToPointInTimeInput) SetKmsKeyId(v string) *RestoreDBClusterToPointInTimeInput { s.KmsKeyId = &v return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetNetworkType(v string) *RestoreDBClusterToPointInTimeInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBClusterToPointInTimeInput) SetOptionGroupName(v string) *RestoreDBClusterToPointInTimeInput { s.OptionGroupName = &v @@ -39084,6 +57492,18 @@ func (s *RestoreDBClusterToPointInTimeInput) SetPort(v int64) *RestoreDBClusterT return s } +// SetPubliclyAccessible sets the PubliclyAccessible field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetPubliclyAccessible(v bool) *RestoreDBClusterToPointInTimeInput { + s.PubliclyAccessible = &v + return s +} + +// SetRdsCustomClusterConfiguration sets the RdsCustomClusterConfiguration field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetRdsCustomClusterConfiguration(v *RdsCustomClusterConfiguration) *RestoreDBClusterToPointInTimeInput { + s.RdsCustomClusterConfiguration = v + return s +} + // SetRestoreToTime sets the RestoreToTime field's value. func (s *RestoreDBClusterToPointInTimeInput) SetRestoreToTime(v time.Time) *RestoreDBClusterToPointInTimeInput { s.RestoreToTime = &v @@ -39096,12 +57516,36 @@ func (s *RestoreDBClusterToPointInTimeInput) SetRestoreType(v string) *RestoreDB return s } +// SetScalingConfiguration sets the ScalingConfiguration field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetScalingConfiguration(v *ScalingConfiguration) *RestoreDBClusterToPointInTimeInput { + s.ScalingConfiguration = v + return s +} + +// SetServerlessV2ScalingConfiguration sets the ServerlessV2ScalingConfiguration field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetServerlessV2ScalingConfiguration(v *ServerlessV2ScalingConfiguration) *RestoreDBClusterToPointInTimeInput { + s.ServerlessV2ScalingConfiguration = v + return s +} + // SetSourceDBClusterIdentifier sets the SourceDBClusterIdentifier field's value. func (s *RestoreDBClusterToPointInTimeInput) SetSourceDBClusterIdentifier(v string) *RestoreDBClusterToPointInTimeInput { s.SourceDBClusterIdentifier = &v return s } +// SetSourceDbClusterResourceId sets the SourceDbClusterResourceId field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetSourceDbClusterResourceId(v string) *RestoreDBClusterToPointInTimeInput { + s.SourceDbClusterResourceId = &v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetStorageType(v string) *RestoreDBClusterToPointInTimeInput { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *RestoreDBClusterToPointInTimeInput) SetTags(v []*Tag) *RestoreDBClusterToPointInTimeInput { s.Tags = v @@ -39123,19 +57567,41 @@ func (s *RestoreDBClusterToPointInTimeInput) SetVpcSecurityGroupIds(v []*string) type RestoreDBClusterToPointInTimeOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterToPointInTimeOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBClusterToPointInTimeOutput) GoString() string { return s.String() } @@ -39149,8 +57615,18 @@ func (s *RestoreDBClusterToPointInTimeOutput) SetDBCluster(v *DBCluster) *Restor type RestoreDBInstanceFromDBSnapshotInput struct { _ struct{} `type:"structure"` - // A value that indicates whether minor version upgrades are applied automatically - // to the DB instance during the maintenance window. + // The amount of storage (in gibibytes) to allocate initially for the DB instance. + // Follow the allocation rules specified in CreateDBInstance. + // + // Be sure to allocate enough storage for your new DB instance so that the restore + // operation can succeed. You can also allocate additional storage for future + // growth. + AllocatedStorage *int64 `type:"integer"` + + // Specifies whether to automatically apply minor version upgrades to the DB + // instance during the maintenance window. + // + // If you restore an RDS Custom DB instance, you must disable this parameter. AutoMinorVersionUpgrade *bool `type:"boolean"` // The Availability Zone (AZ) where the DB instance will be created. @@ -39163,48 +57639,120 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // Example: us-east-1a AvailabilityZone *string `type:"string"` - // A value that indicates whether to copy all tags from the restored DB instance - // to snapshots of the DB instance. By default, tags are not copied. + // Specifies where automated backups and manual snapshots are stored for the + // restored DB instance. + // + // Possible values are outposts (Amazon Web Services Outposts) and region (Amazon + // Web Services Region). The default is region. + // + // For more information, see Working with Amazon RDS on Amazon Web Services + // Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + BackupTarget *string `type:"string"` + + // The CA certificate identifier to use for the DB instance's server certificate. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CACertificateIdentifier *string `type:"string"` + + // Specifies whether to copy all tags from the restored DB instance to snapshots + // of the DB instance. + // + // In most cases, tags aren't copied by default. However, when you restore a + // DB instance from a DB snapshot, RDS checks whether you specify new tags. + // If yes, the new tags are added to the restored DB instance. If there are + // no new tags, RDS looks for the tags from the source DB instance for the DB + // snapshot, and then adds those tags to the restored DB instance. + // + // For more information, see Copying tags to DB instance snapshots (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.CopyTags) + // in the Amazon RDS User Guide. CopyTagsToSnapshot *bool `type:"boolean"` - // The compute and memory capacity of the Amazon RDS DB instance, for example, - // db.m4.large. Not all DB instance classes are available in all AWS Regions, - // or for all database engines. For the full list of DB instance classes, and - // availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // The instance profile associated with the underlying Amazon EC2 instance of + // an RDS Custom DB instance. The instance profile must meet the following requirements: + // + // * The profile must exist in your account. + // + // * The profile must have an IAM role that Amazon EC2 has permissions to + // assume. + // + // * The instance profile name and the associated IAM role name must start + // with the prefix AWSRDSCustom. + // + // For the list of permissions required for the IAM role, see Configure IAM + // and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) + // in the Amazon RDS User Guide. + // + // This setting is required for RDS Custom. + CustomIamInstanceProfile *string `type:"string"` + + // The identifier for the Multi-AZ DB cluster snapshot to restore from. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. + // + // Constraints: + // + // * Must match the identifier of an existing Multi-AZ DB cluster snapshot. + // + // * Can't be specified when DBSnapshotIdentifier is specified. + // + // * Must be specified when DBSnapshotIdentifier isn't specified. + // + // * If you are restoring from a shared manual Multi-AZ DB cluster snapshot, + // the DBClusterSnapshotIdentifier must be the ARN of the shared snapshot. + // + // * Can't be the identifier of an Aurora DB cluster snapshot. + DBClusterSnapshotIdentifier *string `type:"string"` + + // The compute and memory capacity of the Amazon RDS DB instance, for example + // db.m4.large. Not all DB instance classes are available in all Amazon Web + // Services Regions, or for all database engines. For the full list of DB instance + // classes, and availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) // in the Amazon RDS User Guide. // // Default: The same DBInstanceClass as the original DB instance. DBInstanceClass *string `type:"string"` - // Name of the DB instance to create from the DB snapshot. This parameter isn't - // case-sensitive. + // The name of the DB instance to create from the DB snapshot. This parameter + // isn't case-sensitive. // // Constraints: // - // * Must contain from 1 to 63 numbers, letters, or hyphens + // * Must contain from 1 to 63 numbers, letters, or hyphens. // - // * First character must be a letter + // * First character must be a letter. // - // * Can't end with a hyphen or contain two consecutive hyphens + // * Can't end with a hyphen or contain two consecutive hyphens. // // Example: my-snapshot-id // // DBInstanceIdentifier is a required field DBInstanceIdentifier *string `type:"string" required:"true"` - // The database name for the restored DB instance. + // The name of the database for the restored DB instance. // - // This parameter doesn't apply to the MySQL, PostgreSQL, or MariaDB engines. + // This parameter only applies to RDS for Oracle and RDS for SQL Server DB instances. + // It doesn't apply to the other engines or to RDS Custom DB instances. DBName *string `type:"string"` // The name of the DB parameter group to associate with this DB instance. // - // If you do not specify a value for DBParameterGroupName, then the default - // DBParameterGroup for the specified DB engine is used. + // If you don't specify a value for DBParameterGroupName, then RDS uses the + // default DBParameterGroup for the specified DB engine. + // + // This setting doesn't apply to RDS Custom. // // Constraints: // - // * If supplied, must match the name of an existing DBParameterGroup. + // * If supplied, must match the name of an existing DB parameter group. // // * Must be 1 to 255 letters, numbers, or hyphens. // @@ -39217,56 +57765,132 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // // Constraints: // - // * Must match the identifier of an existing DBSnapshot. + // * Must match the identifier of an existing DB snapshot. + // + // * Can't be specified when DBClusterSnapshotIdentifier is specified. + // + // * Must be specified when DBClusterSnapshotIdentifier isn't specified. // // * If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier // must be the ARN of the shared DB snapshot. - // - // DBSnapshotIdentifier is a required field - DBSnapshotIdentifier *string `type:"string" required:"true"` + DBSnapshotIdentifier *string `type:"string"` - // The DB subnet group name to use for the new instance. + // The name of the DB subnet group to use for the new instance. // - // Constraints: If supplied, must match the name of an existing DBSubnetGroup. + // Constraints: // - // Example: mySubnetgroup + // * If supplied, must match the name of an existing DB subnet group. + // + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. For more information, see Deleting a DB + // Specifies whether to enable a dedicated log volume (DLV) for the DB instance. + DedicatedLogVolume *bool `type:"boolean"` + + // Specifies whether to enable deletion protection for the DB instance. The + // database can't be deleted when deletion protection is enabled. By default, + // deletion protection isn't enabled. For more information, see Deleting a DB // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). DeletionProtection *bool `type:"boolean"` - // Specify the Active Directory directory ID to restore the DB instance in. - // The domain must be created prior to this operation. Currently, only MySQL, - // Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created - // in an Active Directory Domain. + // The Active Directory directory ID to restore the DB instance in. The domain/ + // must be created prior to this operation. Currently, you can create only Db2, + // MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances in an Active + // Directory Domain. // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom. Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The ARN for the Secrets Manager secret with the credentials for the user + // joining the domain. + // + // Constraints: + // + // * Can't be longer than 64 characters. + // + // Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456 + DomainAuthSecretArn *string `type:"string"` + + // The IPv4 DNS IP addresses of your primary and secondary Active Directory + // domain controllers. + // + // Constraints: + // + // * Two IP addresses must be provided. If there isn't a secondary domain + // controller, use the IP address of the primary domain controller for both + // entries in the list. + // + // Example: 123.124.125.126,234.235.236.237 + DomainDnsIps []*string `type:"list"` + + // The fully qualified domain name (FQDN) of an Active Directory domain. + // + // Constraints: + // + // * Can't be longer than 64 characters. + // + // Example: mymanagedADtest.mymanagedAD.mydomain + DomainFqdn *string `type:"string"` + + // The name of the IAM role to use when making API calls to the Directory Service. + // + // This setting doesn't apply to RDS Custom DB instances. DomainIAMRoleName *string `type:"string"` - // The list of logs that the restored DB instance is to export to CloudWatch - // Logs. The values in the list depend on the DB engine being used. For more - // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + // The Active Directory organizational unit for your DB instance to join. + // + // Constraints: + // + // * Must be in the distinguished name format. + // + // * Can't be longer than 64 characters. + // + // Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain + DomainOu *string `type:"string"` + + // The list of logs for the restored DB instance to export to CloudWatch Logs. + // The values in the list depend on the DB engine. For more information, see + // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom. EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access + // Specifies whether to enable a customer-owned IP address (CoIP) for an RDS + // on Outposts DB instance. + // + // A CoIP provides local or external connectivity to resources in your Outpost + // subnets through your on-premises network. For some use cases, a CoIP can + // provide lower latency for connections to the DB instance from outside of + // its virtual private cloud (VPC) on your local network. + // + // This setting doesn't apply to RDS Custom. + // + // For more information about RDS on Outposts, see Working with Amazon RDS on + // Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + // + // For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + // in the Amazon Web Services Outposts User Guide. + EnableCustomerOwnedIp *bool `type:"boolean"` + + // Specifies whether to enable mapping of Amazon Web Services Identity and Access // Management (IAM) accounts to database accounts. By default, mapping is disabled. // // For more information about IAM database authentication, see IAM Database // Authentication for MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom. EnableIAMDatabaseAuthentication *bool `type:"boolean"` // The database engine to use for the new instance. // + // This setting doesn't apply to RDS Custom. + // // Default: The same as source // // Constraint: Must be compatible with the engine of the source. For example, @@ -39274,17 +57898,21 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // // Valid Values: // + // * db2-ae + // + // * db2-se + // // * mariadb // // * mysql // // * oracle-ee // - // * oracle-se2 + // * oracle-ee-cdb // - // * oracle-se1 + // * oracle-se2 // - // * oracle-se + // * oracle-se2-cdb // // * postgres // @@ -39297,6 +57925,29 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // * sqlserver-web Engine *string `type:"string"` + // The life cycle type for this DB instance. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB instance to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. + // + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // Specifies the amount of provisioned IOPS for the DB instance, expressed in // I/O operations per second. If this parameter isn't specified, the IOPS value // is taken from the backup. If this parameter is set to 0, the new instance @@ -39305,8 +57956,7 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // starts. // // The provisioned IOPS value must follow the requirements for your database - // engine. For more information, see Amazon RDS Provisioned IOPS Storage to - // Improve Performance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // engine. For more information, see Amazon RDS Provisioned IOPS storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) // in the Amazon RDS User Guide. // // Constraints: Must be an integer greater than 1000. @@ -39314,22 +57964,63 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // License model information for the restored DB instance. // - // Default: Same as source. + // License models for RDS for Db2 require additional configuration. The Bring + // Your Own License (BYOL) model requires a custom parameter group. The Db2 + // license through Amazon Web Services Marketplace model requires an Amazon + // Web Services Marketplace subscription. For more information, see RDS for + // Db2 licensing options (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) + // in the Amazon RDS User Guide. // - // Valid values: license-included | bring-your-own-license | general-public-license + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + // + // Valid Values: + // + // * RDS for Db2 - bring-your-own-license | marketplace-license + // + // * RDS for MariaDB - general-public-license + // + // * RDS for Microsoft SQL Server - license-included + // + // * RDS for MySQL - general-public-license + // + // * RDS for Oracle - bring-your-own-license | license-included + // + // * RDS for PostgreSQL - postgresql-license + // + // Default: Same as the source. LicenseModel *string `type:"string"` - // A value that indicates whether the DB instance is a Multi-AZ deployment. + // Specifies whether the DB instance is a Multi-AZ deployment. + // + // This setting doesn't apply to RDS Custom. // // Constraint: You can't specify the AvailabilityZone parameter if the DB instance // is a Multi-AZ deployment. MultiAZ *bool `type:"boolean"` + // The network type of the DB instance. + // + // Valid Values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // The name of the option group to be used for the restored DB instance. // // Permanent options, such as the TDE option for Oracle Advanced Security TDE, // can't be removed from an option group, and that option group can't be removed - // from a DB instance once it is associated with a DB instance + // from a DB instance after it is associated with a DB instance. + // + // This setting doesn't apply to RDS Custom. OptionGroupName *string `type:"string"` // The port number on which the database accepts connections. @@ -39341,16 +58032,18 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. + // + // This setting doesn't apply to RDS Custom. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // - // When the DB instance is publicly accessible, its DNS endpoint resolves to - // the private IP address from within the DB instance's VPC, and to the public - // IP address from outside of the DB instance's VPC. Access to the DB instance - // is ultimately controlled by the security group it uses, and that public access - // is not permitted if the security group assigned to the DB instance doesn't - // permit it. + // When the DB instance is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB instance's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB instance's VPC. Access to the DB instance is ultimately controlled + // by the security group it uses. That public access is not permitted if the + // security group assigned to the DB instance doesn't permit it. // // When the DB instance isn't publicly accessible, it is an internal DB instance // with a DNS name that resolves to a private IP address. @@ -39358,11 +58051,17 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // For more information, see CreateDBInstance. PubliclyAccessible *bool `type:"boolean"` + // Specifies the storage throughput value for the DB instance. + // + // This setting doesn't apply to RDS Custom or Amazon Aurora. + StorageThroughput *int64 `type:"integer"` + // Specifies the storage type to be associated with the DB instance. // - // Valid values: standard | gp2 | io1 + // Valid Values: gp2 | gp3 | io1 | io2 | standard // - // If you specify io1, you must also include a value for the Iops parameter. + // If you specify io1, io2, or gp3, you must also include a value for the Iops + // parameter. // // Default: io1 if the Iops parameter is specified, otherwise gp2 StorageType *string `type:"string"` @@ -39372,14 +58071,20 @@ type RestoreDBInstanceFromDBSnapshotInput struct { Tags []*Tag `locationNameList:"Tag" type:"list"` // The ARN from the key store with which to associate the instance for TDE encryption. + // + // This setting doesn't apply to RDS Custom. TdeCredentialArn *string `type:"string"` // The password for the given ARN from the key store in order to access the // device. + // + // This setting doesn't apply to RDS Custom. TdeCredentialPassword *string `type:"string"` - // A value that indicates whether the DB instance class of the DB instance uses - // its default processor features. + // Specifies whether the DB instance class of the DB instance uses its default + // processor features. + // + // This setting doesn't apply to RDS Custom. UseDefaultProcessorFeatures *bool `type:"boolean"` // A list of EC2 VPC security groups to associate with this DB instance. @@ -39388,12 +58093,20 @@ type RestoreDBInstanceFromDBSnapshotInput struct { VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromDBSnapshotInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromDBSnapshotInput) GoString() string { return s.String() } @@ -39404,9 +58117,6 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) Validate() error { if s.DBInstanceIdentifier == nil { invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) } - if s.DBSnapshotIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("DBSnapshotIdentifier")) - } if invalidParams.Len() > 0 { return invalidParams @@ -39414,6 +58124,12 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) Validate() error { return nil } +// SetAllocatedStorage sets the AllocatedStorage field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetAllocatedStorage(v int64) *RestoreDBInstanceFromDBSnapshotInput { + s.AllocatedStorage = &v + return s +} + // SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetAutoMinorVersionUpgrade(v bool) *RestoreDBInstanceFromDBSnapshotInput { s.AutoMinorVersionUpgrade = &v @@ -39426,12 +58142,36 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetAvailabilityZone(v string) *Re return s } +// SetBackupTarget sets the BackupTarget field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetBackupTarget(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.BackupTarget = &v + return s +} + +// SetCACertificateIdentifier sets the CACertificateIdentifier field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetCACertificateIdentifier(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.CACertificateIdentifier = &v + return s +} + // SetCopyTagsToSnapshot sets the CopyTagsToSnapshot field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetCopyTagsToSnapshot(v bool) *RestoreDBInstanceFromDBSnapshotInput { s.CopyTagsToSnapshot = &v return s } +// SetCustomIamInstanceProfile sets the CustomIamInstanceProfile field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetCustomIamInstanceProfile(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.CustomIamInstanceProfile = &v + return s +} + +// SetDBClusterSnapshotIdentifier sets the DBClusterSnapshotIdentifier field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetDBClusterSnapshotIdentifier(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.DBClusterSnapshotIdentifier = &v + return s +} + // SetDBInstanceClass sets the DBInstanceClass field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetDBInstanceClass(v string) *RestoreDBInstanceFromDBSnapshotInput { s.DBInstanceClass = &v @@ -39468,6 +58208,12 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetDBSubnetGroupName(v string) *R return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetDedicatedLogVolume(v bool) *RestoreDBInstanceFromDBSnapshotInput { + s.DedicatedLogVolume = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetDeletionProtection(v bool) *RestoreDBInstanceFromDBSnapshotInput { s.DeletionProtection = &v @@ -39480,18 +58226,48 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetDomain(v string) *RestoreDBIns return s } +// SetDomainAuthSecretArn sets the DomainAuthSecretArn field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetDomainAuthSecretArn(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.DomainAuthSecretArn = &v + return s +} + +// SetDomainDnsIps sets the DomainDnsIps field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetDomainDnsIps(v []*string) *RestoreDBInstanceFromDBSnapshotInput { + s.DomainDnsIps = v + return s +} + +// SetDomainFqdn sets the DomainFqdn field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetDomainFqdn(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.DomainFqdn = &v + return s +} + // SetDomainIAMRoleName sets the DomainIAMRoleName field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetDomainIAMRoleName(v string) *RestoreDBInstanceFromDBSnapshotInput { s.DomainIAMRoleName = &v return s } +// SetDomainOu sets the DomainOu field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetDomainOu(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.DomainOu = &v + return s +} + // SetEnableCloudwatchLogsExports sets the EnableCloudwatchLogsExports field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetEnableCloudwatchLogsExports(v []*string) *RestoreDBInstanceFromDBSnapshotInput { s.EnableCloudwatchLogsExports = v return s } +// SetEnableCustomerOwnedIp sets the EnableCustomerOwnedIp field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetEnableCustomerOwnedIp(v bool) *RestoreDBInstanceFromDBSnapshotInput { + s.EnableCustomerOwnedIp = &v + return s +} + // SetEnableIAMDatabaseAuthentication sets the EnableIAMDatabaseAuthentication field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetEnableIAMDatabaseAuthentication(v bool) *RestoreDBInstanceFromDBSnapshotInput { s.EnableIAMDatabaseAuthentication = &v @@ -39504,6 +58280,12 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetEngine(v string) *RestoreDBIns return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetEngineLifecycleSupport(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.EngineLifecycleSupport = &v + return s +} + // SetIops sets the Iops field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetIops(v int64) *RestoreDBInstanceFromDBSnapshotInput { s.Iops = &v @@ -39522,6 +58304,12 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetMultiAZ(v bool) *RestoreDBInst return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetNetworkType(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetOptionGroupName(v string) *RestoreDBInstanceFromDBSnapshotInput { s.OptionGroupName = &v @@ -39546,6 +58334,12 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetPubliclyAccessible(v bool) *Re return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetStorageThroughput(v int64) *RestoreDBInstanceFromDBSnapshotInput { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetStorageType(v string) *RestoreDBInstanceFromDBSnapshotInput { s.StorageType = &v @@ -39587,16 +58381,27 @@ type RestoreDBInstanceFromDBSnapshotOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromDBSnapshotOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromDBSnapshotOutput) GoString() string { return s.String() } @@ -39610,32 +58415,32 @@ func (s *RestoreDBInstanceFromDBSnapshotOutput) SetDBInstance(v *DBInstance) *Re type RestoreDBInstanceFromS3Input struct { _ struct{} `type:"structure"` - // The amount of storage (in gigabytes) to allocate initially for the DB instance. + // The amount of storage (in gibibytes) to allocate initially for the DB instance. // Follow the allocation rules specified in CreateDBInstance. // - // Be sure to allocate enough memory for your new DB instance so that the restore - // operation can succeed. You can also allocate additional memory for future + // Be sure to allocate enough storage for your new DB instance so that the restore + // operation can succeed. You can also allocate additional storage for future // growth. AllocatedStorage *int64 `type:"integer"` - // A value that indicates whether minor engine upgrades are applied automatically - // to the DB instance during the maintenance window. By default, minor engine - // upgrades are not applied automatically. + // Specifies whether to automatically apply minor engine upgrades to the DB + // instance during the maintenance window. By default, minor engine upgrades + // are not applied automatically. AutoMinorVersionUpgrade *bool `type:"boolean"` // The Availability Zone that the DB instance is created in. For information - // about AWS Regions and Availability Zones, see Regions and Availability Zones - // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) + // about Amazon Web Services Regions and Availability Zones, see Regions and + // Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html) // in the Amazon RDS User Guide. // - // Default: A random, system-chosen Availability Zone in the endpoint's AWS - // Region. + // Default: A random, system-chosen Availability Zone in the endpoint's Amazon + // Web Services Region. // // Example: us-east-1d // // Constraint: The AvailabilityZone parameter can't be specified if the DB instance // is a Multi-AZ deployment. The specified Availability Zone must be in the - // same AWS Region as the current endpoint. + // same Amazon Web Services Region as the current endpoint. AvailabilityZone *string `type:"string"` // The number of days for which automated backups are retained. Setting this @@ -39643,14 +58448,25 @@ type RestoreDBInstanceFromS3Input struct { // CreateDBInstance. BackupRetentionPeriod *int64 `type:"integer"` - // A value that indicates whether to copy all tags from the DB instance to snapshots - // of the DB instance. By default, tags are not copied. + // The CA certificate identifier to use for the DB instance's server certificate. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CACertificateIdentifier *string `type:"string"` + + // Specifies whether to copy all tags from the DB instance to snapshots of the + // DB instance. By default, tags are not copied. CopyTagsToSnapshot *bool `type:"boolean"` - // The compute and memory capacity of the DB instance, for example, db.m4.large. - // Not all DB instance classes are available in all AWS Regions, or for all - // database engines. For the full list of DB instance classes, and availability - // for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // The compute and memory capacity of the DB instance, for example db.m4.large. + // Not all DB instance classes are available in all Amazon Web Services Regions, + // or for all database engines. For the full list of DB instance classes, and + // availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) // in the Amazon RDS User Guide. // // Importing from Amazon S3 isn't supported on the db.t2.micro DB instance class. @@ -39689,11 +58505,18 @@ type RestoreDBInstanceFromS3Input struct { DBSecurityGroups []*string `locationNameList:"DBSecurityGroupName" type:"list"` // A DB subnet group to associate with this DB instance. + // + // Constraints: If supplied, must match the name of an existing DBSubnetGroup. + // + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. For more information, see Deleting a DB + // Specifies whether to enable a dedicated log volume (DLV) for the DB instance. + DedicatedLogVolume *bool `type:"boolean"` + + // Specifies whether to enable deletion protection for the DB instance. The + // database can't be deleted when deletion protection is enabled. By default, + // deletion protection isn't enabled. For more information, see Deleting a DB // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). DeletionProtection *bool `type:"boolean"` @@ -39703,19 +58526,19 @@ type RestoreDBInstanceFromS3Input struct { // in the Amazon RDS User Guide. EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. // // For more information about IAM database authentication, see IAM Database // Authentication for MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. EnableIAMDatabaseAuthentication *bool `type:"boolean"` - // A value that indicates whether to enable Performance Insights for the DB - // instance. + // Specifies whether to enable Performance Insights for the DB instance. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) - // in the Amazon Relational Database Service User Guide. + // in the Amazon RDS User Guide. EnablePerformanceInsights *bool `type:"boolean"` // The name of the database engine to be used for this instance. @@ -39725,38 +58548,114 @@ type RestoreDBInstanceFromS3Input struct { // Engine is a required field Engine *string `type:"string" required:"true"` + // The life cycle type for this DB instance. + // + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB instance to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. + // + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. + // + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + // The version number of the database engine to use. Choose the latest minor // version of your database engine. For information about engine versions, see // CreateDBInstance, or call DescribeDBEngineVersions. EngineVersion *string `type:"string"` // The amount of Provisioned IOPS (input/output operations per second) to allocate - // initially for the DB instance. For information about valid Iops values, see - // Amazon RDS Provisioned IOPS Storage to Improve Performance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + // initially for the DB instance. For information about valid IOPS values, see + // Amazon RDS Provisioned IOPS storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) // in the Amazon RDS User Guide. Iops *int64 `type:"integer"` - // The AWS KMS key identifier for an encrypted DB instance. + // The Amazon Web Services KMS key identifier for an encrypted DB instance. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). To use a CMK in a different AWS - // account, specify the key ARN or alias ARN. + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. // // If the StorageEncrypted parameter is enabled, and you do not specify a value - // for the KmsKeyId parameter, then Amazon RDS will use your default CMK. There - // is a default CMK for your AWS account. Your AWS account has a different default - // CMK for each AWS Region. + // for the KmsKeyId parameter, then Amazon RDS will use your default KMS key. + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. KmsKeyId *string `type:"string"` // The license model for this DB instance. Use general-public-license. LicenseModel *string `type:"string"` - // The password for the master user. The password can include any printable - // ASCII character except "/", """, or "@". + // Specifies whether to manage the master user password with Amazon Web Services + // Secrets Manager. + // + // For more information, see Password management with Amazon Web Services Secrets + // Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + // in the Amazon RDS User Guide. + // + // Constraints: + // + // * Can't manage the master user password with Amazon Web Services Secrets + // Manager if MasterUserPassword is specified. + ManageMasterUserPassword *bool `type:"boolean"` + + // The password for the master user. + // + // Constraints: + // + // * Can't be specified if ManageMasterUserPassword is turned on. + // + // * Can include any printable ASCII character except "/", """, or "@". For + // RDS for Oracle, can't include the "&" (ampersand) or the "'" (single quotes) + // character. + // + // Length Constraints: + // + // * RDS for Db2 - Must contain from 8 to 128 characters. + // + // * RDS for MariaDB - Must contain from 8 to 41 characters. + // + // * RDS for Microsoft SQL Server - Must contain from 8 to 128 characters. + // + // * RDS for MySQL - Must contain from 8 to 41 characters. + // + // * RDS for Oracle - Must contain from 8 to 30 characters. // - // Constraints: Must contain from 8 to 41 characters. + // * RDS for PostgreSQL - Must contain from 8 to 128 characters. MasterUserPassword *string `type:"string"` + // The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + // generated and managed in Amazon Web Services Secrets Manager. + // + // This setting is valid only if the master user password is managed by RDS + // in Amazon Web Services Secrets Manager for the DB instance. + // + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + // Web Services account, specify the key ARN or alias ARN. + // + // If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + // KMS key is used to encrypt the secret. If the secret is in a different Amazon + // Web Services account, then you can't use the aws/secretsmanager KMS key to + // encrypt the secret, and you must use a customer managed KMS key. + // + // There is a default KMS key for your Amazon Web Services account. Your Amazon + // Web Services account has a different default KMS key for each Amazon Web + // Services Region. + MasterUserSecretKmsKeyId *string `type:"string"` + // The name for the master user. // // Constraints: @@ -39768,8 +58667,13 @@ type RestoreDBInstanceFromS3Input struct { // * Can't be a reserved word for the chosen database engine. MasterUsername *string `type:"string"` - // The upper limit to which Amazon RDS can automatically scale the storage of - // the DB instance. + // The upper limit in gibibytes (GiB) to which Amazon RDS can automatically + // scale the storage of the DB instance. + // + // For more information about this setting, including limitations that apply + // to it, see Managing capacity automatically with Amazon RDS storage autoscaling + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) + // in the Amazon RDS User Guide. MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics @@ -39794,28 +58698,64 @@ type RestoreDBInstanceFromS3Input struct { // a MonitoringRoleArn value. MonitoringRoleArn *string `type:"string"` - // A value that indicates whether the DB instance is a Multi-AZ deployment. - // If the DB instance is a Multi-AZ deployment, you can't set the AvailabilityZone - // parameter. + // Specifies whether the DB instance is a Multi-AZ deployment. If the DB instance + // is a Multi-AZ deployment, you can't set the AvailabilityZone parameter. MultiAZ *bool `type:"boolean"` + // The network type of the DB instance. + // + // Valid Values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // The name of the option group to associate with this DB instance. If this // argument is omitted, the default option group for the specified engine is // used. OptionGroupName *string `type:"string"` - // The AWS KMS key identifier for encryption of Performance Insights data. + // The Amazon Web Services KMS key identifier for encryption of Performance + // Insights data. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. // // If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon - // RDS uses your default CMK. There is a default CMK for your AWS account. Your - // AWS account has a different default CMK for each AWS Region. + // RDS uses your default KMS key. There is a default KMS key for your Amazon + // Web Services account. Your Amazon Web Services account has a different default + // KMS key for each Amazon Web Services Region. PerformanceInsightsKMSKeyId *string `type:"string"` - // The amount of time, in days, to retain Performance Insights data. Valid values - // are 7 or 731 (2 years). + // The number of days to retain Performance Insights data. The default is 7 + // days. The following values are valid: + // + // * 7 + // + // * month * 31, where month is a number of months from 1-23 + // + // * 731 + // + // For example, the following values are valid: + // + // * 93 (3 months * 31) + // + // * 341 (11 months * 31) + // + // * 589 (19 months * 31) + // + // * 731 + // + // If you specify a retention period such as 94, which isn't a valid value, + // RDS issues an error. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The port number on which the database accepts connections. @@ -39828,7 +58768,7 @@ type RestoreDBInstanceFromS3Input struct { Port *int64 `type:"integer"` // The time range each day during which automated backups are created if automated - // backups are enabled. For more information, see The Backup Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) + // backups are enabled. For more information, see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) // in the Amazon RDS User Guide. // // Constraints: @@ -39864,14 +58804,14 @@ type RestoreDBInstanceFromS3Input struct { // class of the DB instance. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // - // When the DB instance is publicly accessible, its DNS endpoint resolves to - // the private IP address from within the DB instance's VPC, and to the public - // IP address from outside of the DB instance's VPC. Access to the DB instance - // is ultimately controlled by the security group it uses, and that public access - // is not permitted if the security group assigned to the DB instance doesn't - // permit it. + // When the DB instance is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB instance's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB instance's VPC. Access to the DB instance is ultimately controlled + // by the security group it uses. That public access is not permitted if the + // security group assigned to the DB instance doesn't permit it. // // When the DB instance isn't publicly accessible, it is an internal DB instance // with a DNS name that resolves to a private IP address. @@ -39884,8 +58824,11 @@ type RestoreDBInstanceFromS3Input struct { // S3BucketName is a required field S3BucketName *string `type:"string" required:"true"` - // An AWS Identity and Access Management (IAM) role to allow Amazon RDS to access - // your Amazon S3 bucket. + // An Amazon Web Services Identity and Access Management (IAM) role with a trust + // policy and a permissions policy that allows Amazon RDS to access your Amazon + // S3 bucket. For information about this role, see Creating an IAM role manually + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html#MySQL.Procedural.Importing.Enabling.IAM) + // in the Amazon RDS User Guide. // // S3IngestionRoleArn is a required field S3IngestionRoleArn *string `type:"string" required:"true"` @@ -39909,14 +58852,20 @@ type RestoreDBInstanceFromS3Input struct { // SourceEngineVersion is a required field SourceEngineVersion *string `type:"string" required:"true"` - // A value that indicates whether the new DB instance is encrypted or not. + // Specifies whether the new DB instance is encrypted or not. StorageEncrypted *bool `type:"boolean"` + // Specifies the storage throughput value for the DB instance. + // + // This setting doesn't apply to RDS Custom or Amazon Aurora. + StorageThroughput *int64 `type:"integer"` + // Specifies the storage type to be associated with the DB instance. // - // Valid values: standard | gp2 | io1 + // Valid Values: gp2 | gp3 | io1 | io2 | standard // - // If you specify io1, you must also include a value for the Iops parameter. + // If you specify io1, io2, or gp3, you must also include a value for the Iops + // parameter. // // Default: io1 if the Iops parameter is specified; otherwise gp2 StorageType *string `type:"string"` @@ -39926,20 +58875,28 @@ type RestoreDBInstanceFromS3Input struct { // in the Amazon RDS User Guide. Tags []*Tag `locationNameList:"Tag" type:"list"` - // A value that indicates whether the DB instance class of the DB instance uses - // its default processor features. + // Specifies whether the DB instance class of the DB instance uses its default + // processor features. UseDefaultProcessorFeatures *bool `type:"boolean"` // A list of VPC security groups to associate with this DB instance. VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromS3Input) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromS3Input) GoString() string { return s.String() } @@ -39999,6 +58956,12 @@ func (s *RestoreDBInstanceFromS3Input) SetBackupRetentionPeriod(v int64) *Restor return s } +// SetCACertificateIdentifier sets the CACertificateIdentifier field's value. +func (s *RestoreDBInstanceFromS3Input) SetCACertificateIdentifier(v string) *RestoreDBInstanceFromS3Input { + s.CACertificateIdentifier = &v + return s +} + // SetCopyTagsToSnapshot sets the CopyTagsToSnapshot field's value. func (s *RestoreDBInstanceFromS3Input) SetCopyTagsToSnapshot(v bool) *RestoreDBInstanceFromS3Input { s.CopyTagsToSnapshot = &v @@ -40041,6 +59004,12 @@ func (s *RestoreDBInstanceFromS3Input) SetDBSubnetGroupName(v string) *RestoreDB return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *RestoreDBInstanceFromS3Input) SetDedicatedLogVolume(v bool) *RestoreDBInstanceFromS3Input { + s.DedicatedLogVolume = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *RestoreDBInstanceFromS3Input) SetDeletionProtection(v bool) *RestoreDBInstanceFromS3Input { s.DeletionProtection = &v @@ -40071,6 +59040,12 @@ func (s *RestoreDBInstanceFromS3Input) SetEngine(v string) *RestoreDBInstanceFro return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBInstanceFromS3Input) SetEngineLifecycleSupport(v string) *RestoreDBInstanceFromS3Input { + s.EngineLifecycleSupport = &v + return s +} + // SetEngineVersion sets the EngineVersion field's value. func (s *RestoreDBInstanceFromS3Input) SetEngineVersion(v string) *RestoreDBInstanceFromS3Input { s.EngineVersion = &v @@ -40095,12 +59070,24 @@ func (s *RestoreDBInstanceFromS3Input) SetLicenseModel(v string) *RestoreDBInsta return s } +// SetManageMasterUserPassword sets the ManageMasterUserPassword field's value. +func (s *RestoreDBInstanceFromS3Input) SetManageMasterUserPassword(v bool) *RestoreDBInstanceFromS3Input { + s.ManageMasterUserPassword = &v + return s +} + // SetMasterUserPassword sets the MasterUserPassword field's value. func (s *RestoreDBInstanceFromS3Input) SetMasterUserPassword(v string) *RestoreDBInstanceFromS3Input { s.MasterUserPassword = &v return s } +// SetMasterUserSecretKmsKeyId sets the MasterUserSecretKmsKeyId field's value. +func (s *RestoreDBInstanceFromS3Input) SetMasterUserSecretKmsKeyId(v string) *RestoreDBInstanceFromS3Input { + s.MasterUserSecretKmsKeyId = &v + return s +} + // SetMasterUsername sets the MasterUsername field's value. func (s *RestoreDBInstanceFromS3Input) SetMasterUsername(v string) *RestoreDBInstanceFromS3Input { s.MasterUsername = &v @@ -40131,6 +59118,12 @@ func (s *RestoreDBInstanceFromS3Input) SetMultiAZ(v bool) *RestoreDBInstanceFrom return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBInstanceFromS3Input) SetNetworkType(v string) *RestoreDBInstanceFromS3Input { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBInstanceFromS3Input) SetOptionGroupName(v string) *RestoreDBInstanceFromS3Input { s.OptionGroupName = &v @@ -40215,6 +59208,12 @@ func (s *RestoreDBInstanceFromS3Input) SetStorageEncrypted(v bool) *RestoreDBIns return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *RestoreDBInstanceFromS3Input) SetStorageThroughput(v int64) *RestoreDBInstanceFromS3Input { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *RestoreDBInstanceFromS3Input) SetStorageType(v string) *RestoreDBInstanceFromS3Input { s.StorageType = &v @@ -40244,16 +59243,27 @@ type RestoreDBInstanceFromS3Output struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromS3Output) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceFromS3Output) GoString() string { return s.String() } @@ -40267,36 +59277,101 @@ func (s *RestoreDBInstanceFromS3Output) SetDBInstance(v *DBInstance) *RestoreDBI type RestoreDBInstanceToPointInTimeInput struct { _ struct{} `type:"structure"` - // A value that indicates whether minor version upgrades are applied automatically - // to the DB instance during the maintenance window. + // The amount of storage (in gibibytes) to allocate initially for the DB instance. + // Follow the allocation rules specified in CreateDBInstance. + // + // Be sure to allocate enough storage for your new DB instance so that the restore + // operation can succeed. You can also allocate additional storage for future + // growth. + AllocatedStorage *int64 `type:"integer"` + + // Specifies whether minor version upgrades are applied automatically to the + // DB instance during the maintenance window. + // + // This setting doesn't apply to RDS Custom. AutoMinorVersionUpgrade *bool `type:"boolean"` // The Availability Zone (AZ) where the DB instance will be created. // // Default: A random, system-chosen Availability Zone. // - // Constraint: You can't specify the AvailabilityZone parameter if the DB instance - // is a Multi-AZ deployment. + // Constraints: + // + // * You can't specify the AvailabilityZone parameter if the DB instance + // is a Multi-AZ deployment. // // Example: us-east-1a AvailabilityZone *string `type:"string"` - // A value that indicates whether to copy all tags from the restored DB instance - // to snapshots of the DB instance. By default, tags are not copied. + // The location for storing automated backups and manual snapshots for the restored + // DB instance. + // + // Valid Values: + // + // * outposts (Amazon Web Services Outposts) + // + // * region (Amazon Web Services Region) + // + // Default: region + // + // For more information, see Working with Amazon RDS on Amazon Web Services + // Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + BackupTarget *string `type:"string"` + + // The CA certificate identifier to use for the DB instance's server certificate. + // + // This setting doesn't apply to RDS Custom DB instances. + // + // For more information, see Using SSL/TLS to encrypt a connection to a DB instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + // in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + // a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + // in the Amazon Aurora User Guide. + CACertificateIdentifier *string `type:"string"` + + // Specifies whether to copy all tags from the restored DB instance to snapshots + // of the DB instance. By default, tags are not copied. CopyTagsToSnapshot *bool `type:"boolean"` - // The compute and memory capacity of the Amazon RDS DB instance, for example, - // db.m4.large. Not all DB instance classes are available in all AWS Regions, - // or for all database engines. For the full list of DB instance classes, and - // availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // The instance profile associated with the underlying Amazon EC2 instance of + // an RDS Custom DB instance. The instance profile must meet the following requirements: + // + // * The profile must exist in your account. + // + // * The profile must have an IAM role that Amazon EC2 has permissions to + // assume. + // + // * The instance profile name and the associated IAM role name must start + // with the prefix AWSRDSCustom. + // + // For the list of permissions required for the IAM role, see Configure IAM + // and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) // in the Amazon RDS User Guide. // - // Default: The same DBInstanceClass as the original DB instance. + // This setting is required for RDS Custom. + CustomIamInstanceProfile *string `type:"string"` + + // The compute and memory capacity of the Amazon RDS DB instance, for example + // db.m4.large. Not all DB instance classes are available in all Amazon Web + // Services Regions, or for all database engines. For the full list of DB instance + // classes, and availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. + // + // Default: The same DB instance class as the original DB instance. DBInstanceClass *string `type:"string"` // The database name for the restored DB instance. // - // This parameter isn't used for the MySQL or MariaDB engines. + // This parameter doesn't apply to the following DB instances: + // + // * RDS Custom + // + // * RDS for Db2 + // + // * RDS for MariaDB + // + // * RDS for MySQL DBName *string `type:"string"` // The name of the DB parameter group to associate with this DB instance. @@ -40304,9 +59379,11 @@ type RestoreDBInstanceToPointInTimeInput struct { // If you do not specify a value for DBParameterGroupName, then the default // DBParameterGroup for the specified DB engine is used. // + // This setting doesn't apply to RDS Custom. + // // Constraints: // - // * If supplied, must match the name of an existing DBParameterGroup. + // * If supplied, must match the name of an existing DB parameter group. // // * Must be 1 to 255 letters, numbers, or hyphens. // @@ -40317,38 +59394,111 @@ type RestoreDBInstanceToPointInTimeInput struct { // The DB subnet group name to use for the new instance. // - // Constraints: If supplied, must match the name of an existing DBSubnetGroup. + // Constraints: + // + // * If supplied, must match the name of an existing DB subnet group. // - // Example: mySubnetgroup + // Example: mydbsubnetgroup DBSubnetGroupName *string `type:"string"` - // A value that indicates whether the DB instance has deletion protection enabled. - // The database can't be deleted when deletion protection is enabled. By default, - // deletion protection is disabled. For more information, see Deleting a DB - // Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + // Specifies whether to enable a dedicated log volume (DLV) for the DB instance. + DedicatedLogVolume *bool `type:"boolean"` + + // Specifies whether the DB instance has deletion protection enabled. The database + // can't be deleted when deletion protection is enabled. By default, deletion + // protection isn't enabled. For more information, see Deleting a DB Instance + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). DeletionProtection *bool `type:"boolean"` - // Specify the Active Directory directory ID to restore the DB instance in. - // The domain must be created prior to this operation. Currently, only MySQL, - // Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created - // in an Active Directory Domain. + // The Active Directory directory ID to restore the DB instance in. Create the + // domain before running this command. Currently, you can create only the MySQL, + // Microsoft SQL Server, Oracle, and PostgreSQL DB instances in an Active Directory + // Domain. + // + // This setting doesn't apply to RDS Custom. // // For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) // in the Amazon RDS User Guide. Domain *string `type:"string"` - // Specify the name of the IAM role to be used when making API calls to the - // Directory Service. + // The ARN for the Secrets Manager secret with the credentials for the user + // joining the domain. + // + // Constraints: + // + // * Can't be longer than 64 characters. + // + // Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456 + DomainAuthSecretArn *string `type:"string"` + + // The IPv4 DNS IP addresses of your primary and secondary Active Directory + // domain controllers. + // + // Constraints: + // + // * Two IP addresses must be provided. If there isn't a secondary domain + // controller, use the IP address of the primary domain controller for both + // entries in the list. + // + // Example: 123.124.125.126,234.235.236.237 + DomainDnsIps []*string `type:"list"` + + // The fully qualified domain name (FQDN) of an Active Directory domain. + // + // Constraints: + // + // * Can't be longer than 64 characters. + // + // Example: mymanagedADtest.mymanagedAD.mydomain + DomainFqdn *string `type:"string"` + + // The name of the IAM role to use when making API calls to the Directory Service. + // + // This setting doesn't apply to RDS Custom DB instances. DomainIAMRoleName *string `type:"string"` + // The Active Directory organizational unit for your DB instance to join. + // + // Constraints: + // + // * Must be in the distinguished name format. + // + // * Can't be longer than 64 characters. + // + // Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain + DomainOu *string `type:"string"` + // The list of logs that the restored DB instance is to export to CloudWatch // Logs. The values in the list depend on the DB engine being used. For more // information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom. EnableCloudwatchLogsExports []*string `type:"list"` - // A value that indicates whether to enable mapping of AWS Identity and Access - // Management (IAM) accounts to database accounts. By default, mapping is disabled. + // Specifies whether to enable a customer-owned IP address (CoIP) for an RDS + // on Outposts DB instance. + // + // A CoIP provides local or external connectivity to resources in your Outpost + // subnets through your on-premises network. For some use cases, a CoIP can + // provide lower latency for connections to the DB instance from outside of + // its virtual private cloud (VPC) on your local network. + // + // This setting doesn't apply to RDS Custom. + // + // For more information about RDS on Outposts, see Working with Amazon RDS on + // Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + // + // For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + // in the Amazon Web Services Outposts User Guide. + EnableCustomerOwnedIp *bool `type:"boolean"` + + // Specifies whether to enable mapping of Amazon Web Services Identity and Access + // Management (IAM) accounts to database accounts. By default, mapping isn't + // enabled. + // + // This setting doesn't apply to RDS Custom. // // For more information about IAM database authentication, see IAM Database // Authentication for MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) @@ -40357,23 +59507,25 @@ type RestoreDBInstanceToPointInTimeInput struct { // The database engine to use for the new instance. // - // Default: The same as source - // - // Constraint: Must be compatible with the engine of the source + // This setting doesn't apply to RDS Custom. // // Valid Values: // + // * db2-ae + // + // * db2-se + // // * mariadb // // * mysql // // * oracle-ee // - // * oracle-se2 + // * oracle-ee-cdb // - // * oracle-se1 + // * oracle-se2 // - // * oracle-se + // * oracle-se2-cdb // // * postgres // @@ -40384,61 +59536,144 @@ type RestoreDBInstanceToPointInTimeInput struct { // * sqlserver-ex // // * sqlserver-web + // + // Default: The same as source + // + // Constraints: + // + // * Must be compatible with the engine of the source. Engine *string `type:"string"` - // The amount of Provisioned IOPS (input/output operations per second) to be - // initially allocated for the DB instance. + // The life cycle type for this DB instance. // - // Constraints: Must be an integer greater than 1000. + // By default, this value is set to open-source-rds-extended-support, which + // enrolls your DB instance into Amazon RDS Extended Support. At the end of + // standard support, you can avoid charges for Extended Support by setting the + // value to open-source-rds-extended-support-disabled. In this case, RDS automatically + // upgrades your restored DB instance to a higher engine version, if the major + // engine version is past its end of standard support date. + // + // You can use this setting to enroll your DB instance into Amazon RDS Extended + // Support. With RDS Extended Support, you can run the selected major engine + // version on your DB instance past the end of standard support for that engine + // version. For more information, see Using Amazon RDS Extended Support (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html) + // in the Amazon RDS User Guide. // - // SQL Server + // This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon + // Aurora DB instances, the life cycle type is managed by the DB cluster. // - // Setting the IOPS value for the SQL Server database engine isn't supported. + // Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled + // + // Default: open-source-rds-extended-support + EngineLifecycleSupport *string `type:"string"` + + // The amount of Provisioned IOPS (input/output operations per second) to initially + // allocate for the DB instance. + // + // This setting doesn't apply to SQL Server. + // + // Constraints: + // + // * Must be an integer greater than 1000. Iops *int64 `type:"integer"` - // License model information for the restored DB instance. + // The license model information for the restored DB instance. // - // Default: Same as source. + // License models for RDS for Db2 require additional configuration. The Bring + // Your Own License (BYOL) model requires a custom parameter group. The Db2 + // license through Amazon Web Services Marketplace model requires an Amazon + // Web Services Marketplace subscription. For more information, see RDS for + // Db2 licensing options (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) + // in the Amazon RDS User Guide. // - // Valid values: license-included | bring-your-own-license | general-public-license + // This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. + // + // Valid Values: + // + // * RDS for Db2 - bring-your-own-license | marketplace-license + // + // * RDS for MariaDB - general-public-license + // + // * RDS for Microsoft SQL Server - license-included + // + // * RDS for MySQL - general-public-license + // + // * RDS for Oracle - bring-your-own-license | license-included + // + // * RDS for PostgreSQL - postgresql-license + // + // Default: Same as the source. LicenseModel *string `type:"string"` - // The upper limit to which Amazon RDS can automatically scale the storage of - // the DB instance. + // The upper limit in gibibytes (GiB) to which Amazon RDS can automatically + // scale the storage of the DB instance. + // + // For more information about this setting, including limitations that apply + // to it, see Managing capacity automatically with Amazon RDS storage autoscaling + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) + // in the Amazon RDS User Guide. + // + // This setting doesn't apply to RDS Custom. MaxAllocatedStorage *int64 `type:"integer"` - // A value that indicates whether the DB instance is a Multi-AZ deployment. + // Secifies whether the DB instance is a Multi-AZ deployment. // - // Constraint: You can't specify the AvailabilityZone parameter if the DB instance - // is a Multi-AZ deployment. + // This setting doesn't apply to RDS Custom. + // + // Constraints: + // + // * You can't specify the AvailabilityZone parameter if the DB instance + // is a Multi-AZ deployment. MultiAZ *bool `type:"boolean"` - // The name of the option group to be used for the restored DB instance. + // The network type of the DB instance. + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + // + // Valid Values: + // + // * IPV4 + // + // * DUAL + NetworkType *string `type:"string"` + + // The name of the option group to use for the restored DB instance. // // Permanent options, such as the TDE option for Oracle Advanced Security TDE, // can't be removed from an option group, and that option group can't be removed - // from a DB instance once it is associated with a DB instance + // from a DB instance after it is associated with a DB instance + // + // This setting doesn't apply to RDS Custom. OptionGroupName *string `type:"string"` // The port number on which the database accepts connections. // - // Constraints: Value must be 1150-65535 - // // Default: The same port as the original DB instance. + // + // Constraints: + // + // * The value must be 1150-65535. Port *int64 `type:"integer"` // The number of CPU cores and the number of threads per core for the DB instance // class of the DB instance. + // + // This setting doesn't apply to RDS Custom. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` - // A value that indicates whether the DB instance is publicly accessible. + // Specifies whether the DB instance is publicly accessible. // - // When the DB instance is publicly accessible, its DNS endpoint resolves to - // the private IP address from within the DB instance's VPC, and to the public - // IP address from outside of the DB instance's VPC. Access to the DB instance - // is ultimately controlled by the security group it uses, and that public access - // is not permitted if the security group assigned to the DB instance doesn't - // permit it. + // When the DB cluster is publicly accessible, its Domain Name System (DNS) + // endpoint resolves to the private IP address from within the DB cluster's + // virtual private cloud (VPC). It resolves to the public IP address from outside + // of the DB cluster's VPC. Access to the DB cluster is ultimately controlled + // by the security group it uses. That public access isn't permitted if the + // security group assigned to the DB cluster doesn't permit it. // // When the DB instance isn't publicly accessible, it is an internal DB instance // with a DNS name that resolves to a private IP address. @@ -40448,19 +59683,21 @@ type RestoreDBInstanceToPointInTimeInput struct { // The date and time to restore from. // - // Valid Values: Value must be a time in Universal Coordinated Time (UTC) format - // // Constraints: // - // * Must be before the latest restorable time for the DB instance + // * Must be a time in Universal Coordinated Time (UTC) format. // - // * Can't be specified if the UseLatestRestorableTime parameter is enabled + // * Must be before the latest restorable time for the DB instance. + // + // * Can't be specified if the UseLatestRestorableTime parameter is enabled. // // Example: 2009-09-07T23:45:00Z RestoreTime *time.Time `type:"timestamp"` // The Amazon Resource Name (ARN) of the replicated automated backups from which - // to restore, for example, arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE. + // to restore, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE. + // + // This setting doesn't apply to RDS Custom. SourceDBInstanceAutomatedBackupsArn *string `type:"string"` // The identifier of the source DB instance from which to restore. @@ -40473,48 +59710,63 @@ type RestoreDBInstanceToPointInTimeInput struct { // The resource ID of the source DB instance from which to restore. SourceDbiResourceId *string `type:"string"` - // Specifies the storage type to be associated with the DB instance. + // The storage throughput value for the DB instance. + // + // This setting doesn't apply to RDS Custom or Amazon Aurora. + StorageThroughput *int64 `type:"integer"` + + // The storage type to associate with the DB instance. // - // Valid values: standard | gp2 | io1 + // Valid Values: gp2 | gp3 | io1 | io2 | standard // - // If you specify io1, you must also include a value for the Iops parameter. + // Default: io1, if the Iops parameter is specified. Otherwise, gp2. // - // Default: io1 if the Iops parameter is specified, otherwise gp2 + // Constraints: + // + // * If you specify io1, io2, or gp3, you must also include a value for the + // Iops parameter. StorageType *string `type:"string"` // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) // in the Amazon RDS User Guide. Tags []*Tag `locationNameList:"Tag" type:"list"` - // The name of the new DB instance to be created. + // The name of the new DB instance to create. // // Constraints: // - // * Must contain from 1 to 63 letters, numbers, or hyphens + // * Must contain from 1 to 63 letters, numbers, or hyphens. // - // * First character must be a letter + // * First character must be a letter. // - // * Can't end with a hyphen or contain two consecutive hyphens + // * Can't end with a hyphen or contain two consecutive hyphens. // // TargetDBInstanceIdentifier is a required field TargetDBInstanceIdentifier *string `type:"string" required:"true"` // The ARN from the key store with which to associate the instance for TDE encryption. + // + // This setting doesn't apply to RDS Custom. TdeCredentialArn *string `type:"string"` // The password for the given ARN from the key store in order to access the // device. + // + // This setting doesn't apply to RDS Custom. TdeCredentialPassword *string `type:"string"` - // A value that indicates whether the DB instance class of the DB instance uses - // its default processor features. + // Specifies whether the DB instance class of the DB instance uses its default + // processor features. + // + // This setting doesn't apply to RDS Custom. UseDefaultProcessorFeatures *bool `type:"boolean"` - // A value that indicates whether the DB instance is restored from the latest - // backup time. By default, the DB instance isn't restored from the latest backup - // time. + // Specifies whether the DB instance is restored from the latest backup time. + // By default, the DB instance isn't restored from the latest backup time. // - // Constraints: Can't be specified if the RestoreTime parameter is provided. + // Constraints: + // + // * Can't be specified if the RestoreTime parameter is provided. UseLatestRestorableTime *bool `type:"boolean"` // A list of EC2 VPC security groups to associate with this DB instance. @@ -40523,12 +59775,20 @@ type RestoreDBInstanceToPointInTimeInput struct { VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceToPointInTimeInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceToPointInTimeInput) GoString() string { return s.String() } @@ -40546,6 +59806,12 @@ func (s *RestoreDBInstanceToPointInTimeInput) Validate() error { return nil } +// SetAllocatedStorage sets the AllocatedStorage field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetAllocatedStorage(v int64) *RestoreDBInstanceToPointInTimeInput { + s.AllocatedStorage = &v + return s +} + // SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetAutoMinorVersionUpgrade(v bool) *RestoreDBInstanceToPointInTimeInput { s.AutoMinorVersionUpgrade = &v @@ -40558,12 +59824,30 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetAvailabilityZone(v string) *Res return s } +// SetBackupTarget sets the BackupTarget field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetBackupTarget(v string) *RestoreDBInstanceToPointInTimeInput { + s.BackupTarget = &v + return s +} + +// SetCACertificateIdentifier sets the CACertificateIdentifier field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetCACertificateIdentifier(v string) *RestoreDBInstanceToPointInTimeInput { + s.CACertificateIdentifier = &v + return s +} + // SetCopyTagsToSnapshot sets the CopyTagsToSnapshot field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetCopyTagsToSnapshot(v bool) *RestoreDBInstanceToPointInTimeInput { s.CopyTagsToSnapshot = &v return s } +// SetCustomIamInstanceProfile sets the CustomIamInstanceProfile field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetCustomIamInstanceProfile(v string) *RestoreDBInstanceToPointInTimeInput { + s.CustomIamInstanceProfile = &v + return s +} + // SetDBInstanceClass sets the DBInstanceClass field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetDBInstanceClass(v string) *RestoreDBInstanceToPointInTimeInput { s.DBInstanceClass = &v @@ -40588,6 +59872,12 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetDBSubnetGroupName(v string) *Re return s } +// SetDedicatedLogVolume sets the DedicatedLogVolume field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetDedicatedLogVolume(v bool) *RestoreDBInstanceToPointInTimeInput { + s.DedicatedLogVolume = &v + return s +} + // SetDeletionProtection sets the DeletionProtection field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetDeletionProtection(v bool) *RestoreDBInstanceToPointInTimeInput { s.DeletionProtection = &v @@ -40600,18 +59890,48 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetDomain(v string) *RestoreDBInst return s } +// SetDomainAuthSecretArn sets the DomainAuthSecretArn field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetDomainAuthSecretArn(v string) *RestoreDBInstanceToPointInTimeInput { + s.DomainAuthSecretArn = &v + return s +} + +// SetDomainDnsIps sets the DomainDnsIps field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetDomainDnsIps(v []*string) *RestoreDBInstanceToPointInTimeInput { + s.DomainDnsIps = v + return s +} + +// SetDomainFqdn sets the DomainFqdn field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetDomainFqdn(v string) *RestoreDBInstanceToPointInTimeInput { + s.DomainFqdn = &v + return s +} + // SetDomainIAMRoleName sets the DomainIAMRoleName field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetDomainIAMRoleName(v string) *RestoreDBInstanceToPointInTimeInput { s.DomainIAMRoleName = &v return s } +// SetDomainOu sets the DomainOu field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetDomainOu(v string) *RestoreDBInstanceToPointInTimeInput { + s.DomainOu = &v + return s +} + // SetEnableCloudwatchLogsExports sets the EnableCloudwatchLogsExports field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetEnableCloudwatchLogsExports(v []*string) *RestoreDBInstanceToPointInTimeInput { s.EnableCloudwatchLogsExports = v return s } +// SetEnableCustomerOwnedIp sets the EnableCustomerOwnedIp field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetEnableCustomerOwnedIp(v bool) *RestoreDBInstanceToPointInTimeInput { + s.EnableCustomerOwnedIp = &v + return s +} + // SetEnableIAMDatabaseAuthentication sets the EnableIAMDatabaseAuthentication field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetEnableIAMDatabaseAuthentication(v bool) *RestoreDBInstanceToPointInTimeInput { s.EnableIAMDatabaseAuthentication = &v @@ -40624,6 +59944,12 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetEngine(v string) *RestoreDBInst return s } +// SetEngineLifecycleSupport sets the EngineLifecycleSupport field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetEngineLifecycleSupport(v string) *RestoreDBInstanceToPointInTimeInput { + s.EngineLifecycleSupport = &v + return s +} + // SetIops sets the Iops field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetIops(v int64) *RestoreDBInstanceToPointInTimeInput { s.Iops = &v @@ -40648,6 +59974,12 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetMultiAZ(v bool) *RestoreDBInsta return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetNetworkType(v string) *RestoreDBInstanceToPointInTimeInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetOptionGroupName(v string) *RestoreDBInstanceToPointInTimeInput { s.OptionGroupName = &v @@ -40696,6 +60028,12 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetSourceDbiResourceId(v string) * return s } +// SetStorageThroughput sets the StorageThroughput field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetStorageThroughput(v int64) *RestoreDBInstanceToPointInTimeInput { + s.StorageThroughput = &v + return s +} + // SetStorageType sets the StorageType field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetStorageType(v string) *RestoreDBInstanceToPointInTimeInput { s.StorageType = &v @@ -40749,16 +60087,27 @@ type RestoreDBInstanceToPointInTimeOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceToPointInTimeOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreDBInstanceToPointInTimeOutput) GoString() string { return s.String() } @@ -40780,12 +60129,20 @@ type RestoreWindow struct { LatestTime *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreWindow) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreWindow) GoString() string { return s.String() } @@ -40825,20 +60182,28 @@ type RevokeDBSecurityGroupIngressInput struct { // and either EC2SecurityGroupName or EC2SecurityGroupId must be provided. EC2SecurityGroupName *string `type:"string"` - // The AWS account number of the owner of the EC2 security group specified in - // the EC2SecurityGroupName parameter. The AWS access key ID isn't an acceptable - // value. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, - // EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId - // must be provided. + // The Amazon Web Services account number of the owner of the EC2 security group + // specified in the EC2SecurityGroupName parameter. The Amazon Web Services + // access key ID isn't an acceptable value. For VPC DB security groups, EC2SecurityGroupId + // must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName + // or EC2SecurityGroupId must be provided. EC2SecurityGroupOwnerId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RevokeDBSecurityGroupIngressInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RevokeDBSecurityGroupIngressInput) GoString() string { return s.String() } @@ -40896,12 +60261,20 @@ type RevokeDBSecurityGroupIngressOutput struct { DBSecurityGroup *DBSecurityGroup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RevokeDBSecurityGroupIngressOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RevokeDBSecurityGroupIngressOutput) GoString() string { return s.String() } @@ -40912,16 +60285,48 @@ func (s *RevokeDBSecurityGroupIngressOutput) SetDBSecurityGroup(v *DBSecurityGro return s } -// Contains the scaling configuration of an Aurora Serverless DB cluster. +// The metric reference details when the reference is a scalar. +type ScalarReferenceDetails struct { + _ struct{} `type:"structure"` + + // The value of a scalar reference. + Value *float64 `type:"double"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ScalarReferenceDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ScalarReferenceDetails) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *ScalarReferenceDetails) SetValue(v float64) *ScalarReferenceDetails { + s.Value = &v + return s +} + +// Contains the scaling configuration of an Aurora Serverless v1 DB cluster. // -// For more information, see Using Amazon Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) +// For more information, see Using Amazon Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) // in the Amazon Aurora User Guide. type ScalingConfiguration struct { _ struct{} `type:"structure"` - // A value that indicates whether to allow or disallow automatic pause for an - // Aurora DB cluster in serverless DB engine mode. A DB cluster can be paused - // only when it's idle (it has no connections). + // Indicates whether to allow or disallow automatic pause for an Aurora DB cluster + // in serverless DB engine mode. A DB cluster can be paused only when it's idle + // (it has no connections). // // If a DB cluster is paused for more than seven days, the DB cluster might // be backed up with a snapshot. In this case, the DB cluster is restored when @@ -40950,7 +60355,16 @@ type ScalingConfiguration struct { // The minimum capacity must be less than or equal to the maximum capacity. MinCapacity *int64 `type:"integer"` + // The amount of time, in seconds, that Aurora Serverless v1 tries to find a + // scaling point to perform seamless scaling before enforcing the timeout action. + // The default is 300. + // + // Specify a value between 60 and 600 seconds. + SecondsBeforeTimeout *int64 `type:"integer"` + // The time, in seconds, before an Aurora DB cluster in serverless mode is paused. + // + // Specify a value between 300 and 86,400 seconds. SecondsUntilAutoPause *int64 `type:"integer"` // The action to take when the timeout is reached, either ForceApplyCapacityChange @@ -40963,19 +60377,27 @@ type ScalingConfiguration struct { // point isn't found in the timeout period. // // If you specify ForceApplyCapacityChange, connections that prevent Aurora - // Serverless from finding a scaling point might be dropped. + // Serverless v1 from finding a scaling point might be dropped. // - // For more information, see Autoscaling for Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.how-it-works.html#aurora-serverless.how-it-works.auto-scaling) + // For more information, see Autoscaling for Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.how-it-works.html#aurora-serverless.how-it-works.auto-scaling) // in the Amazon Aurora User Guide. TimeoutAction *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ScalingConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ScalingConfiguration) GoString() string { return s.String() } @@ -40998,6 +60420,12 @@ func (s *ScalingConfiguration) SetMinCapacity(v int64) *ScalingConfiguration { return s } +// SetSecondsBeforeTimeout sets the SecondsBeforeTimeout field's value. +func (s *ScalingConfiguration) SetSecondsBeforeTimeout(v int64) *ScalingConfiguration { + s.SecondsBeforeTimeout = &v + return s +} + // SetSecondsUntilAutoPause sets the SecondsUntilAutoPause field's value. func (s *ScalingConfiguration) SetSecondsUntilAutoPause(v int64) *ScalingConfiguration { s.SecondsUntilAutoPause = &v @@ -41010,43 +60438,62 @@ func (s *ScalingConfiguration) SetTimeoutAction(v string) *ScalingConfiguration return s } -// Shows the scaling configuration for an Aurora DB cluster in serverless DB -// engine mode. +// The scaling configuration for an Aurora DB cluster in serverless DB engine +// mode. // -// For more information, see Using Amazon Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) +// For more information, see Using Amazon Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) // in the Amazon Aurora User Guide. type ScalingConfigurationInfo struct { _ struct{} `type:"structure"` - // A value that indicates whether automatic pause is allowed for the Aurora - // DB cluster in serverless DB engine mode. + // Indicates whether automatic pause is allowed for the Aurora DB cluster in + // serverless DB engine mode. // - // When the value is set to false for an Aurora Serverless DB cluster, the DB - // cluster automatically resumes. + // When the value is set to false for an Aurora Serverless v1 DB cluster, the + // DB cluster automatically resumes. AutoPause *bool `type:"boolean"` // The maximum capacity for an Aurora DB cluster in serverless DB engine mode. MaxCapacity *int64 `type:"integer"` - // The maximum capacity for the Aurora DB cluster in serverless DB engine mode. + // The minimum capacity for an Aurora DB cluster in serverless DB engine mode. MinCapacity *int64 `type:"integer"` + // The number of seconds before scaling times out. What happens when an attempted + // scaling action times out is determined by the TimeoutAction setting. + SecondsBeforeTimeout *int64 `type:"integer"` + // The remaining amount of time, in seconds, before the Aurora DB cluster in // serverless mode is paused. A DB cluster can be paused only when it's idle // (it has no connections). SecondsUntilAutoPause *int64 `type:"integer"` - // The timeout action of a call to ModifyCurrentDBClusterCapacity, either ForceApplyCapacityChange + // The action that occurs when Aurora times out while attempting to change the + // capacity of an Aurora Serverless v1 cluster. The value is either ForceApplyCapacityChange // or RollbackCapacityChange. + // + // ForceApplyCapacityChange, the default, sets the capacity to the specified + // value as soon as possible. + // + // RollbackCapacityChange ignores the capacity change if a scaling point isn't + // found in the timeout period. TimeoutAction *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ScalingConfigurationInfo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ScalingConfigurationInfo) GoString() string { return s.String() } @@ -41069,6 +60516,12 @@ func (s *ScalingConfigurationInfo) SetMinCapacity(v int64) *ScalingConfiguration return s } +// SetSecondsBeforeTimeout sets the SecondsBeforeTimeout field's value. +func (s *ScalingConfigurationInfo) SetSecondsBeforeTimeout(v int64) *ScalingConfigurationInfo { + s.SecondsBeforeTimeout = &v + return s +} + // SetSecondsUntilAutoPause sets the SecondsUntilAutoPause field's value. func (s *ScalingConfigurationInfo) SetSecondsUntilAutoPause(v int64) *ScalingConfigurationInfo { s.SecondsUntilAutoPause = &v @@ -41081,31 +60534,135 @@ func (s *ScalingConfigurationInfo) SetTimeoutAction(v string) *ScalingConfigurat return s } -// Contains an AWS Region name as the result of a successful call to the DescribeSourceRegions -// action. +// Contains the scaling configuration of an Aurora Serverless v2 DB cluster. +// +// For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) +// in the Amazon Aurora User Guide. +type ServerlessV2ScalingConfiguration struct { + _ struct{} `type:"structure"` + + // The maximum number of Aurora capacity units (ACUs) for a DB instance in an + // Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, + // such as 40, 40.5, 41, and so on. The largest value that you can use is 128. + MaxCapacity *float64 `type:"double"` + + // The minimum number of Aurora capacity units (ACUs) for a DB instance in an + // Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, + // such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. + MinCapacity *float64 `type:"double"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServerlessV2ScalingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServerlessV2ScalingConfiguration) GoString() string { + return s.String() +} + +// SetMaxCapacity sets the MaxCapacity field's value. +func (s *ServerlessV2ScalingConfiguration) SetMaxCapacity(v float64) *ServerlessV2ScalingConfiguration { + s.MaxCapacity = &v + return s +} + +// SetMinCapacity sets the MinCapacity field's value. +func (s *ServerlessV2ScalingConfiguration) SetMinCapacity(v float64) *ServerlessV2ScalingConfiguration { + s.MinCapacity = &v + return s +} + +// The scaling configuration for an Aurora Serverless v2 DB cluster. +// +// For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) +// in the Amazon Aurora User Guide. +type ServerlessV2ScalingConfigurationInfo struct { + _ struct{} `type:"structure"` + + // The maximum number of Aurora capacity units (ACUs) for a DB instance in an + // Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, + // such as 40, 40.5, 41, and so on. The largest value that you can use is 128. + MaxCapacity *float64 `type:"double"` + + // The minimum number of Aurora capacity units (ACUs) for a DB instance in an + // Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, + // such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. + MinCapacity *float64 `type:"double"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServerlessV2ScalingConfigurationInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServerlessV2ScalingConfigurationInfo) GoString() string { + return s.String() +} + +// SetMaxCapacity sets the MaxCapacity field's value. +func (s *ServerlessV2ScalingConfigurationInfo) SetMaxCapacity(v float64) *ServerlessV2ScalingConfigurationInfo { + s.MaxCapacity = &v + return s +} + +// SetMinCapacity sets the MinCapacity field's value. +func (s *ServerlessV2ScalingConfigurationInfo) SetMinCapacity(v float64) *ServerlessV2ScalingConfigurationInfo { + s.MinCapacity = &v + return s +} + +// Contains an Amazon Web Services Region name as the result of a successful +// call to the DescribeSourceRegions action. type SourceRegion struct { _ struct{} `type:"structure"` - // The endpoint for the source AWS Region endpoint. + // The endpoint for the source Amazon Web Services Region endpoint. Endpoint *string `type:"string"` - // The name of the source AWS Region. + // The name of the source Amazon Web Services Region. RegionName *string `type:"string"` - // The status of the source AWS Region. + // The status of the source Amazon Web Services Region. Status *string `type:"string"` - // Whether the source AWS Region supports replicating automated backups to the - // current AWS Region. + // Indicates whether the source Amazon Web Services Region supports replicating + // automated backups to the current Amazon Web Services Region. SupportsDBInstanceAutomatedBackupsReplication *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SourceRegion) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SourceRegion) GoString() string { return s.String() } @@ -41141,9 +60698,14 @@ type StartActivityStreamInput struct { // as possible, regardless of the maintenance window for the database. ApplyImmediately *bool `type:"boolean"` - // The AWS KMS key identifier for encrypting messages in the database activity - // stream. The AWS KMS key identifier is the key ARN, key ID, alias ARN, or - // alias name for the AWS KMS customer master key (CMK). + // Specifies whether the database activity stream includes engine-native audit + // fields. This option applies to an Oracle or Microsoft SQL Server DB instance. + // By default, no engine-native audit fields are included. + EngineNativeAuditFieldsIncluded *bool `type:"boolean"` + + // The Amazon Web Services KMS key identifier for encrypting messages in the + // database activity stream. The Amazon Web Services KMS key identifier is the + // key ARN, key ID, alias ARN, or alias name for the KMS key. // // KmsKeyId is a required field KmsKeyId *string `type:"string" required:"true"` @@ -41161,12 +60723,20 @@ type StartActivityStreamInput struct { ResourceArn *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartActivityStreamInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartActivityStreamInput) GoString() string { return s.String() } @@ -41196,6 +60766,12 @@ func (s *StartActivityStreamInput) SetApplyImmediately(v bool) *StartActivityStr return s } +// SetEngineNativeAuditFieldsIncluded sets the EngineNativeAuditFieldsIncluded field's value. +func (s *StartActivityStreamInput) SetEngineNativeAuditFieldsIncluded(v bool) *StartActivityStreamInput { + s.EngineNativeAuditFieldsIncluded = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *StartActivityStreamInput) SetKmsKeyId(v string) *StartActivityStreamInput { s.KmsKeyId = &v @@ -41221,12 +60797,16 @@ type StartActivityStreamOutput struct { // as possible, regardless of the maintenance window for the database. ApplyImmediately *bool `type:"boolean"` + // Indicates whether engine-native audit fields are included in the database + // activity stream. + EngineNativeAuditFieldsIncluded *bool `type:"boolean"` + // The name of the Amazon Kinesis data stream to be used for the database activity // stream. KinesisStreamName *string `type:"string"` - // The AWS KMS key identifier for encryption of messages in the database activity - // stream. + // The Amazon Web Services KMS key identifier for encryption of messages in + // the database activity stream. KmsKeyId *string `type:"string"` // The mode of the database activity stream. @@ -41236,12 +60816,20 @@ type StartActivityStreamOutput struct { Status *string `type:"string" enum:"ActivityStreamStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartActivityStreamOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartActivityStreamOutput) GoString() string { return s.String() } @@ -41252,6 +60840,12 @@ func (s *StartActivityStreamOutput) SetApplyImmediately(v bool) *StartActivitySt return s } +// SetEngineNativeAuditFieldsIncluded sets the EngineNativeAuditFieldsIncluded field's value. +func (s *StartActivityStreamOutput) SetEngineNativeAuditFieldsIncluded(v bool) *StartActivityStreamOutput { + s.EngineNativeAuditFieldsIncluded = &v + return s +} + // SetKinesisStreamName sets the KinesisStreamName field's value. func (s *StartActivityStreamOutput) SetKinesisStreamName(v string) *StartActivityStreamOutput { s.KinesisStreamName = &v @@ -41286,12 +60880,20 @@ type StartDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBClusterInput) GoString() string { return s.String() } @@ -41318,19 +60920,41 @@ func (s *StartDBClusterInput) SetDBClusterIdentifier(v string) *StartDBClusterIn type StartDBClusterOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + // + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBClusterOutput) GoString() string { return s.String() } @@ -41350,16 +60974,32 @@ type StartDBInstanceAutomatedBackupsReplicationInput struct { // DestinationRegion is used for presigning the request to a given region. DestinationRegion *string `type:"string"` - // The AWS KMS key identifier for encryption of the replicated automated backups. - // The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key - // in the destination AWS Region, for example, arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE. + // The Amazon Web Services KMS key identifier for encryption of the replicated + // automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the + // KMS encryption key in the destination Amazon Web Services Region, for example, + // arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE. KmsKeyId *string `type:"string"` - // A URL that contains a Signature Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication - // action to be called in the AWS Region of the source DB instance. The presigned - // URL must be a valid request for the StartDBInstanceAutomatedBackupsReplication - // API action that can be executed in the AWS Region that contains the source - // DB instance. + // In an Amazon Web Services GovCloud (US) Region, an URL that contains a Signature + // Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication + // operation to call in the Amazon Web Services Region of the source DB instance. + // The presigned URL must be a valid request for the StartDBInstanceAutomatedBackupsReplication + // API operation that can run in the Amazon Web Services Region that contains + // the source DB instance. + // + // This setting applies only to Amazon Web Services GovCloud (US) Regions. It's + // ignored in other Amazon Web Services Regions. + // + // To learn how to generate a Signature Version 4 signed request, see Authenticating + // Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + // (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + // and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). + // + // If you are using an Amazon Web Services SDK tool or the CLI, you can specify + // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl + // manually. Specifying SourceRegion autogenerates a presigned URL that is a + // valid request for the operation that can run in the source Amazon Web Services + // Region. PreSignedUrl *string `type:"string"` // The Amazon Resource Name (ARN) of the source DB instance for the replicated @@ -41374,12 +61014,20 @@ type StartDBInstanceAutomatedBackupsReplicationInput struct { SourceRegion *string `type:"string" ignore:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceAutomatedBackupsReplicationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceAutomatedBackupsReplicationInput) GoString() string { return s.String() } @@ -41442,12 +61090,20 @@ type StartDBInstanceAutomatedBackupsReplicationOutput struct { DBInstanceAutomatedBackup *DBInstanceAutomatedBackup `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceAutomatedBackupsReplicationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceAutomatedBackupsReplicationOutput) GoString() string { return s.String() } @@ -41467,12 +61123,20 @@ type StartDBInstanceInput struct { DBInstanceIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceInput) GoString() string { return s.String() } @@ -41501,16 +61165,27 @@ type StartDBInstanceOutput struct { // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartDBInstanceOutput) GoString() string { return s.String() } @@ -41524,81 +61199,116 @@ func (s *StartDBInstanceOutput) SetDBInstance(v *DBInstance) *StartDBInstanceOut type StartExportTaskInput struct { _ struct{} `type:"structure"` - // The data to be exported from the snapshot. If this parameter is not provided, - // all the snapshot data is exported. Valid values are the following: + // The data to be exported from the snapshot or cluster. If this parameter isn't + // provided, all of the data is exported. + // + // Valid Values: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is to be exported to. + // A unique identifier for the export task. This ID isn't an identifier for + // the Amazon S3 bucket where the data is to be exported. // // ExportTaskIdentifier is a required field ExportTaskIdentifier *string `type:"string" required:"true"` // The name of the IAM role to use for writing to the Amazon S3 bucket when - // exporting a snapshot. + // exporting a snapshot or cluster. + // + // In the IAM policy attached to your IAM role, include the following required + // actions to allow the transfer of files from Amazon RDS or Amazon Aurora to + // an S3 bucket: + // + // * s3:PutObject* + // + // * s3:GetObject* + // + // * s3:ListBucket + // + // * s3:DeleteObject* + // + // * s3:GetBucketLocation + // + // In the policy, include the resources to identify the S3 bucket and objects + // in the bucket. The following list of resources shows the Amazon Resource + // Name (ARN) format for accessing S3: + // + // * arn:aws:s3:::your-s3-bucket + // + // * arn:aws:s3:::your-s3-bucket/* // // IamRoleArn is a required field IamRoleArn *string `type:"string" required:"true"` - // The ID of the AWS KMS customer master key (CMK) to use to encrypt the snapshot - // exported to Amazon S3. The AWS KMS key identifier is the key ARN, key ID, - // alias ARN, or alias name for the AWS KMS customer master key (CMK). The caller - // of this operation must be authorized to execute the following operations. - // These can be set in the AWS KMS key policy: + // The ID of the Amazon Web Services KMS key to use to encrypt the data exported + // to Amazon S3. The Amazon Web Services KMS key identifier is the key ARN, + // key ID, alias ARN, or alias name for the KMS key. The caller of this operation + // must be authorized to run the following operations. These can be set in the + // Amazon Web Services KMS key policy: // - // * GrantOperation.Encrypt + // * kms:Encrypt // - // * GrantOperation.Decrypt + // * kms:Decrypt // - // * GrantOperation.GenerateDataKey + // * kms:GenerateDataKey // - // * GrantOperation.GenerateDataKeyWithoutPlaintext + // * kms:GenerateDataKeyWithoutPlaintext // - // * GrantOperation.ReEncryptFrom + // * kms:ReEncryptFrom // - // * GrantOperation.ReEncryptTo + // * kms:ReEncryptTo // - // * GrantOperation.CreateGrant + // * kms:CreateGrant // - // * GrantOperation.DescribeKey + // * kms:DescribeKey // - // * GrantOperation.RetireGrant + // * kms:RetireGrant // // KmsKeyId is a required field KmsKeyId *string `type:"string" required:"true"` - // The name of the Amazon S3 bucket to export the snapshot to. + // The name of the Amazon S3 bucket to export the snapshot or cluster data to. // // S3BucketName is a required field S3BucketName *string `type:"string" required:"true"` // The Amazon S3 bucket prefix to use as the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` - // The Amazon Resource Name (ARN) of the snapshot to export to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster to export to Amazon + // S3. // // SourceArn is a required field SourceArn *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartExportTaskInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartExportTaskInput) GoString() string { return s.String() } @@ -41670,82 +61380,109 @@ func (s *StartExportTaskInput) SetSourceArn(v string) *StartExportTaskInput { return s } -// Contains the details of a snapshot export to Amazon S3. +// Contains the details of a snapshot or cluster export to Amazon S3. // -// This data type is used as a response element in the DescribeExportTasks action. +// This data type is used as a response element in the DescribeExportTasks operation. type StartExportTaskOutput struct { _ struct{} `type:"structure"` - // The data exported from the snapshot. Valid values are the following: + // The data exported from the snapshot or cluster. + // + // Valid Values: // // * database - Export all the data from a specified database. // - // * database.table table-name - Export a table of the snapshot. This format - // is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL. + // * database.table table-name - Export a table of the snapshot or cluster. + // This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora + // MySQL. // - // * database.schema schema-name - Export a database schema of the snapshot. - // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. + // * database.schema schema-name - Export a database schema of the snapshot + // or cluster. This format is valid only for RDS for PostgreSQL and Aurora + // PostgreSQL. // // * database.schema.table table-name - Export a table of the database schema. // This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL. ExportOnly []*string `type:"list"` - // A unique identifier for the snapshot export task. This ID isn't an identifier - // for the Amazon S3 bucket where the snapshot is exported to. + // A unique identifier for the snapshot or cluster export task. This ID isn't + // an identifier for the Amazon S3 bucket where the data is exported. ExportTaskIdentifier *string `type:"string"` // The reason the export failed, if it failed. FailureCause *string `type:"string"` // The name of the IAM role that is used to write to Amazon S3 when exporting - // a snapshot. + // a snapshot or cluster. IamRoleArn *string `type:"string"` - // The key identifier of the AWS KMS customer master key (CMK) that is used - // to encrypt the snapshot when it's exported to Amazon S3. The AWS KMS CMK - // identifier is its key ARN, key ID, alias ARN, or alias name. The IAM role - // used for the snapshot export must have encryption and decryption permissions - // to use this AWS KMS CMK. + // The key identifier of the Amazon Web Services KMS key that is used to encrypt + // the data when it's exported to Amazon S3. The KMS key identifier is its key + // ARN, key ID, alias ARN, or alias name. The IAM role used for the export must + // have encryption and decryption permissions to use this KMS key. KmsKeyId *string `type:"string"` - // The progress of the snapshot export task as a percentage. + // The progress of the snapshot or cluster export task as a percentage. PercentProgress *int64 `type:"integer"` - // The Amazon S3 bucket that the snapshot is exported to. + // The Amazon S3 bucket where the snapshot or cluster is exported to. S3Bucket *string `type:"string"` // The Amazon S3 bucket prefix that is the file name and path of the exported - // snapshot. + // data. S3Prefix *string `type:"string"` - // The time that the snapshot was created. + // The time when the snapshot was created. SnapshotTime *time.Time `type:"timestamp"` - // The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3. + // The Amazon Resource Name (ARN) of the snapshot or cluster exported to Amazon + // S3. SourceArn *string `type:"string"` - // The progress status of the export task. + // The type of source for the export. + SourceType *string `type:"string" enum:"ExportSourceType"` + + // The progress status of the export task. The status can be one of the following: + // + // * CANCELED + // + // * CANCELING + // + // * COMPLETE + // + // * FAILED + // + // * IN_PROGRESS + // + // * STARTING Status *string `type:"string"` - // The time that the snapshot export task completed. + // The time when the snapshot or cluster export task ended. TaskEndTime *time.Time `type:"timestamp"` - // The time that the snapshot export task started. + // The time when the snapshot or cluster export task started. TaskStartTime *time.Time `type:"timestamp"` // The total amount of data exported, in gigabytes. TotalExtractedDataInGB *int64 `type:"integer"` - // A warning about the snapshot export task. + // A warning about the snapshot or cluster export task. WarningMessage *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartExportTaskOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StartExportTaskOutput) GoString() string { return s.String() } @@ -41810,6 +61547,12 @@ func (s *StartExportTaskOutput) SetSourceArn(v string) *StartExportTaskOutput { return s } +// SetSourceType sets the SourceType field's value. +func (s *StartExportTaskOutput) SetSourceType(v string) *StartExportTaskOutput { + s.SourceType = &v + return s +} + // SetStatus sets the Status field's value. func (s *StartExportTaskOutput) SetStatus(v string) *StartExportTaskOutput { s.Status = &v @@ -41854,12 +61597,20 @@ type StopActivityStreamInput struct { ResourceArn *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopActivityStreamInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopActivityStreamInput) GoString() string { return s.String() } @@ -41896,23 +61647,31 @@ type StopActivityStreamOutput struct { // stream. KinesisStreamName *string `type:"string"` - // The AWS KMS key identifier used for encrypting messages in the database activity - // stream. + // The Amazon Web Services KMS key identifier used for encrypting messages in + // the database activity stream. // - // The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name - // for the AWS KMS customer master key (CMK). + // The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + // ARN, or alias name for the KMS key. KmsKeyId *string `type:"string"` // The status of the database activity stream. Status *string `type:"string" enum:"ActivityStreamStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopActivityStreamOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopActivityStreamOutput) GoString() string { return s.String() } @@ -41945,12 +61704,20 @@ type StopDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopDBClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopDBClusterInput) GoString() string { return s.String() } @@ -41977,54 +61744,524 @@ func (s *StopDBClusterInput) SetDBClusterIdentifier(v string) *StopDBClusterInpu type StopDBClusterOutput struct { _ struct{} `type:"structure"` - // Contains the details of an Amazon Aurora DB cluster. + // Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + // + // For an Amazon Aurora DB cluster, this data type is used as a response element + // in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + // RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. // - // This data type is used as a response element in the DescribeDBClusters, StopDBCluster, - // and StartDBCluster actions. + // For a Multi-AZ DB cluster, this data type is used as a response element in + // the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + // ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + // + // For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + // in the Amazon Aurora User Guide. + // + // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + // two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + // in the Amazon RDS User Guide. DBCluster *DBCluster `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopDBClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StopDBClusterOutput) GoString() string { return s.String() } -// SetDBCluster sets the DBCluster field's value. -func (s *StopDBClusterOutput) SetDBCluster(v *DBCluster) *StopDBClusterOutput { - s.DBCluster = v +// SetDBCluster sets the DBCluster field's value. +func (s *StopDBClusterOutput) SetDBCluster(v *DBCluster) *StopDBClusterOutput { + s.DBCluster = v + return s +} + +type StopDBInstanceAutomatedBackupsReplicationInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the source DB instance for which to stop + // replicating automate backups, for example, arn:aws:rds:us-west-2:123456789012:db:mydatabase. + // + // SourceDBInstanceArn is a required field + SourceDBInstanceArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceAutomatedBackupsReplicationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceAutomatedBackupsReplicationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StopDBInstanceAutomatedBackupsReplicationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StopDBInstanceAutomatedBackupsReplicationInput"} + if s.SourceDBInstanceArn == nil { + invalidParams.Add(request.NewErrParamRequired("SourceDBInstanceArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSourceDBInstanceArn sets the SourceDBInstanceArn field's value. +func (s *StopDBInstanceAutomatedBackupsReplicationInput) SetSourceDBInstanceArn(v string) *StopDBInstanceAutomatedBackupsReplicationInput { + s.SourceDBInstanceArn = &v + return s +} + +type StopDBInstanceAutomatedBackupsReplicationOutput struct { + _ struct{} `type:"structure"` + + // An automated backup of a DB instance. It consists of system backups, transaction + // logs, and the database instance properties that existed at the time you deleted + // the source instance. + DBInstanceAutomatedBackup *DBInstanceAutomatedBackup `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceAutomatedBackupsReplicationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceAutomatedBackupsReplicationOutput) GoString() string { + return s.String() +} + +// SetDBInstanceAutomatedBackup sets the DBInstanceAutomatedBackup field's value. +func (s *StopDBInstanceAutomatedBackupsReplicationOutput) SetDBInstanceAutomatedBackup(v *DBInstanceAutomatedBackup) *StopDBInstanceAutomatedBackupsReplicationOutput { + s.DBInstanceAutomatedBackup = v + return s +} + +type StopDBInstanceInput struct { + _ struct{} `type:"structure"` + + // The user-supplied instance identifier. + // + // DBInstanceIdentifier is a required field + DBInstanceIdentifier *string `type:"string" required:"true"` + + // The user-supplied instance identifier of the DB Snapshot created immediately + // before the DB instance is stopped. + DBSnapshotIdentifier *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StopDBInstanceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StopDBInstanceInput"} + if s.DBInstanceIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *StopDBInstanceInput) SetDBInstanceIdentifier(v string) *StopDBInstanceInput { + s.DBInstanceIdentifier = &v + return s +} + +// SetDBSnapshotIdentifier sets the DBSnapshotIdentifier field's value. +func (s *StopDBInstanceInput) SetDBSnapshotIdentifier(v string) *StopDBInstanceInput { + s.DBSnapshotIdentifier = &v + return s +} + +type StopDBInstanceOutput struct { + _ struct{} `type:"structure"` + + // Contains the details of an Amazon RDS DB instance. + // + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. + DBInstance *DBInstance `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopDBInstanceOutput) GoString() string { + return s.String() +} + +// SetDBInstance sets the DBInstance field's value. +func (s *StopDBInstanceOutput) SetDBInstance(v *DBInstance) *StopDBInstanceOutput { + s.DBInstance = v + return s +} + +// This data type is used as a response element for the DescribeDBSubnetGroups +// operation. +type Subnet struct { + _ struct{} `type:"structure"` + + // Contains Availability Zone information. + // + // This data type is used as an element in the OrderableDBInstanceOption data + // type. + SubnetAvailabilityZone *AvailabilityZone `type:"structure"` + + // The identifier of the subnet. + SubnetIdentifier *string `type:"string"` + + // If the subnet is associated with an Outpost, this value specifies the Outpost. + // + // For more information about RDS on Outposts, see Amazon RDS on Amazon Web + // Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + // in the Amazon RDS User Guide. + SubnetOutpost *Outpost `type:"structure"` + + // The status of the subnet. + SubnetStatus *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Subnet) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Subnet) GoString() string { + return s.String() +} + +// SetSubnetAvailabilityZone sets the SubnetAvailabilityZone field's value. +func (s *Subnet) SetSubnetAvailabilityZone(v *AvailabilityZone) *Subnet { + s.SubnetAvailabilityZone = v + return s +} + +// SetSubnetIdentifier sets the SubnetIdentifier field's value. +func (s *Subnet) SetSubnetIdentifier(v string) *Subnet { + s.SubnetIdentifier = &v + return s +} + +// SetSubnetOutpost sets the SubnetOutpost field's value. +func (s *Subnet) SetSubnetOutpost(v *Outpost) *Subnet { + s.SubnetOutpost = v + return s +} + +// SetSubnetStatus sets the SubnetStatus field's value. +func (s *Subnet) SetSubnetStatus(v string) *Subnet { + s.SubnetStatus = &v + return s +} + +type SwitchoverBlueGreenDeploymentInput struct { + _ struct{} `type:"structure"` + + // The unique identifier of the blue/green deployment. + // + // Constraints: + // + // * Must match an existing blue/green deployment identifier. + // + // BlueGreenDeploymentIdentifier is a required field + BlueGreenDeploymentIdentifier *string `min:"1" type:"string" required:"true"` + + // The amount of time, in seconds, for the switchover to complete. + // + // Default: 300 + // + // If the switchover takes longer than the specified duration, then any changes + // are rolled back, and no changes are made to the environments. + SwitchoverTimeout *int64 `min:"30" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverBlueGreenDeploymentInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverBlueGreenDeploymentInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SwitchoverBlueGreenDeploymentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SwitchoverBlueGreenDeploymentInput"} + if s.BlueGreenDeploymentIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("BlueGreenDeploymentIdentifier")) + } + if s.BlueGreenDeploymentIdentifier != nil && len(*s.BlueGreenDeploymentIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("BlueGreenDeploymentIdentifier", 1)) + } + if s.SwitchoverTimeout != nil && *s.SwitchoverTimeout < 30 { + invalidParams.Add(request.NewErrParamMinValue("SwitchoverTimeout", 30)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBlueGreenDeploymentIdentifier sets the BlueGreenDeploymentIdentifier field's value. +func (s *SwitchoverBlueGreenDeploymentInput) SetBlueGreenDeploymentIdentifier(v string) *SwitchoverBlueGreenDeploymentInput { + s.BlueGreenDeploymentIdentifier = &v + return s +} + +// SetSwitchoverTimeout sets the SwitchoverTimeout field's value. +func (s *SwitchoverBlueGreenDeploymentInput) SetSwitchoverTimeout(v int64) *SwitchoverBlueGreenDeploymentInput { + s.SwitchoverTimeout = &v + return s +} + +type SwitchoverBlueGreenDeploymentOutput struct { + _ struct{} `type:"structure"` + + // Details about a blue/green deployment. + // + // For more information, see Using Amazon RDS Blue/Green Deployments for database + // updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) + // in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments + // for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) + // in the Amazon Aurora User Guide. + BlueGreenDeployment *BlueGreenDeployment `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverBlueGreenDeploymentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverBlueGreenDeploymentOutput) GoString() string { + return s.String() +} + +// SetBlueGreenDeployment sets the BlueGreenDeployment field's value. +func (s *SwitchoverBlueGreenDeploymentOutput) SetBlueGreenDeployment(v *BlueGreenDeployment) *SwitchoverBlueGreenDeploymentOutput { + s.BlueGreenDeployment = v + return s +} + +// Contains the details about a blue/green deployment. +// +// For more information, see Using Amazon RDS Blue/Green Deployments for database +// updates (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html) +// in the Amazon RDS User Guide and Using Amazon RDS Blue/Green Deployments +// for database updates (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments.html) +// in the Amazon Aurora User Guide. +type SwitchoverDetail struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of a resource in the blue environment. + SourceMember *string `min:"1" type:"string"` + + // The switchover status of a resource in a blue/green deployment. + // + // Values: + // + // * PROVISIONING - The resource is being prepared to switch over. + // + // * AVAILABLE - The resource is ready to switch over. + // + // * SWITCHOVER_IN_PROGRESS - The resource is being switched over. + // + // * SWITCHOVER_COMPLETED - The resource has been switched over. + // + // * SWITCHOVER_FAILED - The resource attempted to switch over but failed. + // + // * MISSING_SOURCE - The source resource has been deleted. + // + // * MISSING_TARGET - The target resource has been deleted. + Status *string `type:"string"` + + // The Amazon Resource Name (ARN) of a resource in the green environment. + TargetMember *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverDetail) GoString() string { + return s.String() +} + +// SetSourceMember sets the SourceMember field's value. +func (s *SwitchoverDetail) SetSourceMember(v string) *SwitchoverDetail { + s.SourceMember = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *SwitchoverDetail) SetStatus(v string) *SwitchoverDetail { + s.Status = &v + return s +} + +// SetTargetMember sets the TargetMember field's value. +func (s *SwitchoverDetail) SetTargetMember(v string) *SwitchoverDetail { + s.TargetMember = &v return s } -type StopDBInstanceAutomatedBackupsReplicationInput struct { +type SwitchoverGlobalClusterInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the source DB instance for which to stop - // replicating automated backups, for example, arn:aws:rds:us-west-2:123456789012:db:mydatabase. + // The identifier of the global database cluster to switch over. This parameter + // isn't case-sensitive. // - // SourceDBInstanceArn is a required field - SourceDBInstanceArn *string `type:"string" required:"true"` + // Constraints: + // + // * Must match the identifier of an existing global database cluster (Aurora + // global database). + // + // GlobalClusterIdentifier is a required field + GlobalClusterIdentifier *string `min:"1" type:"string" required:"true"` + + // The identifier of the secondary Aurora DB cluster to promote to the new primary + // for the global database cluster. Use the Amazon Resource Name (ARN) for the + // identifier so that Aurora can locate the cluster in its Amazon Web Services + // Region. + // + // TargetDbClusterIdentifier is a required field + TargetDbClusterIdentifier *string `min:"1" type:"string" required:"true"` } -// String returns the string representation -func (s StopDBInstanceAutomatedBackupsReplicationInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverGlobalClusterInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StopDBInstanceAutomatedBackupsReplicationInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverGlobalClusterInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *StopDBInstanceAutomatedBackupsReplicationInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "StopDBInstanceAutomatedBackupsReplicationInput"} - if s.SourceDBInstanceArn == nil { - invalidParams.Add(request.NewErrParamRequired("SourceDBInstanceArn")) +func (s *SwitchoverGlobalClusterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SwitchoverGlobalClusterInput"} + if s.GlobalClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("GlobalClusterIdentifier")) + } + if s.GlobalClusterIdentifier != nil && len(*s.GlobalClusterIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GlobalClusterIdentifier", 1)) + } + if s.TargetDbClusterIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("TargetDbClusterIdentifier")) + } + if s.TargetDbClusterIdentifier != nil && len(*s.TargetDbClusterIdentifier) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetDbClusterIdentifier", 1)) } if invalidParams.Len() > 0 { @@ -42033,63 +62270,84 @@ func (s *StopDBInstanceAutomatedBackupsReplicationInput) Validate() error { return nil } -// SetSourceDBInstanceArn sets the SourceDBInstanceArn field's value. -func (s *StopDBInstanceAutomatedBackupsReplicationInput) SetSourceDBInstanceArn(v string) *StopDBInstanceAutomatedBackupsReplicationInput { - s.SourceDBInstanceArn = &v +// SetGlobalClusterIdentifier sets the GlobalClusterIdentifier field's value. +func (s *SwitchoverGlobalClusterInput) SetGlobalClusterIdentifier(v string) *SwitchoverGlobalClusterInput { + s.GlobalClusterIdentifier = &v return s } -type StopDBInstanceAutomatedBackupsReplicationOutput struct { +// SetTargetDbClusterIdentifier sets the TargetDbClusterIdentifier field's value. +func (s *SwitchoverGlobalClusterInput) SetTargetDbClusterIdentifier(v string) *SwitchoverGlobalClusterInput { + s.TargetDbClusterIdentifier = &v + return s +} + +type SwitchoverGlobalClusterOutput struct { _ struct{} `type:"structure"` - // An automated backup of a DB instance. It consists of system backups, transaction - // logs, and the database instance properties that existed at the time you deleted - // the source instance. - DBInstanceAutomatedBackup *DBInstanceAutomatedBackup `type:"structure"` + // A data type representing an Aurora global database. + GlobalCluster *GlobalCluster `type:"structure"` } -// String returns the string representation -func (s StopDBInstanceAutomatedBackupsReplicationOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverGlobalClusterOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StopDBInstanceAutomatedBackupsReplicationOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverGlobalClusterOutput) GoString() string { return s.String() } -// SetDBInstanceAutomatedBackup sets the DBInstanceAutomatedBackup field's value. -func (s *StopDBInstanceAutomatedBackupsReplicationOutput) SetDBInstanceAutomatedBackup(v *DBInstanceAutomatedBackup) *StopDBInstanceAutomatedBackupsReplicationOutput { - s.DBInstanceAutomatedBackup = v +// SetGlobalCluster sets the GlobalCluster field's value. +func (s *SwitchoverGlobalClusterOutput) SetGlobalCluster(v *GlobalCluster) *SwitchoverGlobalClusterOutput { + s.GlobalCluster = v return s } -type StopDBInstanceInput struct { +type SwitchoverReadReplicaInput struct { _ struct{} `type:"structure"` - // The user-supplied instance identifier. + // The DB instance identifier of the current standby database. This value is + // stored as a lowercase string. + // + // Constraints: + // + // * Must match the identifier of an existing Oracle read replica DB instance. // // DBInstanceIdentifier is a required field DBInstanceIdentifier *string `type:"string" required:"true"` - - // The user-supplied instance identifier of the DB Snapshot created immediately - // before the DB instance is stopped. - DBSnapshotIdentifier *string `type:"string"` } -// String returns the string representation -func (s StopDBInstanceInput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverReadReplicaInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StopDBInstanceInput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverReadReplicaInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *StopDBInstanceInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "StopDBInstanceInput"} +func (s *SwitchoverReadReplicaInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SwitchoverReadReplicaInput"} if s.DBInstanceIdentifier == nil { invalidParams.Add(request.NewErrParamRequired("DBInstanceIdentifier")) } @@ -42101,124 +62359,83 @@ func (s *StopDBInstanceInput) Validate() error { } // SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. -func (s *StopDBInstanceInput) SetDBInstanceIdentifier(v string) *StopDBInstanceInput { +func (s *SwitchoverReadReplicaInput) SetDBInstanceIdentifier(v string) *SwitchoverReadReplicaInput { s.DBInstanceIdentifier = &v return s } -// SetDBSnapshotIdentifier sets the DBSnapshotIdentifier field's value. -func (s *StopDBInstanceInput) SetDBSnapshotIdentifier(v string) *StopDBInstanceInput { - s.DBSnapshotIdentifier = &v - return s -} - -type StopDBInstanceOutput struct { +type SwitchoverReadReplicaOutput struct { _ struct{} `type:"structure"` // Contains the details of an Amazon RDS DB instance. // - // This data type is used as a response element in the DescribeDBInstances action. + // This data type is used as a response element in the operations CreateDBInstance, + // CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + // PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + // RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. DBInstance *DBInstance `type:"structure"` } -// String returns the string representation -func (s StopDBInstanceOutput) String() string { +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverReadReplicaOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation -func (s StopDBInstanceOutput) GoString() string { +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SwitchoverReadReplicaOutput) GoString() string { return s.String() } // SetDBInstance sets the DBInstance field's value. -func (s *StopDBInstanceOutput) SetDBInstance(v *DBInstance) *StopDBInstanceOutput { +func (s *SwitchoverReadReplicaOutput) SetDBInstance(v *DBInstance) *SwitchoverReadReplicaOutput { s.DBInstance = v return s } -// This data type is used as a response element for the DescribeDBSubnetGroups -// operation. -type Subnet struct { - _ struct{} `type:"structure"` - - // Contains Availability Zone information. - // - // This data type is used as an element in the OrderableDBInstanceOption data - // type. - SubnetAvailabilityZone *AvailabilityZone `type:"structure"` - - // The identifier of the subnet. - SubnetIdentifier *string `type:"string"` - - // If the subnet is associated with an Outpost, this value specifies the Outpost. - // - // For more information about RDS on Outposts, see Amazon RDS on AWS Outposts - // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) - // in the Amazon RDS User Guide. - SubnetOutpost *Outpost `type:"structure"` - - // The status of the subnet. - SubnetStatus *string `type:"string"` -} - -// String returns the string representation -func (s Subnet) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s Subnet) GoString() string { - return s.String() -} - -// SetSubnetAvailabilityZone sets the SubnetAvailabilityZone field's value. -func (s *Subnet) SetSubnetAvailabilityZone(v *AvailabilityZone) *Subnet { - s.SubnetAvailabilityZone = v - return s -} - -// SetSubnetIdentifier sets the SubnetIdentifier field's value. -func (s *Subnet) SetSubnetIdentifier(v string) *Subnet { - s.SubnetIdentifier = &v - return s -} - -// SetSubnetOutpost sets the SubnetOutpost field's value. -func (s *Subnet) SetSubnetOutpost(v *Outpost) *Subnet { - s.SubnetOutpost = v - return s -} - -// SetSubnetStatus sets the SubnetStatus field's value. -func (s *Subnet) SetSubnetStatus(v string) *Subnet { - s.SubnetStatus = &v - return s -} - // Metadata assigned to an Amazon RDS resource consisting of a key-value pair. +// +// For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) +// in the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS Resources +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html) +// in the Amazon Aurora User Guide. type Tag struct { _ struct{} `type:"structure"` // A key is the required name of the tag. The string value can be from 1 to - // 128 Unicode characters in length and can't be prefixed with "aws:" or "rds:". + // 128 Unicode characters in length and can't be prefixed with aws: or rds:. // The string can only contain only the set of Unicode letters, digits, white-space, // '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"). Key *string `type:"string"` // A value is the optional value of the tag. The string value can be from 1 - // to 256 Unicode characters in length and can't be prefixed with "aws:" or - // "rds:". The string can only contain only the set of Unicode letters, digits, - // white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"). + // to 256 Unicode characters in length and can't be prefixed with aws: or rds:. + // The string can only contain only the set of Unicode letters, digits, white-space, + // '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"). Value *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) GoString() string { return s.String() } @@ -42254,12 +62471,20 @@ type TargetHealth struct { State *string `type:"string" enum:"TargetState"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TargetHealth) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TargetHealth) GoString() string { return s.String() } @@ -42282,6 +62507,195 @@ func (s *TargetHealth) SetState(v string) *TargetHealth { return s } +// A tenant database in the DB instance. This data type is an element in the +// response to the DescribeTenantDatabases action. +type TenantDatabase struct { + _ struct{} `type:"structure"` + + // The character set of the tenant database. + CharacterSetName *string `type:"string"` + + // The ID of the DB instance that contains the tenant database. + DBInstanceIdentifier *string `type:"string"` + + // The Amazon Web Services Region-unique, immutable identifier for the DB instance. + DbiResourceId *string `type:"string"` + + // Specifies whether deletion protection is enabled for the DB instance. + DeletionProtection *bool `type:"boolean"` + + // The master username of the tenant database. + MasterUsername *string `type:"string"` + + // The NCHAR character set name of the tenant database. + NcharCharacterSetName *string `type:"string"` + + // Information about pending changes for a tenant database. + PendingModifiedValues *TenantDatabasePendingModifiedValues `type:"structure"` + + // The status of the tenant database. + Status *string `type:"string"` + + // A list of tags. For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + // in the Amazon RDS User Guide. + TagList []*Tag `locationNameList:"Tag" type:"list"` + + // The database name of the tenant database. + TenantDBName *string `type:"string"` + + // The Amazon Resource Name (ARN) for the tenant database. + TenantDatabaseARN *string `type:"string"` + + // The creation time of the tenant database. + TenantDatabaseCreateTime *time.Time `type:"timestamp"` + + // The Amazon Web Services Region-unique, immutable identifier for the tenant + // database. + TenantDatabaseResourceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TenantDatabase) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TenantDatabase) GoString() string { + return s.String() +} + +// SetCharacterSetName sets the CharacterSetName field's value. +func (s *TenantDatabase) SetCharacterSetName(v string) *TenantDatabase { + s.CharacterSetName = &v + return s +} + +// SetDBInstanceIdentifier sets the DBInstanceIdentifier field's value. +func (s *TenantDatabase) SetDBInstanceIdentifier(v string) *TenantDatabase { + s.DBInstanceIdentifier = &v + return s +} + +// SetDbiResourceId sets the DbiResourceId field's value. +func (s *TenantDatabase) SetDbiResourceId(v string) *TenantDatabase { + s.DbiResourceId = &v + return s +} + +// SetDeletionProtection sets the DeletionProtection field's value. +func (s *TenantDatabase) SetDeletionProtection(v bool) *TenantDatabase { + s.DeletionProtection = &v + return s +} + +// SetMasterUsername sets the MasterUsername field's value. +func (s *TenantDatabase) SetMasterUsername(v string) *TenantDatabase { + s.MasterUsername = &v + return s +} + +// SetNcharCharacterSetName sets the NcharCharacterSetName field's value. +func (s *TenantDatabase) SetNcharCharacterSetName(v string) *TenantDatabase { + s.NcharCharacterSetName = &v + return s +} + +// SetPendingModifiedValues sets the PendingModifiedValues field's value. +func (s *TenantDatabase) SetPendingModifiedValues(v *TenantDatabasePendingModifiedValues) *TenantDatabase { + s.PendingModifiedValues = v + return s +} + +// SetStatus sets the Status field's value. +func (s *TenantDatabase) SetStatus(v string) *TenantDatabase { + s.Status = &v + return s +} + +// SetTagList sets the TagList field's value. +func (s *TenantDatabase) SetTagList(v []*Tag) *TenantDatabase { + s.TagList = v + return s +} + +// SetTenantDBName sets the TenantDBName field's value. +func (s *TenantDatabase) SetTenantDBName(v string) *TenantDatabase { + s.TenantDBName = &v + return s +} + +// SetTenantDatabaseARN sets the TenantDatabaseARN field's value. +func (s *TenantDatabase) SetTenantDatabaseARN(v string) *TenantDatabase { + s.TenantDatabaseARN = &v + return s +} + +// SetTenantDatabaseCreateTime sets the TenantDatabaseCreateTime field's value. +func (s *TenantDatabase) SetTenantDatabaseCreateTime(v time.Time) *TenantDatabase { + s.TenantDatabaseCreateTime = &v + return s +} + +// SetTenantDatabaseResourceId sets the TenantDatabaseResourceId field's value. +func (s *TenantDatabase) SetTenantDatabaseResourceId(v string) *TenantDatabase { + s.TenantDatabaseResourceId = &v + return s +} + +// A response element in the ModifyTenantDatabase operation that describes changes +// that will be applied. Specific changes are identified by subelements. +type TenantDatabasePendingModifiedValues struct { + _ struct{} `type:"structure"` + + // The master password for the tenant database. + // + // MasterUserPassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by TenantDatabasePendingModifiedValues's + // String and GoString methods. + MasterUserPassword *string `type:"string" sensitive:"true"` + + // The name of the tenant database. + TenantDBName *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TenantDatabasePendingModifiedValues) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TenantDatabasePendingModifiedValues) GoString() string { + return s.String() +} + +// SetMasterUserPassword sets the MasterUserPassword field's value. +func (s *TenantDatabasePendingModifiedValues) SetMasterUserPassword(v string) *TenantDatabasePendingModifiedValues { + s.MasterUserPassword = &v + return s +} + +// SetTenantDBName sets the TenantDBName field's value. +func (s *TenantDatabasePendingModifiedValues) SetTenantDBName(v string) *TenantDatabasePendingModifiedValues { + s.TenantDBName = &v + return s +} + // A time zone associated with a DBInstance or a DBSnapshot. This data type // is an element in the response to the DescribeDBInstances, the DescribeDBSnapshots, // and the DescribeDBEngineVersions actions. @@ -42292,12 +62706,20 @@ type Timezone struct { TimezoneName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Timezone) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Timezone) GoString() string { return s.String() } @@ -42312,8 +62734,10 @@ func (s *Timezone) SetTimezoneName(v string) *Timezone { type UpgradeTarget struct { _ struct{} `type:"structure"` - // A value that indicates whether the target version is applied to any source - // DB instances that have AutoMinorVersionUpgrade set to true. + // Indicates whether the target version is applied to any source DB instances + // that have AutoMinorVersionUpgrade set to true. + // + // This parameter is dynamic, and is set by RDS. AutoUpgrade *bool `type:"boolean"` // The version of the database engine that a DB instance can be upgraded to. @@ -42325,16 +62749,54 @@ type UpgradeTarget struct { // The version number of the upgrade target database engine. EngineVersion *string `type:"string"` - // A value that indicates whether a database engine is upgraded to a major version. + // Indicates whether upgrading to the target version requires upgrading the + // major version of the database engine. IsMajorVersionUpgrade *bool `type:"boolean"` + + // A list of the supported DB engine modes for the target engine version. + SupportedEngineModes []*string `type:"list"` + + // Indicates whether you can use Babelfish for Aurora PostgreSQL with the target + // engine version. + SupportsBabelfish *bool `type:"boolean"` + + // Indicates whether you can use Aurora global databases with the target engine + // version. + SupportsGlobalDatabases *bool `type:"boolean"` + + // Indicates whether the DB engine version supports zero-ETL integrations with + // Amazon Redshift. + SupportsIntegrations *bool `type:"boolean"` + + // Indicates whether the DB engine version supports Aurora Limitless Database. + SupportsLimitlessDatabase *bool `type:"boolean"` + + // Indicates whether the target engine version supports forwarding write operations + // from reader DB instances to the writer DB instance in the DB cluster. By + // default, write operations aren't allowed on reader DB instances. + // + // Valid for: Aurora DB clusters only + SupportsLocalWriteForwarding *bool `type:"boolean"` + + // Indicates whether you can use Aurora parallel query with the target engine + // version. + SupportsParallelQuery *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UpgradeTarget) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UpgradeTarget) GoString() string { return s.String() } @@ -42369,6 +62831,48 @@ func (s *UpgradeTarget) SetIsMajorVersionUpgrade(v bool) *UpgradeTarget { return s } +// SetSupportedEngineModes sets the SupportedEngineModes field's value. +func (s *UpgradeTarget) SetSupportedEngineModes(v []*string) *UpgradeTarget { + s.SupportedEngineModes = v + return s +} + +// SetSupportsBabelfish sets the SupportsBabelfish field's value. +func (s *UpgradeTarget) SetSupportsBabelfish(v bool) *UpgradeTarget { + s.SupportsBabelfish = &v + return s +} + +// SetSupportsGlobalDatabases sets the SupportsGlobalDatabases field's value. +func (s *UpgradeTarget) SetSupportsGlobalDatabases(v bool) *UpgradeTarget { + s.SupportsGlobalDatabases = &v + return s +} + +// SetSupportsIntegrations sets the SupportsIntegrations field's value. +func (s *UpgradeTarget) SetSupportsIntegrations(v bool) *UpgradeTarget { + s.SupportsIntegrations = &v + return s +} + +// SetSupportsLimitlessDatabase sets the SupportsLimitlessDatabase field's value. +func (s *UpgradeTarget) SetSupportsLimitlessDatabase(v bool) *UpgradeTarget { + s.SupportsLimitlessDatabase = &v + return s +} + +// SetSupportsLocalWriteForwarding sets the SupportsLocalWriteForwarding field's value. +func (s *UpgradeTarget) SetSupportsLocalWriteForwarding(v bool) *UpgradeTarget { + s.SupportsLocalWriteForwarding = &v + return s +} + +// SetSupportsParallelQuery sets the SupportsParallelQuery field's value. +func (s *UpgradeTarget) SetSupportsParallelQuery(v bool) *UpgradeTarget { + s.SupportsParallelQuery = &v + return s +} + // Specifies the details of authentication used by a proxy to log in as a specific // database user. type UserAuthConfig struct { @@ -42378,12 +62882,17 @@ type UserAuthConfig struct { // to the underlying database. AuthScheme *string `type:"string" enum:"AuthScheme"` + // The type of authentication the proxy uses for connections from clients. + ClientPasswordAuthType *string `type:"string" enum:"ClientPasswordAuthType"` + // A user-specified description about the authentication used by a proxy to // log in as a specific database user. Description *string `type:"string"` - // Whether to require or disallow AWS Identity and Access Management (IAM) authentication - // for connections to the proxy. + // A value that indicates whether to require or disallow Amazon Web Services + // Identity and Access Management (IAM) authentication for connections to the + // proxy. The ENABLED value is valid only for proxies with RDS for Microsoft + // SQL Server. IAMAuth *string `type:"string" enum:"IAMAuthMode"` // The Amazon Resource Name (ARN) representing the secret that the proxy uses @@ -42395,12 +62904,20 @@ type UserAuthConfig struct { UserName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UserAuthConfig) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UserAuthConfig) GoString() string { return s.String() } @@ -42411,6 +62928,12 @@ func (s *UserAuthConfig) SetAuthScheme(v string) *UserAuthConfig { return s } +// SetClientPasswordAuthType sets the ClientPasswordAuthType field's value. +func (s *UserAuthConfig) SetClientPasswordAuthType(v string) *UserAuthConfig { + s.ClientPasswordAuthType = &v + return s +} + // SetDescription sets the Description field's value. func (s *UserAuthConfig) SetDescription(v string) *UserAuthConfig { s.Description = &v @@ -42444,12 +62967,16 @@ type UserAuthConfigInfo struct { // to the underlying database. AuthScheme *string `type:"string" enum:"AuthScheme"` + // The type of authentication the proxy uses for connections from clients. + ClientPasswordAuthType *string `type:"string" enum:"ClientPasswordAuthType"` + // A user-specified description about the authentication used by a proxy to // log in as a specific database user. Description *string `type:"string"` - // Whether to require or disallow AWS Identity and Access Management (IAM) authentication - // for connections to the proxy. + // Whether to require or disallow Amazon Web Services Identity and Access Management + // (IAM) authentication for connections to the proxy. The ENABLED value is valid + // only for proxies with RDS for Microsoft SQL Server. IAMAuth *string `type:"string" enum:"IAMAuthMode"` // The Amazon Resource Name (ARN) representing the secret that the proxy uses @@ -42461,12 +62988,20 @@ type UserAuthConfigInfo struct { UserName *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UserAuthConfigInfo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UserAuthConfigInfo) GoString() string { return s.String() } @@ -42477,6 +63012,12 @@ func (s *UserAuthConfigInfo) SetAuthScheme(v string) *UserAuthConfigInfo { return s } +// SetClientPasswordAuthType sets the ClientPasswordAuthType field's value. +func (s *UserAuthConfigInfo) SetClientPasswordAuthType(v string) *UserAuthConfigInfo { + s.ClientPasswordAuthType = &v + return s +} + // SetDescription sets the Description field's value. func (s *UserAuthConfigInfo) SetDescription(v string) *UserAuthConfigInfo { s.Description = &v @@ -42510,16 +63051,27 @@ type ValidDBInstanceModificationsMessage struct { // Valid storage options for your DB instance. Storage []*ValidStorageOptions `locationNameList:"ValidStorageOptions" type:"list"` + // Indicates whether a DB instance supports using a dedicated log volume (DLV). + SupportsDedicatedLogVolume *bool `type:"boolean"` + // Valid processor features for your DB instance. ValidProcessorFeatures []*AvailableProcessorFeature `locationNameList:"AvailableProcessorFeature" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ValidDBInstanceModificationsMessage) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ValidDBInstanceModificationsMessage) GoString() string { return s.String() } @@ -42530,6 +63082,12 @@ func (s *ValidDBInstanceModificationsMessage) SetStorage(v []*ValidStorageOption return s } +// SetSupportsDedicatedLogVolume sets the SupportsDedicatedLogVolume field's value. +func (s *ValidDBInstanceModificationsMessage) SetSupportsDedicatedLogVolume(v bool) *ValidDBInstanceModificationsMessage { + s.SupportsDedicatedLogVolume = &v + return s +} + // SetValidProcessorFeatures sets the ValidProcessorFeatures field's value. func (s *ValidDBInstanceModificationsMessage) SetValidProcessorFeatures(v []*AvailableProcessorFeature) *ValidDBInstanceModificationsMessage { s.ValidProcessorFeatures = v @@ -42547,26 +63105,43 @@ type ValidStorageOptions struct { // times storage. IopsToStorageRatio []*DoubleRange `locationNameList:"DoubleRange" type:"list"` - // The valid range of provisioned IOPS. For example, 1000-20000. + // The valid range of provisioned IOPS. For example, 1000-256,000. ProvisionedIops []*Range `locationNameList:"Range" type:"list"` - // The valid range of storage in gibibytes. For example, 100 to 16384. + // The valid range of provisioned storage throughput. For example, 500-4,000 + // mebibytes per second (MiBps). + ProvisionedStorageThroughput []*Range `locationNameList:"Range" type:"list"` + + // The valid range of storage in gibibytes (GiB). For example, 100 to 16,384. StorageSize []*Range `locationNameList:"Range" type:"list"` - // The valid storage types for your DB instance. For example, gp2, io1. + // The valid range of storage throughput to provisioned IOPS ratios. For example, + // 0-0.25. + StorageThroughputToIopsRatio []*DoubleRange `locationNameList:"DoubleRange" type:"list"` + + // The valid storage types for your DB instance. For example: gp2, gp3, io1, + // io2. StorageType *string `type:"string"` - // Whether or not Amazon RDS can automatically scale storage for DB instances - // that use the new instance class. + // Indicates whether or not Amazon RDS can automatically scale storage for DB + // instances that use the new instance class. SupportsStorageAutoscaling *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ValidStorageOptions) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ValidStorageOptions) GoString() string { return s.String() } @@ -42583,12 +63158,24 @@ func (s *ValidStorageOptions) SetProvisionedIops(v []*Range) *ValidStorageOption return s } +// SetProvisionedStorageThroughput sets the ProvisionedStorageThroughput field's value. +func (s *ValidStorageOptions) SetProvisionedStorageThroughput(v []*Range) *ValidStorageOptions { + s.ProvisionedStorageThroughput = v + return s +} + // SetStorageSize sets the StorageSize field's value. func (s *ValidStorageOptions) SetStorageSize(v []*Range) *ValidStorageOptions { s.StorageSize = v return s } +// SetStorageThroughputToIopsRatio sets the StorageThroughputToIopsRatio field's value. +func (s *ValidStorageOptions) SetStorageThroughputToIopsRatio(v []*DoubleRange) *ValidStorageOptions { + s.StorageThroughputToIopsRatio = v + return s +} + // SetStorageType sets the StorageType field's value. func (s *ValidStorageOptions) SetStorageType(v string) *ValidStorageOptions { s.StorageType = &v @@ -42606,19 +63193,29 @@ func (s *ValidStorageOptions) SetSupportsStorageAutoscaling(v bool) *ValidStorag type VpcSecurityGroupMembership struct { _ struct{} `type:"structure"` - // The status of the VPC security group. + // The membership status of the VPC security group. + // + // Currently, the only valid status is active. Status *string `type:"string"` // The name of the VPC security group. VpcSecurityGroupId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s VpcSecurityGroupMembership) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s VpcSecurityGroupMembership) GoString() string { return s.String() } @@ -42635,80 +63232,6 @@ func (s *VpcSecurityGroupMembership) SetVpcSecurityGroupId(v string) *VpcSecurit return s } -// Information about the virtual private network (VPN) between the VMware vSphere -// cluster and the AWS website. -// -// For more information about RDS on VMware, see the RDS on VMware User Guide. -// (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html) -type VpnDetails struct { - _ struct{} `type:"structure"` - - // The IP address of network traffic from AWS to your on-premises data center. - VpnGatewayIp *string `type:"string"` - - // The ID of the VPN. - VpnId *string `type:"string"` - - // The name of the VPN. - VpnName *string `type:"string"` - - // The preshared key (PSK) for the VPN. - VpnPSK *string `type:"string" sensitive:"true"` - - // The state of the VPN. - VpnState *string `type:"string"` - - // The IP address of network traffic from your on-premises data center. A custom - // AZ receives the network traffic. - VpnTunnelOriginatorIP *string `type:"string"` -} - -// String returns the string representation -func (s VpnDetails) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s VpnDetails) GoString() string { - return s.String() -} - -// SetVpnGatewayIp sets the VpnGatewayIp field's value. -func (s *VpnDetails) SetVpnGatewayIp(v string) *VpnDetails { - s.VpnGatewayIp = &v - return s -} - -// SetVpnId sets the VpnId field's value. -func (s *VpnDetails) SetVpnId(v string) *VpnDetails { - s.VpnId = &v - return s -} - -// SetVpnName sets the VpnName field's value. -func (s *VpnDetails) SetVpnName(v string) *VpnDetails { - s.VpnName = &v - return s -} - -// SetVpnPSK sets the VpnPSK field's value. -func (s *VpnDetails) SetVpnPSK(v string) *VpnDetails { - s.VpnPSK = &v - return s -} - -// SetVpnState sets the VpnState field's value. -func (s *VpnDetails) SetVpnState(v string) *VpnDetails { - s.VpnState = &v - return s -} - -// SetVpnTunnelOriginatorIP sets the VpnTunnelOriginatorIP field's value. -func (s *VpnDetails) SetVpnTunnelOriginatorIP(v string) *VpnDetails { - s.VpnTunnelOriginatorIP = &v - return s -} - const ( // ActivityStreamModeSync is a ActivityStreamMode enum value ActivityStreamModeSync = "sync" @@ -42725,6 +63248,30 @@ func ActivityStreamMode_Values() []string { } } +const ( + // ActivityStreamPolicyStatusLocked is a ActivityStreamPolicyStatus enum value + ActivityStreamPolicyStatusLocked = "locked" + + // ActivityStreamPolicyStatusUnlocked is a ActivityStreamPolicyStatus enum value + ActivityStreamPolicyStatusUnlocked = "unlocked" + + // ActivityStreamPolicyStatusLockingPolicy is a ActivityStreamPolicyStatus enum value + ActivityStreamPolicyStatusLockingPolicy = "locking-policy" + + // ActivityStreamPolicyStatusUnlockingPolicy is a ActivityStreamPolicyStatus enum value + ActivityStreamPolicyStatusUnlockingPolicy = "unlocking-policy" +) + +// ActivityStreamPolicyStatus_Values returns all elements of the ActivityStreamPolicyStatus enum +func ActivityStreamPolicyStatus_Values() []string { + return []string{ + ActivityStreamPolicyStatusLocked, + ActivityStreamPolicyStatusUnlocked, + ActivityStreamPolicyStatusLockingPolicy, + ActivityStreamPolicyStatusUnlockingPolicy, + } +} + const ( // ActivityStreamStatusStopped is a ActivityStreamStatus enum value ActivityStreamStatusStopped = "stopped" @@ -42765,6 +63312,22 @@ func ApplyMethod_Values() []string { } } +const ( + // AuditPolicyStateLocked is a AuditPolicyState enum value + AuditPolicyStateLocked = "locked" + + // AuditPolicyStateUnlocked is a AuditPolicyState enum value + AuditPolicyStateUnlocked = "unlocked" +) + +// AuditPolicyState_Values returns all elements of the AuditPolicyState enum +func AuditPolicyState_Values() []string { + return []string{ + AuditPolicyStateLocked, + AuditPolicyStateUnlocked, + } +} + const ( // AuthSchemeSecrets is a AuthScheme enum value AuthSchemeSecrets = "SECRETS" @@ -42777,6 +63340,114 @@ func AuthScheme_Values() []string { } } +const ( + // AutomationModeFull is a AutomationMode enum value + AutomationModeFull = "full" + + // AutomationModeAllPaused is a AutomationMode enum value + AutomationModeAllPaused = "all-paused" +) + +// AutomationMode_Values returns all elements of the AutomationMode enum +func AutomationMode_Values() []string { + return []string{ + AutomationModeFull, + AutomationModeAllPaused, + } +} + +const ( + // ClientPasswordAuthTypeMysqlNativePassword is a ClientPasswordAuthType enum value + ClientPasswordAuthTypeMysqlNativePassword = "MYSQL_NATIVE_PASSWORD" + + // ClientPasswordAuthTypePostgresScramSha256 is a ClientPasswordAuthType enum value + ClientPasswordAuthTypePostgresScramSha256 = "POSTGRES_SCRAM_SHA_256" + + // ClientPasswordAuthTypePostgresMd5 is a ClientPasswordAuthType enum value + ClientPasswordAuthTypePostgresMd5 = "POSTGRES_MD5" + + // ClientPasswordAuthTypeSqlServerAuthentication is a ClientPasswordAuthType enum value + ClientPasswordAuthTypeSqlServerAuthentication = "SQL_SERVER_AUTHENTICATION" +) + +// ClientPasswordAuthType_Values returns all elements of the ClientPasswordAuthType enum +func ClientPasswordAuthType_Values() []string { + return []string{ + ClientPasswordAuthTypeMysqlNativePassword, + ClientPasswordAuthTypePostgresScramSha256, + ClientPasswordAuthTypePostgresMd5, + ClientPasswordAuthTypeSqlServerAuthentication, + } +} + +const ( + // CustomEngineVersionStatusAvailable is a CustomEngineVersionStatus enum value + CustomEngineVersionStatusAvailable = "available" + + // CustomEngineVersionStatusInactive is a CustomEngineVersionStatus enum value + CustomEngineVersionStatusInactive = "inactive" + + // CustomEngineVersionStatusInactiveExceptRestore is a CustomEngineVersionStatus enum value + CustomEngineVersionStatusInactiveExceptRestore = "inactive-except-restore" +) + +// CustomEngineVersionStatus_Values returns all elements of the CustomEngineVersionStatus enum +func CustomEngineVersionStatus_Values() []string { + return []string{ + CustomEngineVersionStatusAvailable, + CustomEngineVersionStatusInactive, + CustomEngineVersionStatusInactiveExceptRestore, + } +} + +const ( + // DBProxyEndpointStatusAvailable is a DBProxyEndpointStatus enum value + DBProxyEndpointStatusAvailable = "available" + + // DBProxyEndpointStatusModifying is a DBProxyEndpointStatus enum value + DBProxyEndpointStatusModifying = "modifying" + + // DBProxyEndpointStatusIncompatibleNetwork is a DBProxyEndpointStatus enum value + DBProxyEndpointStatusIncompatibleNetwork = "incompatible-network" + + // DBProxyEndpointStatusInsufficientResourceLimits is a DBProxyEndpointStatus enum value + DBProxyEndpointStatusInsufficientResourceLimits = "insufficient-resource-limits" + + // DBProxyEndpointStatusCreating is a DBProxyEndpointStatus enum value + DBProxyEndpointStatusCreating = "creating" + + // DBProxyEndpointStatusDeleting is a DBProxyEndpointStatus enum value + DBProxyEndpointStatusDeleting = "deleting" +) + +// DBProxyEndpointStatus_Values returns all elements of the DBProxyEndpointStatus enum +func DBProxyEndpointStatus_Values() []string { + return []string{ + DBProxyEndpointStatusAvailable, + DBProxyEndpointStatusModifying, + DBProxyEndpointStatusIncompatibleNetwork, + DBProxyEndpointStatusInsufficientResourceLimits, + DBProxyEndpointStatusCreating, + DBProxyEndpointStatusDeleting, + } +} + +const ( + // DBProxyEndpointTargetRoleReadWrite is a DBProxyEndpointTargetRole enum value + DBProxyEndpointTargetRoleReadWrite = "READ_WRITE" + + // DBProxyEndpointTargetRoleReadOnly is a DBProxyEndpointTargetRole enum value + DBProxyEndpointTargetRoleReadOnly = "READ_ONLY" +) + +// DBProxyEndpointTargetRole_Values returns all elements of the DBProxyEndpointTargetRole enum +func DBProxyEndpointTargetRole_Values() []string { + return []string{ + DBProxyEndpointTargetRoleReadWrite, + DBProxyEndpointTargetRoleReadOnly, + } +} + const ( // DBProxyStatusAvailable is a DBProxyStatus enum value DBProxyStatusAvailable = "available" @@ -42827,6 +63498,9 @@ const ( // EngineFamilyPostgresql is a EngineFamily enum value EngineFamilyPostgresql = "POSTGRESQL" + + // EngineFamilySqlserver is a EngineFamily enum value + EngineFamilySqlserver = "SQLSERVER" ) // EngineFamily_Values returns all elements of the EngineFamily enum @@ -42834,6 +63508,59 @@ func EngineFamily_Values() []string { return []string{ EngineFamilyMysql, EngineFamilyPostgresql, + EngineFamilySqlserver, + } +} + +const ( + // ExportSourceTypeSnapshot is a ExportSourceType enum value + ExportSourceTypeSnapshot = "SNAPSHOT" + + // ExportSourceTypeCluster is a ExportSourceType enum value + ExportSourceTypeCluster = "CLUSTER" +) + +// ExportSourceType_Values returns all elements of the ExportSourceType enum +func ExportSourceType_Values() []string { + return []string{ + ExportSourceTypeSnapshot, + ExportSourceTypeCluster, + } +} + +const ( + // FailoverStatusPending is a FailoverStatus enum value + FailoverStatusPending = "pending" + + // FailoverStatusFailingOver is a FailoverStatus enum value + FailoverStatusFailingOver = "failing-over" + + // FailoverStatusCancelling is a FailoverStatus enum value + FailoverStatusCancelling = "cancelling" +) + +// FailoverStatus_Values returns all elements of the FailoverStatus enum +func FailoverStatus_Values() []string { + return []string{ + FailoverStatusPending, + FailoverStatusFailingOver, + FailoverStatusCancelling, + } +} + +const ( + // GlobalClusterMemberSynchronizationStatusConnected is a GlobalClusterMemberSynchronizationStatus enum value + GlobalClusterMemberSynchronizationStatusConnected = "connected" + + // GlobalClusterMemberSynchronizationStatusPendingResync is a GlobalClusterMemberSynchronizationStatus enum value + GlobalClusterMemberSynchronizationStatusPendingResync = "pending-resync" +) + +// GlobalClusterMemberSynchronizationStatus_Values returns all elements of the GlobalClusterMemberSynchronizationStatus enum +func GlobalClusterMemberSynchronizationStatus_Values() []string { + return []string{ + GlobalClusterMemberSynchronizationStatusConnected, + GlobalClusterMemberSynchronizationStatusPendingResync, } } @@ -42843,6 +63570,9 @@ const ( // IAMAuthModeRequired is a IAMAuthMode enum value IAMAuthModeRequired = "REQUIRED" + + // IAMAuthModeEnabled is a IAMAuthMode enum value + IAMAuthModeEnabled = "ENABLED" ) // IAMAuthMode_Values returns all elements of the IAMAuthMode enum @@ -42850,6 +63580,111 @@ func IAMAuthMode_Values() []string { return []string{ IAMAuthModeDisabled, IAMAuthModeRequired, + IAMAuthModeEnabled, + } +} + +const ( + // IntegrationStatusCreating is a IntegrationStatus enum value + IntegrationStatusCreating = "creating" + + // IntegrationStatusActive is a IntegrationStatus enum value + IntegrationStatusActive = "active" + + // IntegrationStatusModifying is a IntegrationStatus enum value + IntegrationStatusModifying = "modifying" + + // IntegrationStatusFailed is a IntegrationStatus enum value + IntegrationStatusFailed = "failed" + + // IntegrationStatusDeleting is a IntegrationStatus enum value + IntegrationStatusDeleting = "deleting" + + // IntegrationStatusSyncing is a IntegrationStatus enum value + IntegrationStatusSyncing = "syncing" + + // IntegrationStatusNeedsAttention is a IntegrationStatus enum value + IntegrationStatusNeedsAttention = "needs_attention" +) + +// IntegrationStatus_Values returns all elements of the IntegrationStatus enum +func IntegrationStatus_Values() []string { + return []string{ + IntegrationStatusCreating, + IntegrationStatusActive, + IntegrationStatusModifying, + IntegrationStatusFailed, + IntegrationStatusDeleting, + IntegrationStatusSyncing, + IntegrationStatusNeedsAttention, + } +} + +const ( + // LimitlessDatabaseStatusActive is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusActive = "active" + + // LimitlessDatabaseStatusNotInUse is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusNotInUse = "not-in-use" + + // LimitlessDatabaseStatusEnabled is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusEnabled = "enabled" + + // LimitlessDatabaseStatusDisabled is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusDisabled = "disabled" + + // LimitlessDatabaseStatusEnabling is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusEnabling = "enabling" + + // LimitlessDatabaseStatusDisabling is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusDisabling = "disabling" + + // LimitlessDatabaseStatusModifyingMaxCapacity is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusModifyingMaxCapacity = "modifying-max-capacity" + + // LimitlessDatabaseStatusError is a LimitlessDatabaseStatus enum value + LimitlessDatabaseStatusError = "error" +) + +// LimitlessDatabaseStatus_Values returns all elements of the LimitlessDatabaseStatus enum +func LimitlessDatabaseStatus_Values() []string { + return []string{ + LimitlessDatabaseStatusActive, + LimitlessDatabaseStatusNotInUse, + LimitlessDatabaseStatusEnabled, + LimitlessDatabaseStatusDisabled, + LimitlessDatabaseStatusEnabling, + LimitlessDatabaseStatusDisabling, + LimitlessDatabaseStatusModifyingMaxCapacity, + LimitlessDatabaseStatusError, + } +} + +const ( + // LocalWriteForwardingStatusEnabled is a LocalWriteForwardingStatus enum value + LocalWriteForwardingStatusEnabled = "enabled" + + // LocalWriteForwardingStatusDisabled is a LocalWriteForwardingStatus enum value + LocalWriteForwardingStatusDisabled = "disabled" + + // LocalWriteForwardingStatusEnabling is a LocalWriteForwardingStatus enum value + LocalWriteForwardingStatusEnabling = "enabling" + + // LocalWriteForwardingStatusDisabling is a LocalWriteForwardingStatus enum value + LocalWriteForwardingStatusDisabling = "disabling" + + // LocalWriteForwardingStatusRequested is a LocalWriteForwardingStatus enum value + LocalWriteForwardingStatusRequested = "requested" +) + +// LocalWriteForwardingStatus_Values returns all elements of the LocalWriteForwardingStatus enum +func LocalWriteForwardingStatus_Values() []string { + return []string{ + LocalWriteForwardingStatusEnabled, + LocalWriteForwardingStatusDisabled, + LocalWriteForwardingStatusEnabling, + LocalWriteForwardingStatusDisabling, + LocalWriteForwardingStatusRequested, } } @@ -42887,6 +63722,15 @@ const ( // SourceTypeDbClusterSnapshot is a SourceType enum value SourceTypeDbClusterSnapshot = "db-cluster-snapshot" + + // SourceTypeCustomEngineVersion is a SourceType enum value + SourceTypeCustomEngineVersion = "custom-engine-version" + + // SourceTypeDbProxy is a SourceType enum value + SourceTypeDbProxy = "db-proxy" + + // SourceTypeBlueGreenDeployment is a SourceType enum value + SourceTypeBlueGreenDeployment = "blue-green-deployment" ) // SourceType_Values returns all elements of the SourceType enum @@ -42898,6 +63742,9 @@ func SourceType_Values() []string { SourceTypeDbSnapshot, SourceTypeDbCluster, SourceTypeDbClusterSnapshot, + SourceTypeCustomEngineVersion, + SourceTypeDbProxy, + SourceTypeBlueGreenDeployment, } } @@ -42913,6 +63760,9 @@ const ( // TargetHealthReasonPendingProxyCapacity is a TargetHealthReason enum value TargetHealthReasonPendingProxyCapacity = "PENDING_PROXY_CAPACITY" + + // TargetHealthReasonInvalidReplicationState is a TargetHealthReason enum value + TargetHealthReasonInvalidReplicationState = "INVALID_REPLICATION_STATE" ) // TargetHealthReason_Values returns all elements of the TargetHealthReason enum @@ -42922,6 +63772,27 @@ func TargetHealthReason_Values() []string { TargetHealthReasonConnectionFailed, TargetHealthReasonAuthFailure, TargetHealthReasonPendingProxyCapacity, + TargetHealthReasonInvalidReplicationState, + } +} + +const ( + // TargetRoleReadWrite is a TargetRole enum value + TargetRoleReadWrite = "READ_WRITE" + + // TargetRoleReadOnly is a TargetRole enum value + TargetRoleReadOnly = "READ_ONLY" + + // TargetRoleUnknown is a TargetRole enum value + TargetRoleUnknown = "UNKNOWN" +) + +// TargetRole_Values returns all elements of the TargetRole enum +func TargetRole_Values() []string { + return []string{ + TargetRoleReadWrite, + TargetRoleReadOnly, + TargetRoleUnknown, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/rds/customizations.go index d6d2e5f60..ce5ea518b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/customizations.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/customizations.go @@ -137,10 +137,14 @@ func presignURL(r *request.Request, sourceRegion *string, newParams interface{}) clientInfo := r.ClientInfo resolved, err := r.Config.EndpointResolver.EndpointFor( - clientInfo.ServiceName, aws.StringValue(cfg.Region), + EndpointsID, aws.StringValue(cfg.Region), func(opt *endpoints.Options) { opt.DisableSSL = aws.BoolValue(cfg.DisableSSL) opt.UseDualStack = aws.BoolValue(cfg.UseDualStack) + opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint + opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint + opt.Logger = r.Config.Logger + opt.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) }, ) if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/doc.go b/vendor/github.com/aws/aws-sdk-go/service/rds/doc.go index 85e0405d4..917fb68d3 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/doc.go @@ -3,7 +3,6 @@ // Package rds provides the client and types for making API // requests to Amazon Relational Database Service. // -// // Amazon Relational Database Service (Amazon RDS) is a web service that makes // it easier to set up, operate, and scale a relational database in the cloud. // It provides cost-efficient, resizeable capacity for an industry-standard @@ -11,12 +10,12 @@ // up developers to focus on what makes their applications and businesses unique. // // Amazon RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, -// Microsoft SQL Server, Oracle, or Amazon Aurora database server. These capabilities -// mean that the code, applications, and tools you already use today with your -// existing databases work with Amazon RDS without modification. Amazon RDS -// automatically backs up your database and maintains the database software -// that powers your DB instance. Amazon RDS is flexible: you can scale your -// DB instance's compute resources and storage capacity to meet your application's +// Microsoft SQL Server, Oracle, Db2, or Amazon Aurora database server. These +// capabilities mean that the code, applications, and tools you already use +// today with your existing databases work with Amazon RDS without modification. +// Amazon RDS automatically backs up your database and maintains the database +// software that powers your DB instance. Amazon RDS is flexible: you can scale +// your DB instance's compute resources and storage capacity to meet your application's // demand. As with all Amazon Web Services, there are no up-front investments, // and you pay only for the resources you use. // @@ -31,28 +30,28 @@ // // Amazon RDS API Reference // -// * For the alphabetical list of API actions, see API Actions (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Operations.html). +// - For the alphabetical list of API actions, see API Actions (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Operations.html). // -// * For the alphabetical list of data types, see Data Types (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Types.html). +// - For the alphabetical list of data types, see Data Types (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Types.html). // -// * For a list of common query parameters, see Common Parameters (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/CommonParameters.html). +// - For a list of common query parameters, see Common Parameters (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/CommonParameters.html). // -// * For descriptions of the error codes, see Common Errors (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/CommonErrors.html). +// - For descriptions of the error codes, see Common Errors (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/CommonErrors.html). // // Amazon RDS User Guide // -// * For a summary of the Amazon RDS interfaces, see Available RDS Interfaces -// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html#Welcome.Interfaces). +// - For a summary of the Amazon RDS interfaces, see Available RDS Interfaces +// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html#Welcome.Interfaces). // -// * For more information about how to use the Query API, see Using the Query -// API (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Using_the_Query_API.html). +// - For more information about how to use the Query API, see Using the Query +// API (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Using_the_Query_API.html). // // See https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31 for more information on this service. // // See rds package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/rds/ // -// Using the Client +// # Using the Client // // To contact Amazon Relational Database Service with the SDK use the New function to create // a new service client. With that client you can make API requests to the service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/rds/doc_custom.go index 3a4b87905..922803c5e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/doc_custom.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/doc_custom.go @@ -9,16 +9,16 @@ // The following example shows how to use BuildAuthToken to create an authentication // token for connecting to a MySQL database in RDS. // -// authToken, err := rdsutils.BuildAuthToken(dbEndpoint, awsRegion, dbUser, awsCreds) +// authToken, err := rdsutils.BuildAuthToken(dbEndpoint, awsRegion, dbUser, awsCreds) // -// // Create the MySQL DNS string for the DB connection -// // user:password@protocol(endpoint)/dbname? -// dnsStr = fmt.Sprintf("%s:%s@tcp(%s)/%s?tls=true", -// dbUser, authToken, dbEndpoint, dbName, -// ) +// // Create the MySQL DNS string for the DB connection +// // user:password@protocol(endpoint)/dbname? +// dnsStr = fmt.Sprintf("%s:%s@tcp(%s)/%s?tls=true", +// dbUser, authToken, dbEndpoint, dbName, +// ) // -// // Use db to perform SQL operations on database -// db, err := sql.Open("mysql", dnsStr) +// // Use db to perform SQL operations on database +// db, err := sql.Open("mysql", dnsStr) // // See rdsutil package for more information. // http://docs.aws.amazon.com/sdk-for-go/api/service/rds/rdsutils/ diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go b/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go index ba166690f..a349b65f4 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/errors.go @@ -31,18 +31,29 @@ const ( // "BackupPolicyNotFoundFault". ErrCodeBackupPolicyNotFoundFault = "BackupPolicyNotFoundFault" + // ErrCodeBlueGreenDeploymentAlreadyExistsFault for service response error code + // "BlueGreenDeploymentAlreadyExistsFault". + // + // A blue/green deployment with the specified name already exists. + ErrCodeBlueGreenDeploymentAlreadyExistsFault = "BlueGreenDeploymentAlreadyExistsFault" + + // ErrCodeBlueGreenDeploymentNotFoundFault for service response error code + // "BlueGreenDeploymentNotFoundFault". + // + // BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment. + ErrCodeBlueGreenDeploymentNotFoundFault = "BlueGreenDeploymentNotFoundFault" + // ErrCodeCertificateNotFoundFault for service response error code // "CertificateNotFound". // // CertificateIdentifier doesn't refer to an existing certificate. ErrCodeCertificateNotFoundFault = "CertificateNotFound" - // ErrCodeCustomAvailabilityZoneAlreadyExistsFault for service response error code - // "CustomAvailabilityZoneAlreadyExists". + // ErrCodeCreateCustomDBEngineVersionFault for service response error code + // "CreateCustomDBEngineVersionFault". // - // CustomAvailabilityZoneName is already used by an existing custom Availability - // Zone. - ErrCodeCustomAvailabilityZoneAlreadyExistsFault = "CustomAvailabilityZoneAlreadyExists" + // An error occurred while trying to create the CEV. + ErrCodeCreateCustomDBEngineVersionFault = "CreateCustomDBEngineVersionFault" // ErrCodeCustomAvailabilityZoneNotFoundFault for service response error code // "CustomAvailabilityZoneNotFound". @@ -51,11 +62,23 @@ const ( // Zone identifier. ErrCodeCustomAvailabilityZoneNotFoundFault = "CustomAvailabilityZoneNotFound" - // ErrCodeCustomAvailabilityZoneQuotaExceededFault for service response error code - // "CustomAvailabilityZoneQuotaExceeded". + // ErrCodeCustomDBEngineVersionAlreadyExistsFault for service response error code + // "CustomDBEngineVersionAlreadyExistsFault". // - // You have exceeded the maximum number of custom Availability Zones. - ErrCodeCustomAvailabilityZoneQuotaExceededFault = "CustomAvailabilityZoneQuotaExceeded" + // A CEV with the specified name already exists. + ErrCodeCustomDBEngineVersionAlreadyExistsFault = "CustomDBEngineVersionAlreadyExistsFault" + + // ErrCodeCustomDBEngineVersionNotFoundFault for service response error code + // "CustomDBEngineVersionNotFoundFault". + // + // The specified CEV was not found. + ErrCodeCustomDBEngineVersionNotFoundFault = "CustomDBEngineVersionNotFoundFault" + + // ErrCodeCustomDBEngineVersionQuotaExceededFault for service response error code + // "CustomDBEngineVersionQuotaExceededFault". + // + // You have exceeded your CEV quota. + ErrCodeCustomDBEngineVersionQuotaExceededFault = "CustomDBEngineVersionQuotaExceededFault" // ErrCodeDBClusterAlreadyExistsFault for service response error code // "DBClusterAlreadyExistsFault". @@ -63,6 +86,20 @@ const ( // The user already has a DB cluster with the given identifier. ErrCodeDBClusterAlreadyExistsFault = "DBClusterAlreadyExistsFault" + // ErrCodeDBClusterAutomatedBackupNotFoundFault for service response error code + // "DBClusterAutomatedBackupNotFoundFault". + // + // No automated backup for this DB cluster was found. + ErrCodeDBClusterAutomatedBackupNotFoundFault = "DBClusterAutomatedBackupNotFoundFault" + + // ErrCodeDBClusterAutomatedBackupQuotaExceededFault for service response error code + // "DBClusterAutomatedBackupQuotaExceededFault". + // + // The quota for retained automated backups was exceeded. This prevents you + // from retaining any additional automated backups. The retained automated backups + // quota is the same as your DB cluster quota. + ErrCodeDBClusterAutomatedBackupQuotaExceededFault = "DBClusterAutomatedBackupQuotaExceededFault" + // ErrCodeDBClusterBacktrackNotFoundFault for service response error code // "DBClusterBacktrackNotFoundFault". // @@ -157,7 +194,7 @@ const ( // // The quota for retained automated backups was exceeded. This prevents you // from retaining any additional automated backups. The retained automated backups - // quota is the same as your DB Instance quota. + // quota is the same as your DB instance quota. ErrCodeDBInstanceAutomatedBackupQuotaExceededFault = "DBInstanceAutomatedBackupQuotaExceeded" // ErrCodeDBInstanceNotFoundFault for service response error code @@ -183,8 +220,8 @@ const ( // ErrCodeDBInstanceRoleQuotaExceededFault for service response error code // "DBInstanceRoleQuotaExceeded". // - // You can't associate any more AWS Identity and Access Management (IAM) roles - // with the DB instance because the quota has been reached. + // You can't associate any more Amazon Web Services Identity and Access Management + // (IAM) roles with the DB instance because the quota has been reached. ErrCodeDBInstanceRoleQuotaExceededFault = "DBInstanceRoleQuotaExceeded" // ErrCodeDBLogFileNotFoundFault for service response error code @@ -213,24 +250,44 @@ const ( ErrCodeDBParameterGroupQuotaExceededFault = "DBParameterGroupQuotaExceeded" // ErrCodeDBProxyAlreadyExistsFault for service response error code - // "DBProxyTargetExistsFault". + // "DBProxyAlreadyExistsFault". + // + // The specified proxy name must be unique for all proxies owned by your Amazon + // Web Services account in the specified Amazon Web Services Region. + ErrCodeDBProxyAlreadyExistsFault = "DBProxyAlreadyExistsFault" + + // ErrCodeDBProxyEndpointAlreadyExistsFault for service response error code + // "DBProxyEndpointAlreadyExistsFault". + // + // The specified DB proxy endpoint name must be unique for all DB proxy endpoints + // owned by your Amazon Web Services account in the specified Amazon Web Services + // Region. + ErrCodeDBProxyEndpointAlreadyExistsFault = "DBProxyEndpointAlreadyExistsFault" + + // ErrCodeDBProxyEndpointNotFoundFault for service response error code + // "DBProxyEndpointNotFoundFault". + // + // The DB proxy endpoint doesn't exist. + ErrCodeDBProxyEndpointNotFoundFault = "DBProxyEndpointNotFoundFault" + + // ErrCodeDBProxyEndpointQuotaExceededFault for service response error code + // "DBProxyEndpointQuotaExceededFault". // - // The specified proxy name must be unique for all proxies owned by your AWS - // account in the specified AWS Region. - ErrCodeDBProxyAlreadyExistsFault = "DBProxyTargetExistsFault" + // The DB proxy already has the maximum number of endpoints. + ErrCodeDBProxyEndpointQuotaExceededFault = "DBProxyEndpointQuotaExceededFault" // ErrCodeDBProxyNotFoundFault for service response error code // "DBProxyNotFoundFault". // - // The specified proxy name doesn't correspond to a proxy owned by your AWS - // account in the specified AWS Region. + // The specified proxy name doesn't correspond to a proxy owned by your Amazon + // Web Services account in the specified Amazon Web Services Region. ErrCodeDBProxyNotFoundFault = "DBProxyNotFoundFault" // ErrCodeDBProxyQuotaExceededFault for service response error code // "DBProxyQuotaExceededFault". // - // Your AWS account already has the maximum number of proxies in the specified - // AWS Region. + // Your Amazon Web Services account already has the maximum number of proxies + // in the specified Amazon Web Services Region. ErrCodeDBProxyQuotaExceededFault = "DBProxyQuotaExceededFault" // ErrCodeDBProxyTargetAlreadyRegisteredFault for service response error code @@ -243,15 +300,16 @@ const ( // ErrCodeDBProxyTargetGroupNotFoundFault for service response error code // "DBProxyTargetGroupNotFoundFault". // - // The specified target group isn't available for a proxy owned by your AWS - // account in the specified AWS Region. + // The specified target group isn't available for a proxy owned by your Amazon + // Web Services account in the specified Amazon Web Services Region. ErrCodeDBProxyTargetGroupNotFoundFault = "DBProxyTargetGroupNotFoundFault" // ErrCodeDBProxyTargetNotFoundFault for service response error code // "DBProxyTargetNotFoundFault". // // The specified RDS DB instance or Aurora DB cluster isn't available for a - // proxy owned by your AWS account in the specified AWS Region. + // proxy owned by your Amazon Web Services account in the specified Amazon Web + // Services Region. ErrCodeDBProxyTargetNotFoundFault = "DBProxyTargetNotFoundFault" // ErrCodeDBSecurityGroupAlreadyExistsFault for service response error code @@ -280,6 +338,19 @@ const ( // groups. ErrCodeDBSecurityGroupQuotaExceededFault = "QuotaExceeded.DBSecurityGroup" + // ErrCodeDBShardGroupAlreadyExistsFault for service response error code + // "DBShardGroupAlreadyExists". + // + // The specified DB shard group name must be unique in your Amazon Web Services + // account in the specified Amazon Web Services Region. + ErrCodeDBShardGroupAlreadyExistsFault = "DBShardGroupAlreadyExists" + + // ErrCodeDBShardGroupNotFoundFault for service response error code + // "DBShardGroupNotFound". + // + // The specified DB shard group name wasn't found. + ErrCodeDBShardGroupNotFoundFault = "DBShardGroupNotFound" + // ErrCodeDBSnapshotAlreadyExistsFault for service response error code // "DBSnapshotAlreadyExists". // @@ -292,6 +363,12 @@ const ( // DBSnapshotIdentifier doesn't refer to an existing DB snapshot. ErrCodeDBSnapshotNotFoundFault = "DBSnapshotNotFound" + // ErrCodeDBSnapshotTenantDatabaseNotFoundFault for service response error code + // "DBSnapshotTenantDatabaseNotFoundFault". + // + // The specified snapshot tenant database wasn't found. + ErrCodeDBSnapshotTenantDatabaseNotFoundFault = "DBSnapshotTenantDatabaseNotFoundFault" + // ErrCodeDBSubnetGroupAlreadyExistsFault for service response error code // "DBSubnetGroupAlreadyExists". // @@ -344,6 +421,12 @@ const ( // Domain doesn't refer to an existing Active Directory domain. ErrCodeDomainNotFoundFault = "DomainNotFoundFault" + // ErrCodeEc2ImagePropertiesNotSupportedFault for service response error code + // "Ec2ImagePropertiesNotSupportedFault". + // + // The AMI configuration prerequisite has not been met. + ErrCodeEc2ImagePropertiesNotSupportedFault = "Ec2ImagePropertiesNotSupportedFault" + // ErrCodeEventSubscriptionQuotaExceededFault for service response error code // "EventSubscriptionQuotaExceeded". // @@ -364,14 +447,23 @@ const ( // ErrCodeGlobalClusterAlreadyExistsFault for service response error code // "GlobalClusterAlreadyExistsFault". + // + // The GlobalClusterIdentifier already exists. Choose a new global database + // identifier (unique name) to create a new global database cluster. ErrCodeGlobalClusterAlreadyExistsFault = "GlobalClusterAlreadyExistsFault" // ErrCodeGlobalClusterNotFoundFault for service response error code // "GlobalClusterNotFoundFault". + // + // The GlobalClusterIdentifier doesn't refer to an existing global database + // cluster. ErrCodeGlobalClusterNotFoundFault = "GlobalClusterNotFoundFault" // ErrCodeGlobalClusterQuotaExceededFault for service response error code // "GlobalClusterQuotaExceededFault". + // + // The number of global database clusters for this account is already at the + // maximum allowed. ErrCodeGlobalClusterQuotaExceededFault = "GlobalClusterQuotaExceededFault" // ErrCodeIamRoleMissingPermissionsFault for service response error code @@ -386,18 +478,6 @@ const ( // The IAM role is missing for exporting to an Amazon S3 bucket. ErrCodeIamRoleNotFoundFault = "IamRoleNotFound" - // ErrCodeInstallationMediaAlreadyExistsFault for service response error code - // "InstallationMediaAlreadyExists". - // - // The specified installation medium has already been imported. - ErrCodeInstallationMediaAlreadyExistsFault = "InstallationMediaAlreadyExists" - - // ErrCodeInstallationMediaNotFoundFault for service response error code - // "InstallationMediaNotFound". - // - // InstallationMediaID doesn't refer to an existing installation medium. - ErrCodeInstallationMediaNotFoundFault = "InstallationMediaNotFound" - // ErrCodeInstanceQuotaExceededFault for service response error code // "InstanceQuotaExceeded". // @@ -433,6 +513,54 @@ const ( // Availability Zones that have more storage available. ErrCodeInsufficientStorageClusterCapacityFault = "InsufficientStorageClusterCapacity" + // ErrCodeIntegrationAlreadyExistsFault for service response error code + // "IntegrationAlreadyExistsFault". + // + // The integration you are trying to create already exists. + ErrCodeIntegrationAlreadyExistsFault = "IntegrationAlreadyExistsFault" + + // ErrCodeIntegrationConflictOperationFault for service response error code + // "IntegrationConflictOperationFault". + // + // A conflicting conditional operation is currently in progress against this + // resource. Typically occurs when there are multiple requests being made to + // the same resource at the same time, and these requests conflict with each + // other. + ErrCodeIntegrationConflictOperationFault = "IntegrationConflictOperationFault" + + // ErrCodeIntegrationNotFoundFault for service response error code + // "IntegrationNotFoundFault". + // + // The specified integration could not be found. + ErrCodeIntegrationNotFoundFault = "IntegrationNotFoundFault" + + // ErrCodeIntegrationQuotaExceededFault for service response error code + // "IntegrationQuotaExceededFault". + // + // You can't crate any more zero-ETL integrations because the quota has been + // reached. + ErrCodeIntegrationQuotaExceededFault = "IntegrationQuotaExceededFault" + + // ErrCodeInvalidBlueGreenDeploymentStateFault for service response error code + // "InvalidBlueGreenDeploymentStateFault". + // + // The blue/green deployment can't be switched over or deleted because there + // is an invalid configuration in the green environment. + ErrCodeInvalidBlueGreenDeploymentStateFault = "InvalidBlueGreenDeploymentStateFault" + + // ErrCodeInvalidCustomDBEngineVersionStateFault for service response error code + // "InvalidCustomDBEngineVersionStateFault". + // + // You can't delete the CEV. + ErrCodeInvalidCustomDBEngineVersionStateFault = "InvalidCustomDBEngineVersionStateFault" + + // ErrCodeInvalidDBClusterAutomatedBackupStateFault for service response error code + // "InvalidDBClusterAutomatedBackupStateFault". + // + // The automated backup is in an invalid state. For example, this automated + // backup is associated with an active cluster. + ErrCodeInvalidDBClusterAutomatedBackupStateFault = "InvalidDBClusterAutomatedBackupStateFault" + // ErrCodeInvalidDBClusterCapacityFault for service response error code // "InvalidDBClusterCapacityFault". // @@ -480,6 +608,13 @@ const ( // is in this state. ErrCodeInvalidDBParameterGroupStateFault = "InvalidDBParameterGroupState" + // ErrCodeInvalidDBProxyEndpointStateFault for service response error code + // "InvalidDBProxyEndpointStateFault". + // + // You can't perform this operation while the DB proxy endpoint is in a particular + // state. + ErrCodeInvalidDBProxyEndpointStateFault = "InvalidDBProxyEndpointStateFault" + // ErrCodeInvalidDBProxyStateFault for service response error code // "InvalidDBProxyStateFault". // @@ -492,6 +627,12 @@ const ( // The state of the DB security group doesn't allow deletion. ErrCodeInvalidDBSecurityGroupStateFault = "InvalidDBSecurityGroupState" + // ErrCodeInvalidDBShardGroupStateFault for service response error code + // "InvalidDBShardGroupState". + // + // The DB shard group must be in the available state. + ErrCodeInvalidDBShardGroupStateFault = "InvalidDBShardGroupState" + // ErrCodeInvalidDBSnapshotStateFault for service response error code // "InvalidDBSnapshotState". // @@ -545,14 +686,36 @@ const ( // ErrCodeInvalidGlobalClusterStateFault for service response error code // "InvalidGlobalClusterStateFault". + // + // The global cluster is in an invalid state and can't perform the requested + // operation. ErrCodeInvalidGlobalClusterStateFault = "InvalidGlobalClusterStateFault" + // ErrCodeInvalidIntegrationStateFault for service response error code + // "InvalidIntegrationStateFault". + // + // The integration is in an invalid state and can't perform the requested operation. + ErrCodeInvalidIntegrationStateFault = "InvalidIntegrationStateFault" + + // ErrCodeInvalidMaxAcuFault for service response error code + // "InvalidMaxAcu". + // + // The maximum capacity of the DB shard group must be 48-7168 Aurora capacity + // units (ACUs). + ErrCodeInvalidMaxAcuFault = "InvalidMaxAcu" + // ErrCodeInvalidOptionGroupStateFault for service response error code // "InvalidOptionGroupStateFault". // // The option group isn't in the available state. ErrCodeInvalidOptionGroupStateFault = "InvalidOptionGroupStateFault" + // ErrCodeInvalidResourceStateFault for service response error code + // "InvalidResourceStateFault". + // + // The operation can't be performed because another operation is in progress. + ErrCodeInvalidResourceStateFault = "InvalidResourceStateFault" + // ErrCodeInvalidRestoreFault for service response error code // "InvalidRestoreFault". // @@ -584,9 +747,23 @@ const ( // ErrCodeKMSKeyNotAccessibleFault for service response error code // "KMSKeyNotAccessibleFault". // - // An error occurred accessing an AWS KMS key. + // An error occurred accessing an Amazon Web Services KMS key. ErrCodeKMSKeyNotAccessibleFault = "KMSKeyNotAccessibleFault" + // ErrCodeMaxDBShardGroupLimitReached for service response error code + // "MaxDBShardGroupLimitReached". + // + // The maximum number of DB shard groups for your Amazon Web Services account + // in the specified Amazon Web Services Region has been reached. + ErrCodeMaxDBShardGroupLimitReached = "MaxDBShardGroupLimitReached" + + // ErrCodeNetworkTypeNotSupported for service response error code + // "NetworkTypeNotSupported". + // + // The network type is invalid for the DB instance. Valid nework type values + // are IPV4 and DUAL. + ErrCodeNetworkTypeNotSupported = "NetworkTypeNotSupported" + // ErrCodeOptionGroupAlreadyExistsFault for service response error code // "OptionGroupAlreadyExistsFault". // @@ -602,7 +779,7 @@ const ( // ErrCodeOptionGroupQuotaExceededFault for service response error code // "OptionGroupQuotaExceededFault". // - // The quota of 20 option groups was exceeded for this AWS account. + // The quota of 20 option groups was exceeded for this Amazon Web Services account. ErrCodeOptionGroupQuotaExceededFault = "OptionGroupQuotaExceededFault" // ErrCodePointInTimeRestoreNotEnabledFault for service response error code @@ -651,7 +828,7 @@ const ( // ErrCodeSNSInvalidTopicFault for service response error code // "SNSInvalidTopic". // - // SNS has responded that there is a problem with the SND topic specified. + // SNS has responded that there is a problem with the SNS topic specified. ErrCodeSNSInvalidTopicFault = "SNSInvalidTopic" // ErrCodeSNSNoAuthorizationFault for service response error code @@ -679,6 +856,18 @@ const ( // The request would result in the user exceeding the allowed number of DB snapshots. ErrCodeSnapshotQuotaExceededFault = "SnapshotQuotaExceeded" + // ErrCodeSourceClusterNotSupportedFault for service response error code + // "SourceClusterNotSupportedFault". + // + // The source DB cluster isn't supported for a blue/green deployment. + ErrCodeSourceClusterNotSupportedFault = "SourceClusterNotSupportedFault" + + // ErrCodeSourceDatabaseNotSupportedFault for service response error code + // "SourceDatabaseNotSupportedFault". + // + // The source DB instance isn't supported for a blue/green deployment. + ErrCodeSourceDatabaseNotSupportedFault = "SourceDatabaseNotSupportedFault" + // ErrCodeSourceNotFoundFault for service response error code // "SourceNotFound". // @@ -692,10 +881,17 @@ const ( // available across all DB instances. ErrCodeStorageQuotaExceededFault = "StorageQuotaExceeded" + // ErrCodeStorageTypeNotAvailableFault for service response error code + // "StorageTypeNotAvailableFault". + // + // The aurora-iopt1 storage type isn't available, because you modified the DB + // cluster to use this storage type less than one month ago. + ErrCodeStorageTypeNotAvailableFault = "StorageTypeNotAvailableFault" + // ErrCodeStorageTypeNotSupportedFault for service response error code // "StorageTypeNotSupported". // - // Storage of the StorageType specified can't be associated with the DB instance. + // The specified StorageType can't be associated with the DB instance. ErrCodeStorageTypeNotSupportedFault = "StorageTypeNotSupported" // ErrCodeSubnetAlreadyInUse for service response error code @@ -721,4 +917,30 @@ const ( // // The subscription name does not exist. ErrCodeSubscriptionNotFoundFault = "SubscriptionNotFound" + + // ErrCodeTenantDatabaseAlreadyExistsFault for service response error code + // "TenantDatabaseAlreadyExists". + // + // You attempted to either create a tenant database that already exists or modify + // a tenant database to use the name of an existing tenant database. + ErrCodeTenantDatabaseAlreadyExistsFault = "TenantDatabaseAlreadyExists" + + // ErrCodeTenantDatabaseNotFoundFault for service response error code + // "TenantDatabaseNotFound". + // + // The specified tenant database wasn't found in the DB instance. + ErrCodeTenantDatabaseNotFoundFault = "TenantDatabaseNotFound" + + // ErrCodeTenantDatabaseQuotaExceededFault for service response error code + // "TenantDatabaseQuotaExceeded". + // + // You attempted to create more tenant databases than are permitted in your + // Amazon Web Services account. + ErrCodeTenantDatabaseQuotaExceededFault = "TenantDatabaseQuotaExceeded" + + // ErrCodeUnsupportedDBEngineVersionFault for service response error code + // "UnsupportedDBEngineVersion". + // + // The specified DB engine version isn't supported for Aurora Limitless Database. + ErrCodeUnsupportedDBEngineVersionFault = "UnsupportedDBEngineVersion" ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/connect.go b/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/connect.go index be248a8d4..0cf078aec 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/connect.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/connect.go @@ -20,16 +20,16 @@ import ( // The following example shows how to use BuildAuthToken to create an authentication // token for connecting to a MySQL database in RDS. // -// authToken, err := BuildAuthToken(dbEndpoint, awsRegion, dbUser, awsCreds) +// authToken, err := BuildAuthToken(dbEndpoint, awsRegion, dbUser, awsCreds) // -// // Create the MySQL DNS string for the DB connection -// // user:password@protocol(endpoint)/dbname? -// connectStr = fmt.Sprintf("%s:%s@tcp(%s)/%s?allowCleartextPasswords=true&tls=rds", -// dbUser, authToken, dbEndpoint, dbName, -// ) +// // Create the MySQL DNS string for the DB connection +// // user:password@protocol(endpoint)/dbname? +// connectStr = fmt.Sprintf("%s:%s@tcp(%s)/%s?allowCleartextPasswords=true&tls=rds", +// dbUser, authToken, dbEndpoint, dbName, +// ) // -// // Use db to perform SQL operations on database -// db, err := sql.Open("mysql", connectStr) +// // Use db to perform SQL operations on database +// db, err := sql.Open("mysql", connectStr) // // See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html // for more information on using IAM database authentication with RDS. diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/doc.go b/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/doc.go index d1ff2511a..9f3e8813b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/rdsutils/doc.go @@ -6,13 +6,15 @@ // https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html#UsingWithRDS.IAMDBAuth.Availability // // When building the connection string, there are two required parameters that are needed to be set on the query. -// * tls -// * allowCleartextPasswords must be set to true // -// Example creating a basic auth token with the builder: -// v := url.Values{} -// v.Add("tls", "tls_profile_name") -// v.Add("allowCleartextPasswords", "true") -// b := rdsutils.NewConnectionStringBuilder(endpoint, region, user, dbname, creds) -// connectStr, err := b.WithTCPFormat().WithParams(v).Build() +// - tls +// +// - allowCleartextPasswords must be set to true +// +// Example creating a basic auth token with the builder: +// v := url.Values{} +// v.Add("tls", "tls_profile_name") +// v.Add("allowCleartextPasswords", "true") +// b := rdsutils.NewConnectionStringBuilder(endpoint, region, user, dbname, creds) +// connectStr, err := b.WithTCPFormat().WithParams(v).Build() package rdsutils diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/service.go b/vendor/github.com/aws/aws-sdk-go/service/rds/service.go index 656abea7b..84f20653c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/service.go @@ -39,31 +39,37 @@ const ( // aws.Config parameter to add your extra config. // // Example: -// mySession := session.Must(session.NewSession()) // -// // Create a RDS client from just a session. -// svc := rds.New(mySession) +// mySession := session.Must(session.NewSession()) // -// // Create a RDS client with additional configuration -// svc := rds.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +// // Create a RDS client from just a session. +// svc := rds.New(mySession) +// +// // Create a RDS client with additional configuration +// svc := rds.New(mySession, aws.NewConfig().WithRegion("us-west-2")) func New(p client.ConfigProvider, cfgs ...*aws.Config) *RDS { c := p.ClientConfig(EndpointsID, cfgs...) - return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = EndpointsID + // No Fallback + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } // newClient creates, initializes and returns a new service client instance. -func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *RDS { +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *RDS { svc := &RDS{ Client: client.New( cfg, metadata.ClientInfo{ - ServiceName: ServiceName, - ServiceID: ServiceID, - SigningName: signingName, - SigningRegion: signingRegion, - PartitionID: partitionID, - Endpoint: endpoint, - APIVersion: "2014-10-31", + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2014-10-31", + ResolvedRegion: resolvedRegion, }, handlers, ), diff --git a/vendor/github.com/aws/aws-sdk-go/service/rds/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/rds/waiters.go index c5e905cec..9e8d3f4cc 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/rds/waiters.go +++ b/vendor/github.com/aws/aws-sdk-go/service/rds/waiters.go @@ -9,6 +9,148 @@ import ( "github.com/aws/aws-sdk-go/aws/request" ) +// WaitUntilDBClusterAvailable uses the Amazon RDS API operation +// DescribeDBClusters to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *RDS) WaitUntilDBClusterAvailable(input *DescribeDBClustersInput) error { + return c.WaitUntilDBClusterAvailableWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilDBClusterAvailableWithContext is an extended version of WaitUntilDBClusterAvailable. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) WaitUntilDBClusterAvailableWithContext(ctx aws.Context, input *DescribeDBClustersInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilDBClusterAvailable", + MaxAttempts: 60, + Delay: request.ConstantWaiterDelay(30 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathAllWaiterMatch, Argument: "DBClusters[].Status", + Expected: "available", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "deleted", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "deleting", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "failed", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "incompatible-restore", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "incompatible-parameters", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeDBClustersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDBClustersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + +// WaitUntilDBClusterDeleted uses the Amazon RDS API operation +// DescribeDBClusters to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *RDS) WaitUntilDBClusterDeleted(input *DescribeDBClustersInput) error { + return c.WaitUntilDBClusterDeletedWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilDBClusterDeletedWithContext is an extended version of WaitUntilDBClusterDeleted. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) WaitUntilDBClusterDeletedWithContext(ctx aws.Context, input *DescribeDBClustersInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilDBClusterDeleted", + MaxAttempts: 60, + Delay: request.ConstantWaiterDelay(30 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathWaiterMatch, Argument: "length(DBClusters) == `0`", + Expected: true, + }, + { + State: request.SuccessWaiterState, + Matcher: request.ErrorWaiterMatch, + Expected: "DBClusterNotFoundFault", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "creating", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "modifying", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "rebooting", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "resetting-master-credentials", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeDBClustersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDBClustersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + // WaitUntilDBClusterSnapshotAvailable uses the Amazon RDS API operation // DescribeDBClusterSnapshots to wait for a condition to be met before returning. // If the condition is not met within the max attempt window, an error will @@ -434,3 +576,115 @@ func (c *RDS) WaitUntilDBSnapshotDeletedWithContext(ctx aws.Context, input *Desc return w.WaitWithContext(ctx) } + +// WaitUntilTenantDatabaseAvailable uses the Amazon RDS API operation +// DescribeTenantDatabases to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *RDS) WaitUntilTenantDatabaseAvailable(input *DescribeTenantDatabasesInput) error { + return c.WaitUntilTenantDatabaseAvailableWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilTenantDatabaseAvailableWithContext is an extended version of WaitUntilTenantDatabaseAvailable. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) WaitUntilTenantDatabaseAvailableWithContext(ctx aws.Context, input *DescribeTenantDatabasesInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilTenantDatabaseAvailable", + MaxAttempts: 60, + Delay: request.ConstantWaiterDelay(30 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathAllWaiterMatch, Argument: "TenantDatabases[].Status", + Expected: "available", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "TenantDatabases[].Status", + Expected: "deleted", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "TenantDatabases[].Status", + Expected: "incompatible-parameters", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "TenantDatabases[].Status", + Expected: "incompatible-restore", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeTenantDatabasesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTenantDatabasesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + +// WaitUntilTenantDatabaseDeleted uses the Amazon RDS API operation +// DescribeTenantDatabases to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *RDS) WaitUntilTenantDatabaseDeleted(input *DescribeTenantDatabasesInput) error { + return c.WaitUntilTenantDatabaseDeletedWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilTenantDatabaseDeletedWithContext is an extended version of WaitUntilTenantDatabaseDeleted. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) WaitUntilTenantDatabaseDeletedWithContext(ctx aws.Context, input *DescribeTenantDatabasesInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilTenantDatabaseDeleted", + MaxAttempts: 60, + Delay: request.ConstantWaiterDelay(30 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathWaiterMatch, Argument: "length(TenantDatabases) == `0`", + Expected: true, + }, + { + State: request.SuccessWaiterState, + Matcher: request.ErrorWaiterMatch, + Expected: "DBInstanceNotFoundFault", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeTenantDatabasesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTenantDatabasesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 66700cce1..f1fa8dcf0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -14,6 +14,7 @@ import ( "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" "github.com/aws/aws-sdk-go/internal/s3shared/arn" "github.com/aws/aws-sdk-go/private/checksum" "github.com/aws/aws-sdk-go/private/protocol" @@ -39,14 +40,13 @@ const opAbortMultipartUpload = "AbortMultipartUpload" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AbortMultipartUploadRequest method. +// req, resp := client.AbortMultipartUploadRequest(params) // -// // Example sending a request using the AbortMultipartUploadRequest method. -// req, resp := client.AbortMultipartUploadRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUpload func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req *request.Request, output *AbortMultipartUploadOutput) { @@ -74,24 +74,52 @@ func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req // As a result, it might be necessary to abort a given multipart upload multiple // times in order to completely free all storage consumed by all parts. // -// To verify that all parts have been removed, so you don't get charged for +// To verify that all parts have been removed and prevent getting charged for // the part storage, you should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) -// operation and ensure that the parts list is empty. +// API operation and ensure that the parts list is empty. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// For information about permissions required to use the multipart upload API, -// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to AbortMultipartUpload: // -// * CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // -// * UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // -// * CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // -// * ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) // -// * ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) +// - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -101,8 +129,8 @@ func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req // API operation AbortMultipartUpload for usage and error information. // // Returned Error Codes: -// * ErrCodeNoSuchUpload "NoSuchUpload" -// The specified multipart upload does not exist. +// - ErrCodeNoSuchUpload "NoSuchUpload" +// The specified multipart upload does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUpload func (c *S3) AbortMultipartUpload(input *AbortMultipartUploadInput) (*AbortMultipartUploadOutput, error) { @@ -142,14 +170,13 @@ const opCompleteMultipartUpload = "CompleteMultipartUpload" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CompleteMultipartUploadRequest method. +// req, resp := client.CompleteMultipartUploadRequest(params) // -// // Example sending a request using the CompleteMultipartUploadRequest method. -// req, resp := client.CompleteMultipartUploadRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUpload func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) (req *request.Request, output *CompleteMultipartUploadOutput) { @@ -174,62 +201,105 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) // // You first initiate the multipart upload and then upload all parts using the // UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// operation or the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. After successfully uploading all relevant parts of an upload, -// you call this operation to complete the upload. Upon receiving this request, -// Amazon S3 concatenates all the parts in ascending order by part number to -// create a new object. In the Complete Multipart Upload request, you must provide -// the parts list. You must ensure that the parts list is complete. This operation -// concatenates the parts that you provide in the list. For each part in the -// list, you must provide the part number and the ETag value, returned after -// that part was uploaded. -// -// Processing of a Complete Multipart Upload request could take several minutes -// to complete. After Amazon S3 begins processing the request, it sends an HTTP +// you call this CompleteMultipartUpload operation to complete the upload. Upon +// receiving this request, Amazon S3 concatenates all the parts in ascending +// order by part number to create a new object. In the CompleteMultipartUpload +// request, you must provide the parts list and ensure that the parts list is +// complete. The CompleteMultipartUpload API operation concatenates the parts +// that you provide in the list. For each part in the list, you must provide +// the PartNumber value and the ETag value that are returned after that part +// was uploaded. +// +// The processing of a CompleteMultipartUpload request could take several minutes +// to finalize. After Amazon S3 begins processing the request, it sends an HTTP // response header that specifies a 200 OK response. While processing is in // progress, Amazon S3 periodically sends white space characters to keep the -// connection from timing out. Because a request could fail after the initial -// 200 OK response has been sent, it is important that you check the response -// body to determine whether the request succeeded. +// connection from timing out. A request could fail after the initial 200 OK +// response has been sent. This means that a 200 OK response can contain either +// a success or an error. The error response might be embedded in the 200 OK +// response. If you call this API operation directly, make sure to design your +// application to parse the contents of the response and handle it appropriately. +// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs +// detect the embedded error and apply error handling per your configuration +// settings (including automatically retrying the request as appropriate). If +// the condition persists, the SDKs throw an exception (or, for the SDKs that +// don't use exceptions, they return an error). // // Note that if CompleteMultipartUpload fails, applications should be prepared -// to retry the failed requests. For more information, see Amazon S3 Error Best -// Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). +// to retry any failed requests (including 500 error responses). For more information, +// see Amazon S3 Error Best Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). +// +// You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload +// requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload +// can still return a 200 OK response. // // For more information about multipart uploads, see Uploading Objects Using -// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions // -// For information about permissions required to use the multipart upload API, -// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. // -// CompleteMultipartUpload has the following special errors: +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). // -// * Error code: EntityTooSmall Description: Your proposed upload is smaller -// than the minimum allowed object size. Each part must be at least 5 MB -// in size, except the last part. 400 Bad Request +// Special errors // -// * Error code: InvalidPart Description: One or more of the specified parts -// could not be found. The part might not have been uploaded, or the specified -// entity tag might not have matched the part's entity tag. 400 Bad Request +// - Error Code: EntityTooSmall Description: Your proposed upload is smaller +// than the minimum allowed object size. Each part must be at least 5 MB +// in size, except the last part. HTTP Status Code: 400 Bad Request // -// * Error code: InvalidPartOrder Description: The list of parts was not -// in ascending order. The parts list must be specified in order by part -// number. 400 Bad Request +// - Error Code: InvalidPart Description: One or more of the specified parts +// could not be found. The part might not have been uploaded, or the specified +// ETag might not have matched the uploaded part's ETag. HTTP Status Code: +// 400 Bad Request // -// * Error code: NoSuchUpload Description: The specified multipart upload -// does not exist. The upload ID might be invalid, or the multipart upload -// might have been aborted or completed. 404 Not Found +// - Error Code: InvalidPartOrder Description: The list of parts was not +// in ascending order. The parts list must be specified in order by part +// number. HTTP Status Code: 400 Bad Request +// +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CompleteMultipartUpload: // -// * CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // -// * UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // -// * AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) +// - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) // -// * ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) // -// * ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) +// - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -275,14 +345,13 @@ const opCopyObject = "CopyObject" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CopyObjectRequest method. +// req, resp := client.CopyObjectRequest(params) // -// // Example sending a request using the CopyObjectRequest method. -// req, resp := client.CopyObjectRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, output *CopyObjectOutput) { @@ -306,149 +375,124 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // Creates a copy of an object that is already stored in Amazon S3. // // You can store individual objects of up to 5 TB in Amazon S3. You create a -// copy of your object up to 5 GB in size in a single atomic operation using -// this API. However, to copy an object greater than 5 GB, you must use the -// multipart upload Upload Part - Copy API. For more information, see Copy Object -// Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). +// copy of your object up to 5 GB in size in a single atomic action using this +// API. However, to copy an object greater than 5 GB, you must use the multipart +// upload Upload Part - Copy (UploadPartCopy) API. For more information, see +// Copy Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). // -// All copy requests must be authenticated. Additionally, you must have read -// access to the source object and write access to the destination bucket. For -// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). -// Both the Region that you want to copy the object from and the Region that -// you want to copy the object to must be enabled for your account. -// -// A copy request might return an error when Amazon S3 receives the copy request -// or while Amazon S3 is copying the files. If the error occurs before the copy -// operation starts, you receive a standard Amazon S3 error. If the error occurs -// during the copy operation, the error response is embedded in the 200 OK response. -// This means that a 200 OK response can contain either a success or an error. -// Design your application to parse the contents of the response and handle -// it appropriately. -// -// If the copy is successful, you receive a response with information about -// the copied object. +// You can copy individual objects between general purpose buckets, between +// directory buckets, and between general purpose buckets and directory buckets. // -// If the request is an HTTP 1.1 request, the response is chunk encoded. If -// it were not, it would not contain the content-length, and you would need -// to read the entire body. +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// The copy request charge is based on the storage class and Region that you -// specify for the destination object. For pricing information, see Amazon S3 -// pricing (https://aws.amazon.com/s3/pricing/). +// Both the Region that you want to copy the object from and the Region that +// you want to copy the object to must be enabled for your account. For more +// information about how to enable a Region for your account, see Enable or +// disable a Region for standalone accounts (https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html#manage-acct-regions-enable-standalone) +// in the Amazon Web Services Account Management Guide. // // Amazon S3 transfer acceleration does not support cross-Region copies. If // you request a cross-Region copy using a transfer acceleration endpoint, you // get a 400 Bad Request error. For more information, see Transfer Acceleration // (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). // -// Metadata -// -// When copying an object, you can preserve all metadata (default) or specify -// new metadata. However, the ACL is not preserved and is set to private for -// the user making the request. To override the default ACL setting, specify -// a new ACL when generating a copy request. For more information, see Using -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// -// To specify whether you want the object metadata copied from the source object -// or replaced with metadata provided in the request, you can optionally add -// the x-amz-metadata-directive header. When you grant permissions, you can -// use the s3:x-amz-metadata-directive condition key to enforce certain metadata -// behavior when objects are uploaded. For more information, see Specifying -// Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) -// in the Amazon S3 Developer Guide. For a complete list of Amazon S3-specific -// condition keys, see Actions, Resources, and Condition Keys for Amazon S3 -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). -// -// x-amz-copy-source-if Headers -// -// To only copy an object under certain conditions, such as whether the Etag -// matches or whether the object was modified before or after a specified date, -// use the following request parameters: -// -// * x-amz-copy-source-if-match -// -// * x-amz-copy-source-if-none-match -// -// * x-amz-copy-source-if-unmodified-since -// -// * x-amz-copy-source-if-modified-since -// -// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// 200 OK and copies the data: -// -// * x-amz-copy-source-if-match condition evaluates to true +// # Authentication and authorization // -// * x-amz-copy-source-if-unmodified-since condition evaluates to false -// -// If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// the 412 Precondition Failed response code: -// -// * x-amz-copy-source-if-none-match condition evaluates to false -// -// * x-amz-copy-source-if-modified-since condition evaluates to true -// -// All headers with the x-amz- prefix, including x-amz-copy-source, must be -// signed. -// -// Server-side encryption -// -// When you perform a CopyObject operation, you can optionally use the appropriate -// encryption-related headers to encrypt the object using server-side encryption -// with AWS managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided -// encryption key. With server-side encryption, Amazon S3 encrypts your data -// as it writes it to disks in its data centers and decrypts the data when you -// access it. For more information about server-side encryption, see Using Server-Side -// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). -// -// If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the -// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// Access Control List (ACL)-Specific Request Headers +// All CopyObject requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // -// When copying an object, you can optionally use headers to grant ACL-based -// permissions. By default, all objects are private. Only the owner has full -// access control. When adding a new object, you can grant permissions to individual -// AWS accounts or to predefined groups defined by Amazon S3. These permissions -// are then added to the ACL on the object. For more information, see Access -// Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). +// Directory buckets - You must use the IAM credentials to authenticate and +// authorize your access to the CopyObject API operation, instead of using the +// temporary security credentials through the CreateSession API operation. // -// Storage Class Options +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. // -// You can use the CopyObject operation to change the storage class of an object -// that is already stored in Amazon S3 using the StorageClass parameter. For -// more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 Service Developer Guide. +// # Permissions // -// Versioning +// You must have read access to the source object and write access to the destination +// bucket. // -// By default, x-amz-copy-source identifies the current version of an object -// to copy. If the current version is a delete marker, Amazon S3 behaves as -// if the object was deleted. To copy a different version, use the versionId -// subresource. +// - General purpose bucket permissions - You must have permissions in an +// IAM policy based on the source and destination bucket types in a CopyObject +// operation. If the source object is in a general purpose bucket, you must +// have s3:GetObject permission to read the source object that is being copied. +// If the destination bucket is a general purpose bucket, you must have s3:PutObject +// permission to write the object copy to the destination bucket. +// +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in a CopyObject operation. If the source object that you +// want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object. By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key can't be set to ReadOnly on the copy destination bucket. +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// # Response and special errors +// +// When the request is an HTTP 1.1 request, the response is chunk encoded. When +// the request is not an HTTP 1.1 request, the response would not contain the +// Content-Length. You always need to read the entire response body to check +// if the copy succeeds. +// +// - If the copy is successful, you receive a response with information about +// the copied object. +// +// - A copy request might return an error when Amazon S3 receives the copy +// request or while Amazon S3 is copying the files. A 200 OK response can +// contain either a success or an error. If the error occurs before the copy +// action starts, you receive a standard Amazon S3 error. If the error occurs +// during the copy operation, the error response is embedded in the 200 OK +// response. For example, in a cross-region copy, you may encounter throttling +// and receive a 200 OK response. For more information, see Resolve the Error +// 200 response when copying objects to Amazon S3 (https://repost.aws/knowledge-center/s3-resolve-200-internalerror). +// The 200 OK status code means the copy was accepted, but it doesn't mean +// the copy is complete. Another example is when you disconnect from Amazon +// S3 before the copy is complete, Amazon S3 might cancel the copy and you +// may receive a 200 OK response. You must stay connected to Amazon S3 until +// the entire response is successfully received and processed. If you call +// this API operation directly, make sure to design your application to parse +// the content of the response and handle it appropriately. If you use Amazon +// Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded +// error and apply error handling per your configuration settings (including +// automatically retrying the request as appropriate). If the condition persists, +// the SDKs throw an exception (or, for the SDKs that don't use exceptions, +// they return an error). +// +// # Charge // -// If you enable versioning on the target bucket, Amazon S3 generates a unique -// version ID for the object being copied. This version ID is different from -// the version ID of the source object. Amazon S3 returns the version ID of -// the copied object in the x-amz-version-id response header in the response. +// The copy request charge is based on the storage class and Region that you +// specify for the destination object. The request can also result in a data +// retrieval charge for the source if the source storage class bills for data +// retrieval. If the copy source is in a different region, the data transfer +// is billed to the copy source account. For pricing information, see Amazon +// S3 pricing (http://aws.amazon.com/s3/pricing/). // -// If you do not enable versioning or suspend it on the target bucket, the version -// ID that Amazon S3 generates is always null. +// # HTTP Host header syntax // -// If the source object's storage class is GLACIER, you must restore a copy -// of this object before you can use it as a source object for the copy operation. -// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CopyObject: // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) -// -// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html). +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -458,9 +502,9 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // API operation CopyObject for usage and error information. // // Returned Error Codes: -// * ErrCodeObjectNotInActiveTierError "ObjectNotInActiveTierError" -// The source object of the COPY operation is not in the active tier and is -// only stored in Amazon S3 Glacier. +// - ErrCodeObjectNotInActiveTierError "ObjectNotInActiveTierError" +// The source object of the COPY action is not in the active tier and is only +// stored in Amazon S3 Glacier. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject func (c *S3) CopyObject(input *CopyObjectInput) (*CopyObjectOutput, error) { @@ -500,14 +544,13 @@ const opCreateBucket = "CreateBucket" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateBucketRequest method. +// req, resp := client.CreateBucketRequest(params) // -// // Example sending a request using the CreateBucketRequest method. -// req, resp := client.CreateBucketRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request, output *CreateBucketOutput) { @@ -528,70 +571,103 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // CreateBucket API operation for Amazon Simple Storage Service. // -// Creates a new S3 bucket. To create a bucket, you must register with Amazon -// S3 and have a valid AWS Access Key ID to authenticate requests. Anonymous -// requests are never allowed to create buckets. By creating the bucket, you -// become the bucket owner. -// -// Not every string is an acceptable bucket name. For information about bucket -// naming restrictions, see Working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). -// -// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). -// -// By default, the bucket is created in the US East (N. Virginia) Region. You -// can optionally specify a Region in the request body. You might choose a Region -// to optimize latency, minimize costs, or address regulatory requirements. -// For example, if you reside in Europe, you will probably find it advantageous -// to create buckets in the Europe (Ireland) Region. For more information, see -// Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro). -// -// If you send your create bucket request to the s3.amazonaws.com endpoint, -// the request goes to the us-east-1 Region. Accordingly, the signature calculations -// in Signature Version 4 must use us-east-1 as the Region, even if the location -// constraint in the request specifies another Region where the bucket is to -// be created. If you create a bucket in a Region other than US East (N. Virginia), -// your application must be able to handle 307 redirect. For more information, -// see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). -// -// When creating a bucket using this operation, you can optionally specify the -// accounts or groups that should be granted specific permissions on the bucket. -// There are two ways to grant the appropriate permissions using the request -// headers. +// This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts +// bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). +// +// Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and +// have a valid Amazon Web Services Access Key ID to authenticate requests. +// Anonymous requests are never allowed to create buckets. By creating the bucket, +// you become the bucket owner. +// +// There are two types of buckets: general purpose buckets and directory buckets. +// For more information about these bucket types, see Creating, configuring, +// and working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) +// in the Amazon S3 User Guide. +// +// - General purpose buckets - If you send your CreateBucket request to the +// s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. +// So the signature calculations in Signature Version 4 must use us-east-1 +// as the Region, even if the location constraint in the request specifies +// another Region where the bucket is to be created. If you create a bucket +// in a Region other than US East (N. Virginia), your application must be +// able to handle 307 redirect. For more information, see Virtual hosting +// of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html) +// in the Amazon S3 User Guide. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// * Specify a canned ACL using the x-amz-acl request header. Amazon S3 supports -// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a -// predefined set of grantees and permissions. For more information, see -// Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// * Specify access permissions explicitly using the x-amz-grant-read, x-amz-grant-write, -// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control -// headers. These headers map to the set of permissions Amazon S3 supports -// in an ACL. For more information, see Access control list (ACL) overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You -// specify each grantee as a type=value pair, where the type is one of the -// following: id – if the value specified is the canonical user ID of an -// AWS account uri – if you are granting permissions to a predefined group -// emailAddress – if the value specified is the email address of an AWS -// account Using email addresses to specify a grantee is only supported in -// the following AWS Regions: US East (N. Virginia) US West (N. California) -// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific -// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all -// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints -// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in -// the AWS General Reference. For example, the following x-amz-grant-read -// header grants the AWS accounts identified by account IDs permissions to -// read object data and its metadata: x-amz-grant-read: id="11112222333", -// id="444455556666" +// Permissions // -// You can use either a canned ACL or specify access permissions explicitly. -// You cannot do both. +// - General purpose bucket permissions - In addition to the s3:CreateBucket +// permission, the following permissions are required in a policy when your +// CreateBucket request includes specific headers: Access control lists (ACLs) +// +// - In your CreateBucket request, if you specify an access control list +// (ACL) and set it to public-read, public-read-write, authenticated-read, +// or if you explicitly specify any other custom ACLs, both s3:CreateBucket +// and s3:PutBucketAcl permissions are required. In your CreateBucket request, +// if you set the ACL to private, or if you don't specify any ACLs, only +// the s3:CreateBucket permission is required. Object Lock - In your CreateBucket +// request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration +// and s3:PutBucketVersioning permissions are required. S3 Object Ownership +// +// - If your CreateBucket request includes the x-amz-object-ownership header, +// then the s3:PutBucketOwnershipControls permission is required. To set +// an ACL on a bucket as part of a CreateBucket request, you must explicitly +// set S3 Object Ownership for the bucket to a different value than the default, +// BucketOwnerEnforced. Additionally, if your desired bucket ACL grants public +// access, you must first create the bucket (without the bucket ACL) and +// then explicitly disable Block Public Access on the bucket before using +// PutBucketAcl to set the ACL. If you try to create a bucket with a public +// ACL, the request will fail. For the majority of modern use cases in S3, +// we recommend that you keep all Block Public Access settings enabled and +// keep ACLs disabled. If you would like to share data with users outside +// of your account, you can use bucket policies as needed. For more information, +// see Controlling ownership of objects and disabling ACLs for your bucket +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// and Blocking public access to your Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) +// in the Amazon S3 User Guide. S3 Block Public Access - If your specific +// use case requires granting public access to your S3 resources, you can +// disable Block Public Access. Specifically, you can create a new bucket +// with Block Public Access enabled, then separately call the DeletePublicAccessBlock +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// API. To use this operation, you must have the s3:PutBucketPublicAccessBlock +// permission. For more information about S3 Block Public Access, see Blocking +// public access to your Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - You must have the s3express:CreateBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. The permissions for ACLs, Object Lock, S3 +// Object Ownership, and S3 Block Public Access are not supported for directory +// buckets. For directory buckets, all Block Public Access settings are enabled +// at the bucket level and S3 Object Ownership is set to Bucket owner enforced +// (ACLs disabled). These settings can't be modified. For more information +// about permissions for creating and working with directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. For more information about supported S3 features +// for directory buckets, see Features of S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to CreateBucket: // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// * DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) +// - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -601,16 +677,17 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // API operation CreateBucket for usage and error information. // // Returned Error Codes: -// * ErrCodeBucketAlreadyExists "BucketAlreadyExists" -// The requested bucket name is not available. The bucket namespace is shared -// by all users of the system. Select a different name and try again. // -// * ErrCodeBucketAlreadyOwnedByYou "BucketAlreadyOwnedByYou" -// The bucket you tried to create already exists, and you own it. Amazon S3 -// returns this error in all AWS Regions except in the North Virginia Region. -// For legacy compatibility, if you re-create an existing bucket that you already -// own in the North Virginia Region, Amazon S3 returns 200 OK and resets the -// bucket access control lists (ACLs). +// - ErrCodeBucketAlreadyExists "BucketAlreadyExists" +// The requested bucket name is not available. The bucket namespace is shared +// by all users of the system. Select a different name and try again. +// +// - ErrCodeBucketAlreadyOwnedByYou "BucketAlreadyOwnedByYou" +// The bucket you tried to create already exists, and you own it. Amazon S3 +// returns this error in all Amazon Web Services Regions except in the North +// Virginia Region. For legacy compatibility, if you re-create an existing bucket +// that you already own in the North Virginia Region, Amazon S3 returns 200 +// OK and resets the bucket access control lists (ACLs). // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket func (c *S3) CreateBucket(input *CreateBucketInput) (*CreateBucketOutput, error) { @@ -650,14 +727,13 @@ const opCreateMultipartUpload = "CreateMultipartUpload" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the CreateMultipartUploadRequest method. +// req, resp := client.CreateMultipartUploadRequest(params) // -// // Example sending a request using the CreateMultipartUploadRequest method. -// req, resp := client.CreateMultipartUploadRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUpload func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (req *request.Request, output *CreateMultipartUploadOutput) { @@ -678,155 +754,156 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // CreateMultipartUpload API operation for Amazon Simple Storage Service. // -// This operation initiates a multipart upload and returns an upload ID. This -// upload ID is used to associate all of the parts in the specific multipart -// upload. You specify this upload ID in each of your subsequent upload part -// requests (see UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). +// This action initiates a multipart upload and returns an upload ID. This upload +// ID is used to associate all of the parts in the specific multipart upload. +// You specify this upload ID in each of your subsequent upload part requests +// (see UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). // You also include this upload ID in the final request to either complete or -// abort the multipart upload request. -// -// For more information about multipart uploads, see Multipart Upload Overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html). -// -// If you have configured a lifecycle rule to abort incomplete multipart uploads, -// the upload must complete within the number of days specified in the bucket -// lifecycle configuration. Otherwise, the incomplete multipart upload becomes -// eligible for an abort operation and Amazon S3 aborts the multipart upload. -// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). -// -// For information about the permissions required to use the multipart upload -// API, see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). -// -// For request signing, multipart upload is just a series of regular requests. -// You initiate a multipart upload, send one or more requests to upload parts, -// and then complete the multipart upload process. You sign each request individually. -// There is nothing special about signing multipart upload requests. For more -// information about signing, see Authenticating Requests (AWS Signature Version -// 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). +// abort the multipart upload request. For more information about multipart +// uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) +// in the Amazon S3 User Guide. // // After you initiate a multipart upload and upload one or more parts, to stop // being charged for storing the uploaded parts, you must either complete or // abort the multipart upload. Amazon S3 frees up the space used to store the -// parts and stop charging you for storing them only after you either complete +// parts and stops charging you for storing them only after you either complete // or abort a multipart upload. // -// You can optionally request server-side encryption. For server-side encryption, -// Amazon S3 encrypts your data as it writes it to disks in its data centers -// and decrypts it when you access it. You can provide your own encryption key, -// or use AWS Key Management Service (AWS KMS) customer master keys (CMKs) or -// Amazon S3-managed encryption keys. If you choose to provide your own encryption -// key, the request headers you provide in UploadPart (AmazonS3/latest/API/API_UploadPart.html) -// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) -// requests must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload. -// -// To perform a multipart upload with encryption using an AWS KMS CMK, the requester -// must have permission to the kms:Encrypt, kms:Decrypt, kms:ReEncrypt*, kms:GenerateDataKey*, -// and kms:DescribeKey actions on the key. These permissions are required because -// Amazon S3 must decrypt and read data from the encrypted file parts before -// it completes the multipart upload. -// -// If your AWS Identity and Access Management (IAM) user or role is in the same -// AWS account as the AWS KMS CMK, then you must have these permissions on the -// key policy. If your IAM user or role belongs to a different account than -// the key, then you must have the permissions on both the key policy and your -// IAM user or role. -// -// For more information, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). +// If you have configured a lifecycle rule to abort incomplete multipart uploads, +// the created multipart upload must be completed within the number of days +// specified in the bucket lifecycle configuration. Otherwise, the incomplete +// multipart upload becomes eligible for an abort action and Amazon S3 aborts +// the multipart upload. For more information, see Aborting Incomplete Multipart +// Uploads Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). // -// Access Permissions +// - Directory buckets - S3 Lifecycle is not supported by directory buckets. // -// When copying an object, you can optionally specify the accounts or groups -// that should be granted specific permissions on the new object. There are -// two ways to grant the permissions using the request headers: +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// * Specify a canned ACL with the x-amz-acl request header. For more information, -// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). +// # Request signing // -// * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, -// x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters -// map to the set of permissions that Amazon S3 supports in an ACL. For more -// information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). +// For request signing, multipart upload is just a series of regular requests. +// You initiate a multipart upload, send one or more requests to upload parts, +// and then complete the multipart upload process. You sign each request individually. +// There is nothing special about signing multipart upload requests. For more +// information about signing, see Authenticating Requests (Amazon Web Services +// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) +// in the Amazon S3 User Guide. // -// You can use either a canned ACL or specify access permissions explicitly. -// You cannot do both. +// Permissions // -// Server-Side- Encryption-Specific Request Headers -// -// You can optionally tell Amazon S3 to encrypt data at rest using server-side -// encryption. Server-side encryption is for data encryption at rest. Amazon -// S3 encrypts your data as it writes it to disks in its data centers and decrypts -// it when you access it. The option you use depends on whether you want to -// use AWS managed encryption keys or provide your own encryption key. -// -// * Use encryption keys managed by Amazon S3 or customer master keys (CMKs) -// stored in AWS Key Management Service (AWS KMS) – If you want AWS to -// manage the keys used to encrypt data, specify the following headers in -// the request. x-amz-server-side-encryption x-amz-server-side-encryption-aws-kms-key-id -// x-amz-server-side-encryption-context If you specify x-amz-server-side-encryption:aws:kms, -// but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon -// S3 uses the AWS managed CMK in AWS KMS to protect the data. All GET and -// PUT requests for an object protected by AWS KMS fail if you don't make -// them with SSL or by using SigV4. For more information about server-side -// encryption with CMKs stored in AWS KMS (SSE-KMS), see Protecting Data -// Using Server-Side Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). -// -// * Use customer-provided encryption keys – If you want to manage your -// own encryption keys, provide all the following headers in the request. -// x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key -// x-amz-server-side-encryption-customer-key-MD5 For more information about -// server-side encryption with CMKs stored in AWS KMS (SSE-KMS), see Protecting -// Data Using Server-Side Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). -// -// Access-Control-List (ACL)-Specific Request Headers -// -// You also can use the following access control–related headers with this -// operation. By default, all objects are private. Only the owner has full access -// control. When adding a new object, you can grant permissions to individual -// AWS accounts or to predefined groups defined by Amazon S3. These permissions -// are then added to the access control list (ACL) on the object. For more information, -// see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// With this operation, you can grant access permissions using one of the following -// two methods: -// -// * Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined -// ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees -// and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// * Specify access permissions explicitly — To explicitly grant access -// permissions to specific AWS accounts or groups, use the following headers. -// Each header maps to specific permissions that Amazon S3 supports in an -// ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// In the header, you specify a list of grantees who get the specific permission. -// To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write -// x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You -// specify each grantee as a type=value pair, where the type is one of the -// following: id – if the value specified is the canonical user ID of an -// AWS account uri – if you are granting permissions to a predefined group -// emailAddress – if the value specified is the email address of an AWS -// account Using email addresses to specify a grantee is only supported in -// the following AWS Regions: US East (N. Virginia) US West (N. California) -// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific -// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all -// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints -// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in -// the AWS General Reference. For example, the following x-amz-grant-read -// header grants the AWS accounts identified by account IDs permissions to -// read object data and its metadata: x-amz-grant-read: id="11112222333", -// id="444455556666" +// - General purpose bucket permissions - For information about the permissions +// required to use the multipart upload API, see Multipart upload and permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. To perform a multipart upload with encryption +// by using an Amazon Web Services KMS key, the requester must have permission +// to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These +// permissions are required because Amazon S3 must decrypt and read data +// from the encrypted file parts before it completes the multipart upload. +// For more information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Encryption +// +// - General purpose buckets - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. Amazon S3 automatically +// encrypts all new objects that are uploaded to an S3 bucket. When doing +// a multipart upload, if you don't specify encryption information in your +// request, the encryption setting of the uploaded parts is set to the default +// encryption configuration of the destination bucket. By default, all buckets +// have a base level of encryption configuration that uses server-side encryption +// with Amazon S3 managed keys (SSE-S3). If the destination bucket has a +// default encryption configuration that uses server-side encryption with +// an Key Management Service (KMS) key (SSE-KMS), or a customer-provided +// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a +// customer-provided key to encrypt the uploaded parts. When you perform +// a CreateMultipartUpload operation, if you want to use a different type +// of encryption setting for the uploaded parts, you can request that Amazon +// S3 encrypts the object with a different encryption key (such as an Amazon +// S3 managed key, a KMS key, or a customer-provided key). When the encryption +// setting in your request is different from the default encryption configuration +// of the destination bucket, the encryption setting in your request takes +// precedence. If you choose to provide your own encryption key, the request +// headers you provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// requests must match the headers you used in the CreateMultipartUpload +// request. Use KMS keys (SSE-KMS) that include the Amazon Web Services managed +// key (aws/s3) and KMS customer managed keys stored in Key Management Service +// (KMS) – If you want Amazon Web Services to manage the keys used to encrypt +// data, specify the following headers in the request. x-amz-server-side-encryption +// x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context +// If you specify x-amz-server-side-encryption:aws:kms, but don't provide +// x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon +// Web Services managed key (aws/s3 key) in KMS to protect the data. To perform +// a multipart upload with encryption by using an Amazon Web Services KMS +// key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* +// actions on the key. These permissions are required because Amazon S3 must +// decrypt and read data from the encrypted file parts before it completes +// the multipart upload. For more information, see Multipart upload API and +// permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. If your Identity and Access Management (IAM) +// user or role is in the same Amazon Web Services account as the KMS key, +// then you must have these permissions on the key policy. If your IAM user +// or role is in a different account from the key, then you must have the +// permissions on both the key policy and your IAM user or role. All GET +// and PUT requests for an object protected by KMS fail if you don't make +// them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), +// or Signature Version 4. For information about configuring any of the officially +// supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying +// the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) +// in the Amazon S3 User Guide. For more information about server-side encryption +// with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption +// with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. Use customer-provided encryption keys (SSE-C) +// – If you want to manage your own encryption keys, provide all the following +// headers in the request. x-amz-server-side-encryption-customer-algorithm +// x-amz-server-side-encryption-customer-key x-amz-server-side-encryption-customer-key-MD5 +// For more information about server-side encryption with customer-provided +// encryption keys (SSE-C), see Protecting data using server-side encryption +// with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. +// +// - Directory buckets -For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CreateMultipartUpload: // -// * UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // -// * CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // -// * AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) +// - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) // -// * ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) // -// * ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) +// - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -856,6 +933,152 @@ func (c *S3) CreateMultipartUploadWithContext(ctx aws.Context, input *CreateMult return out, req.Send() } +const opCreateSession = "CreateSession" + +// CreateSessionRequest generates a "aws/request.Request" representing the +// client's request for the CreateSession operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSession for more information on using the CreateSession +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateSessionRequest method. +// req, resp := client.CreateSessionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSessionRequest(input *CreateSessionInput) (req *request.Request, output *CreateSessionOutput) { + op := &request.Operation{ + Name: opCreateSession, + HTTPMethod: "GET", + HTTPPath: "/{Bucket}?session", + } + + if input == nil { + input = &CreateSessionInput{} + } + + output = &CreateSessionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSession API operation for Amazon Simple Storage Service. +// +// Creates a session that establishes temporary security credentials to support +// fast authentication and authorization for the Zonal endpoint APIs on directory +// buckets. For more information about Zonal endpoint APIs that include the +// Availability Zone in the request endpoint, see S3 Express One Zone APIs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) +// in the Amazon S3 User Guide. +// +// To make Zonal endpoint API requests on a directory bucket, use the CreateSession +// API operation. Specifically, you grant s3express:CreateSession permission +// to a bucket in a bucket policy or an IAM identity-based policy. Then, you +// use IAM credentials to make the CreateSession API request on the bucket, +// which returns temporary security credentials that include the access key +// ID, secret access key, session token, and expiration. These credentials have +// associated permissions to access the Zonal endpoint APIs. After the session +// is created, you don’t need to use other policies to grant permissions to +// each Zonal endpoint API individually. Instead, in your Zonal endpoint API +// requests, you sign your requests by applying the temporary security credentials +// of the session to the request headers and following the SigV4 protocol for +// authentication. You also apply the session token to the x-amz-s3session-token +// request header for authorization. Temporary security credentials are scoped +// to the bucket and expire after 5 minutes. After the expiration time, any +// calls that you make with those credentials will fail. You must use IAM credentials +// again to make a CreateSession API request that generates a new set of temporary +// credentials for use. Temporary credentials cannot be extended or refreshed +// beyond the original specified interval. +// +// If you use Amazon Web Services SDKs, SDKs handle the session token refreshes +// automatically to avoid service interruptions when a session expires. We recommend +// that you use the Amazon Web Services SDKs to initiate and manage requests +// to the CreateSession API. For more information, see Performance guidelines +// and design patterns (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) +// in the Amazon S3 User Guide. +// +// - You must make requests for this API operation to the Zonal endpoint. +// These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com. +// Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// - CopyObject API operation - Unlike other Zonal endpoint APIs, the CopyObject +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the CopyObject +// API operation on directory buckets, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). +// +// - HeadBucket API operation - Unlike other Zonal endpoint APIs, the HeadBucket +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the HeadBucket +// API operation on directory buckets, see HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html). +// +// # Permissions +// +// To obtain temporary security credentials, you must create a bucket policy +// or an IAM identity-based policy that grants s3express:CreateSession permission +// to the bucket. In a policy, you can have the s3express:SessionMode condition +// key to control who can create a ReadWrite or ReadOnly session. For more information +// about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters). +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// To grant cross-account access to Zonal endpoint APIs, the bucket policy should +// also grant both accounts the s3express:CreateSession permission. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation CreateSession for usage and error information. +// +// Returned Error Codes: +// - ErrCodeNoSuchBucket "NoSuchBucket" +// The specified bucket does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSession(input *CreateSessionInput) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + return out, req.Send() +} + +// CreateSessionWithContext is the same as CreateSession with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSession for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) CreateSessionWithContext(ctx aws.Context, input *CreateSessionInput, opts ...request.Option) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteBucket = "DeleteBucket" // DeleteBucketRequest generates a "aws/request.Request" representing the @@ -872,14 +1095,13 @@ const opDeleteBucket = "DeleteBucket" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketRequest method. +// req, resp := client.DeleteBucketRequest(params) // -// // Example sending a request using the DeleteBucketRequest method. -// req, resp := client.DeleteBucketRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucket func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request, output *DeleteBucketOutput) { @@ -904,11 +1126,40 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request // Deletes the S3 bucket. All objects (including all object versions and delete // markers) in the bucket must be deleted before the bucket itself can be deleted. // -// Related Resources +// - Directory buckets - If multipart uploads in a directory bucket are in +// progress, you can't delete the bucket until all the in-progress multipart +// uploads are aborted or completed. // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions // -// * DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) +// - General purpose bucket permissions - You must have the s3:DeleteBucket +// permission on the specified bucket in a policy. +// +// - Directory bucket permissions - You must have the s3express:DeleteBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// +// The following operations are related to DeleteBucket: +// +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// +// - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -954,14 +1205,13 @@ const opDeleteBucketAnalyticsConfiguration = "DeleteBucketAnalyticsConfiguration // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketAnalyticsConfigurationRequest method. +// req, resp := client.DeleteBucketAnalyticsConfigurationRequest(params) // -// // Example sending a request using the DeleteBucketAnalyticsConfigurationRequest method. -// req, resp := client.DeleteBucketAnalyticsConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfiguration func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyticsConfigurationInput) (req *request.Request, output *DeleteBucketAnalyticsConfigurationOutput) { @@ -983,25 +1233,27 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt // DeleteBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an analytics configuration for the bucket (specified by the analytics // configuration ID). // // To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about the Amazon S3 analytics feature, see Amazon S3 Analytics // – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html). // // The following operations are related to DeleteBucketAnalyticsConfiguration: // -// * GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) +// - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) // -// * ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) +// - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) // -// * PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) +// - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1047,14 +1299,13 @@ const opDeleteBucketCors = "DeleteBucketCors" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketCorsRequest method. +// req, resp := client.DeleteBucketCorsRequest(params) // -// // Example sending a request using the DeleteBucketCorsRequest method. -// req, resp := client.DeleteBucketCorsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCors func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request.Request, output *DeleteBucketCorsOutput) { @@ -1076,6 +1327,8 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // DeleteBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the cors configuration information set for the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketCORS @@ -1083,13 +1336,13 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // permission to others. // // For information about cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // -// Related Resources: +// Related Resources // -// * PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) +// - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) // -// * RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) +// - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1135,14 +1388,13 @@ const opDeleteBucketEncryption = "DeleteBucketEncryption" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketEncryptionRequest method. +// req, resp := client.DeleteBucketEncryptionRequest(params) // -// // Example sending a request using the DeleteBucketEncryptionRequest method. -// req, resp := client.DeleteBucketEncryptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryption func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) (req *request.Request, output *DeleteBucketEncryptionOutput) { @@ -1164,23 +1416,26 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) ( // DeleteBucketEncryption API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE operation removes default encryption from -// the bucket. For information about the Amazon S3 default encryption feature, -// see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) -// in the Amazon Simple Storage Service Developer Guide. +// This operation is not supported by directory buckets. +// +// This implementation of the DELETE action resets the default encryption for +// the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). +// For information about the bucket default encryption feature, see Amazon S3 +// Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// in the Amazon S3 User Guide. // // To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) -// in the Amazon Simple Storage Service Developer Guide. +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to DeleteBucketEncryption: // -// * PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) +// - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) // -// * GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) +// - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1226,14 +1481,13 @@ const opDeleteBucketIntelligentTieringConfiguration = "DeleteBucketIntelligentTi // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketIntelligentTieringConfigurationRequest method. +// req, resp := client.DeleteBucketIntelligentTieringConfigurationRequest(params) // -// // Example sending a request using the DeleteBucketIntelligentTieringConfigurationRequest method. -// req, resp := client.DeleteBucketIntelligentTieringConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketIntelligentTieringConfiguration func (c *S3) DeleteBucketIntelligentTieringConfigurationRequest(input *DeleteBucketIntelligentTieringConfigurationInput) (req *request.Request, output *DeleteBucketIntelligentTieringConfigurationOutput) { @@ -1255,32 +1509,34 @@ func (c *S3) DeleteBucketIntelligentTieringConfigurationRequest(input *DeleteBuc // DeleteBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access -// tier, without additional operational overhead. S3 Intelligent-Tiering delivers -// automatic cost savings by moving data between access tiers, when access patterns -// change. -// -// The S3 Intelligent-Tiering storage class is suitable for objects larger than -// 128 KB that you plan to store for at least 30 days. If the size of an object -// is less than 128 KB, it is not eligible for auto-tiering. Smaller objects -// can be stored, but they are always charged at the frequent access tier rates +// tier, without performance impact or operational overhead. S3 Intelligent-Tiering +// delivers automatic cost savings in three low latency and high throughput +// access tiers. To get the lowest storage cost on data that can be accessed +// in minutes to hours, you can choose to activate additional archiving capabilities. +// +// The S3 Intelligent-Tiering storage class is the ideal storage class for data +// with unknown, changing, or unpredictable access patterns, independent of +// object size or retention period. If the size of an object is less than 128 +// KB, it is not monitored and not eligible for auto-tiering. Smaller objects +// can be stored, but they are always charged at the Frequent Access tier rates // in the S3 Intelligent-Tiering storage class. // -// If you delete an object before the end of the 30-day minimum storage duration -// period, you are charged for 30 days. For more information, see Storage class -// for automatically optimizing frequently and infrequently accessed objects -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). +// For more information, see Storage class for automatically optimizing frequently +// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). // // Operations related to DeleteBucketIntelligentTieringConfiguration include: // -// * GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) +// - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) // -// * PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) +// - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) // -// * ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) +// - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1326,14 +1582,13 @@ const opDeleteBucketInventoryConfiguration = "DeleteBucketInventoryConfiguration // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketInventoryConfigurationRequest method. +// req, resp := client.DeleteBucketInventoryConfigurationRequest(params) // -// // Example sending a request using the DeleteBucketInventoryConfigurationRequest method. -// req, resp := client.DeleteBucketInventoryConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfiguration func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInventoryConfigurationInput) (req *request.Request, output *DeleteBucketInventoryConfigurationOutput) { @@ -1355,25 +1610,27 @@ func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInvent // DeleteBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an inventory configuration (identified by the inventory ID) from // the bucket. // // To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about the Amazon S3 inventory feature, see Amazon S3 Inventory // (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html). // // Operations related to DeleteBucketInventoryConfiguration include: // -// * GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) +// - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) // -// * PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) +// - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) // -// * ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) +// - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1419,14 +1676,13 @@ const opDeleteBucketLifecycle = "DeleteBucketLifecycle" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketLifecycleRequest method. +// req, resp := client.DeleteBucketLifecycleRequest(params) // -// // Example sending a request using the DeleteBucketLifecycleRequest method. -// req, resp := client.DeleteBucketLifecycleRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycle func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (req *request.Request, output *DeleteBucketLifecycleOutput) { @@ -1448,6 +1704,8 @@ func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (re // DeleteBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the lifecycle configuration from the specified bucket. Amazon S3 // removes all the lifecycle configuration rules in the lifecycle subresource // associated with the bucket. Your objects never expire, and Amazon S3 no longer @@ -1466,9 +1724,9 @@ func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (re // // Related actions include: // -// * PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) +// - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) // -// * GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) +// - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1514,14 +1772,13 @@ const opDeleteBucketMetricsConfiguration = "DeleteBucketMetricsConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketMetricsConfigurationRequest method. +// req, resp := client.DeleteBucketMetricsConfigurationRequest(params) // -// // Example sending a request using the DeleteBucketMetricsConfigurationRequest method. -// req, resp := client.DeleteBucketMetricsConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfiguration func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsConfigurationInput) (req *request.Request, output *DeleteBucketMetricsConfigurationOutput) { @@ -1543,6 +1800,8 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC // DeleteBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes a metrics configuration for the Amazon CloudWatch request metrics // (specified by the metrics configuration ID) from the bucket. Note that this // doesn't include the daily storage metrics. @@ -1550,21 +1809,21 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC // To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about CloudWatch request metrics for Amazon S3, see Monitoring // Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). // // The following operations are related to DeleteBucketMetricsConfiguration: // -// * GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) +// - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) // -// * PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) +// - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) // -// * ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) +// - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) // -// * Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) +// - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1610,14 +1869,13 @@ const opDeleteBucketOwnershipControls = "DeleteBucketOwnershipControls" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketOwnershipControlsRequest method. +// req, resp := client.DeleteBucketOwnershipControlsRequest(params) // -// // Example sending a request using the DeleteBucketOwnershipControlsRequest method. -// req, resp := client.DeleteBucketOwnershipControlsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControls func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipControlsInput) (req *request.Request, output *DeleteBucketOwnershipControlsOutput) { @@ -1639,6 +1897,8 @@ func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipCo // DeleteBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:PutBucketOwnershipControls permission. For more information // about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). @@ -1648,9 +1908,9 @@ func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipCo // // The following operations are related to DeleteBucketOwnershipControls: // -// * GetBucketOwnershipControls +// - GetBucketOwnershipControls // -// * PutBucketOwnershipControls +// - PutBucketOwnershipControls // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1696,14 +1956,13 @@ const opDeleteBucketPolicy = "DeleteBucketPolicy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketPolicyRequest method. +// req, resp := client.DeleteBucketPolicyRequest(params) // -// // Example sending a request using the DeleteBucketPolicyRequest method. -// req, resp := client.DeleteBucketPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicy func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *request.Request, output *DeleteBucketPolicyOutput) { @@ -1725,29 +1984,58 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // DeleteBucketPolicy API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE operation uses the policy subresource to -// delete the policy of a specified bucket. If you are using an identity other -// than the root user of the AWS account that owns the bucket, the calling identity -// must have the DeleteBucketPolicy permissions on the specified bucket and -// belong to the bucket owner's account to use this operation. +// Deletes the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the DeleteBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 // Access Denied error. If you have the correct permissions, but you're not // using an identity that belongs to the bucket owner's account, Amazon S3 returns // a 405 Method Not Allowed error. // -// As a security precaution, the root user of the AWS account that owns a bucket -// can always use this operation, even if the policy explicitly denies the root -// user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. +// +// - General purpose bucket permissions - The s3:DeleteBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax // -// For more information about bucket policies, see Using Bucket Policies and -// UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to DeleteBucketPolicy // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) +// - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1793,14 +2081,13 @@ const opDeleteBucketReplication = "DeleteBucketReplication" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketReplicationRequest method. +// req, resp := client.DeleteBucketReplicationRequest(params) // -// // Example sending a request using the DeleteBucketReplicationRequest method. -// req, resp := client.DeleteBucketReplicationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplication func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) (req *request.Request, output *DeleteBucketReplicationOutput) { @@ -1822,25 +2109,27 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) // DeleteBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the replication configuration from the bucket. // // To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration // action. The bucket owner has these permissions by default and can grant it // to others. For more information about permissions, see Permissions Related -// to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // It can take a while for the deletion of a replication configuration to fully // propagate. // // For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. // // The following operations are related to DeleteBucketReplication: // -// * PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) +// - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) // -// * GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) +// - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1886,14 +2175,13 @@ const opDeleteBucketTagging = "DeleteBucketTagging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketTaggingRequest method. +// req, resp := client.DeleteBucketTaggingRequest(params) // -// // Example sending a request using the DeleteBucketTaggingRequest method. -// req, resp := client.DeleteBucketTaggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTagging func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *request.Request, output *DeleteBucketTaggingOutput) { @@ -1915,6 +2203,8 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r // DeleteBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the tags from the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketTagging @@ -1923,9 +2213,9 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r // // The following operations are related to DeleteBucketTagging: // -// * GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) +// - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) // -// * PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) +// - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1971,14 +2261,13 @@ const opDeleteBucketWebsite = "DeleteBucketWebsite" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteBucketWebsiteRequest method. +// req, resp := client.DeleteBucketWebsiteRequest(params) // -// // Example sending a request using the DeleteBucketWebsiteRequest method. -// req, resp := client.DeleteBucketWebsiteRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsite func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *request.Request, output *DeleteBucketWebsiteOutput) { @@ -2000,15 +2289,17 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r // DeleteBucketWebsite API operation for Amazon Simple Storage Service. // -// This operation removes the website configuration for a bucket. Amazon S3 -// returns a 200 OK response upon successfully deleting a website configuration -// on the specified bucket. You will get a 200 OK response if the website configuration +// This operation is not supported by directory buckets. +// +// This action removes the website configuration for a bucket. Amazon S3 returns +// a 200 OK response upon successfully deleting a website configuration on the +// specified bucket. You will get a 200 OK response if the website configuration // you are trying to delete does not exist on the bucket. Amazon S3 returns // a 404 response if the bucket specified in the request does not exist. // -// This DELETE operation requires the S3:DeleteBucketWebsite permission. By -// default, only the bucket owner can delete the website configuration attached -// to a bucket. However, bucket owners can grant other users permission to delete +// This DELETE action requires the S3:DeleteBucketWebsite permission. By default, +// only the bucket owner can delete the website configuration attached to a +// bucket. However, bucket owners can grant other users permission to delete // the website configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite // permission. // @@ -2017,9 +2308,9 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r // // The following operations are related to DeleteBucketWebsite: // -// * GetBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html) +// - GetBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html) // -// * PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) +// - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2065,14 +2356,13 @@ const opDeleteObject = "DeleteObject" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteObjectRequest method. +// req, resp := client.DeleteObjectRequest(params) // -// // Example sending a request using the DeleteObjectRequest method. -// req, resp := client.DeleteObjectRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObject func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request, output *DeleteObjectOutput) { @@ -2093,33 +2383,91 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request // DeleteObject API operation for Amazon Simple Storage Service. // -// Removes the null version (if there is one) of an object and inserts a delete -// marker, which becomes the latest version of the object. If there isn't a -// null version, Amazon S3 does not remove any objects. -// -// To remove a specific version, you must be the bucket owner and you must use -// the version Id subresource. Using this subresource permanently deletes the -// version. If the object deleted is a delete marker, Amazon S3 sets the response -// header, x-amz-delete-marker, to true. +// Removes an object from a bucket. The behavior depends on the bucket's versioning +// state: +// +// - If bucket versioning is not enabled, the operation permanently deletes +// the object. +// +// - If bucket versioning is enabled, the operation inserts a delete marker, +// which becomes the current version of the object. To permanently delete +// an object in a versioned bucket, you must include the object’s versionId +// in the request. For more information about versioning-enabled buckets, +// see Deleting object versions from a versioning-enabled bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeletingObjectVersions.html). +// +// - If bucket versioning is suspended, the operation removes the object +// that has a null versionId, if there is one, and inserts a delete marker +// that becomes the current version of the object. If there isn't an object +// with a null versionId, and all versions of the object have a versionId, +// Amazon S3 does not remove the object and only inserts a delete marker. +// To permanently delete an object that has a versionId, you must include +// the object’s versionId in the request. For more information about versioning-suspended +// buckets, see Deleting objects from versioning-suspended buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeletingObjectsfromVersioningSuspendedBuckets.html). +// +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// To remove a specific version, you must use the versionId query parameter. +// Using this query parameter permanently deletes the version. If the object +// deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker +// to true. // // If the object you want to delete is in a bucket where the bucket versioning // configuration is MFA Delete enabled, you must include the x-amz-mfa request // header in the DELETE versionId request. Requests that include x-amz-mfa must -// use HTTPS. +// use HTTPS. For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html) +// in the Amazon S3 User Guide. To see sample requests that use versioning, +// see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). // -// For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html). -// To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). +// Directory buckets - MFA delete is not supported by directory buckets. // -// You can delete objects by explicitly calling the DELETE Object API or configure -// its lifecycle (PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) +// You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) // to enable Amazon S3 to remove them for you. If you want to block users or // accounts from removing or deleting objects from your bucket, you must deny // them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration // actions. // -// The following operation is related to DeleteObject: +// Directory buckets - S3 Lifecycle is not supported by directory buckets. // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always have +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versioning-enabled bucket, you must have the +// s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// The following action is related to DeleteObject: +// +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2165,14 +2513,13 @@ const opDeleteObjectTagging = "DeleteObjectTagging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteObjectTaggingRequest method. +// req, resp := client.DeleteObjectTaggingRequest(params) // -// // Example sending a request using the DeleteObjectTaggingRequest method. -// req, resp := client.DeleteObjectTaggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTagging func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *request.Request, output *DeleteObjectTaggingOutput) { @@ -2193,6 +2540,8 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // DeleteObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the entire tag set from the specified object. For more information // about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). // @@ -2203,11 +2552,11 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // in the request. You will need permission for the s3:DeleteObjectVersionTagging // action. // -// The following operations are related to DeleteBucketMetricsConfiguration: +// The following operations are related to DeleteObjectTagging: // -// * PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) +// - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) // -// * GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) +// - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2253,14 +2602,13 @@ const opDeleteObjects = "DeleteObjects" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeleteObjectsRequest method. +// req, resp := client.DeleteObjectsRequest(params) // -// // Example sending a request using the DeleteObjectsRequest method. -// req, resp := client.DeleteObjectsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjects func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Request, output *DeleteObjectsOutput) { @@ -2290,43 +2638,89 @@ func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Reque // then this operation provides a suitable alternative to sending individual // delete requests, reducing per-request overhead. // -// The request contains a list of up to 1000 keys that you want to delete. In -// the XML, you provide the object key names, and optionally, version IDs if -// you want to delete a specific version of the object from a versioning-enabled +// The request can contain a list of up to 1000 keys that you want to delete. +// In the XML, you provide the object key names, and optionally, version IDs +// if you want to delete a specific version of the object from a versioning-enabled // bucket. For each key, Amazon S3 performs a delete operation and returns the -// result of that delete, success, or failure, in the response. Note that if +// result of that delete, success or failure, in the response. Note that if // the object specified in the request is not found, Amazon S3 returns the result // as deleted. // +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// // The operation supports two modes for the response: verbose and quiet. By // default, the operation uses verbose mode in which the response includes the // result of deletion of each key in your request. In quiet mode the response // includes only keys where the delete operation encountered an error. For a -// successful deletion, the operation does not return any information about -// the delete in the response body. +// successful deletion in a quiet mode, the operation does not return any information +// about the delete in the response body. // -// When performing this operation on an MFA Delete enabled bucket, that attempts +// When performing this action on an MFA Delete enabled bucket, that attempts // to delete any versioned objects, you must include an MFA token. If you do // not provide one, the entire request will fail, even if there are non-versioned // objects you are trying to delete. If you provide an invalid token, whether // there are versioned keys in the request or not, the entire Multi-Object Delete -// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete). +// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) +// in the Amazon S3 User Guide. +// +// Directory buckets - MFA delete is not supported by directory buckets. +// +// Permissions // -// Finally, the Content-MD5 header is required for all Multi-Object Delete requests. -// Amazon S3 uses the header value to ensure that your request body has not -// been altered in transit. +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always specify +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versioning-enabled bucket, you must specify +// the s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Content-MD5 request header +// +// - General purpose bucket - The Content-MD5 request header is required +// for all Multi-Object Delete requests. Amazon S3 uses the header value +// to ensure that your request body has not been altered in transit. +// +// - Directory bucket - The Content-MD5 request header or a additional checksum +// request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, +// x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object +// Delete requests. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to DeleteObjects: // -// * CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // -// * UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // -// * CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // -// * ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) // -// * AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) +// - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2372,14 +2766,13 @@ const opDeletePublicAccessBlock = "DeletePublicAccessBlock" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DeletePublicAccessBlockRequest method. +// req, resp := client.DeletePublicAccessBlockRequest(params) // -// // Example sending a request using the DeletePublicAccessBlockRequest method. -// req, resp := client.DeletePublicAccessBlockRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlock func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) (req *request.Request, output *DeletePublicAccessBlockOutput) { @@ -2401,21 +2794,23 @@ func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) // DeletePublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use // this operation, you must have the s3:PutBucketPublicAccessBlock permission. // For more information about permissions, see Permissions Related to Bucket -// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // The following operations are related to DeletePublicAccessBlock: // -// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) +// - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) // -// * GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) +// - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) // -// * PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) +// - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) // -// * GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) +// - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2461,14 +2856,13 @@ const opGetBucketAccelerateConfiguration = "GetBucketAccelerateConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketAccelerateConfigurationRequest method. +// req, resp := client.GetBucketAccelerateConfigurationRequest(params) // -// // Example sending a request using the GetBucketAccelerateConfigurationRequest method. -// req, resp := client.GetBucketAccelerateConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfiguration func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateConfigurationInput) (req *request.Request, output *GetBucketAccelerateConfigurationOutput) { @@ -2489,17 +2883,19 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // GetBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // -// This implementation of the GET operation uses the accelerate subresource -// to return the Transfer Acceleration state of a bucket, which is either Enabled +// This operation is not supported by directory buckets. +// +// This implementation of the GET action uses the accelerate subresource to +// return the Transfer Acceleration state of a bucket, which is either Enabled // or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that // enables you to perform faster data transfers to and from Amazon S3. // // To use this operation, you must have permission to perform the s3:GetAccelerateConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) -// in the Amazon Simple Storage Service Developer Guide. +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. // // You set the Transfer Acceleration state of an existing bucket to Enabled // or Suspended by using the PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) @@ -2511,11 +2907,11 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // // For more information about transfer acceleration, see Transfer Acceleration // (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAccelerateConfiguration: // -// * PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) +// - PutBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAccelerateConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2561,14 +2957,13 @@ const opGetBucketAcl = "GetBucketAcl" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketAclRequest method. +// req, resp := client.GetBucketAclRequest(params) // -// // Example sending a request using the GetBucketAclRequest method. -// req, resp := client.GetBucketAclRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAcl func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request, output *GetBucketAclOutput) { @@ -2589,15 +2984,32 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request // GetBucketAcl API operation for Amazon Simple Storage Service. // -// This implementation of the GET operation uses the acl subresource to return +// This operation is not supported by directory buckets. +// +// This implementation of the GET action uses the acl subresource to return // the access control list (ACL) of a bucket. To use GET to return the ACL of -// the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission -// is granted to the anonymous user, you can return the ACL of the bucket without -// using an authorization header. +// the bucket, you must have the READ_ACP access to the bucket. If READ_ACP +// permission is granted to the anonymous user, you can return the ACL of the +// bucket without using an authorization header. // -// Related Resources +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// * ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// +// If your bucket uses the bucket owner enforced setting for S3 Object Ownership, +// requests to read ACLs are still supported and return the bucket-owner-full-control +// ACL with the owner being the account that created the bucket. For more information, +// see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// The following operations are related to GetBucketAcl: +// +// - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2643,14 +3055,13 @@ const opGetBucketAnalyticsConfiguration = "GetBucketAnalyticsConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketAnalyticsConfigurationRequest method. +// req, resp := client.GetBucketAnalyticsConfigurationRequest(params) // -// // Example sending a request using the GetBucketAnalyticsConfigurationRequest method. -// req, resp := client.GetBucketAnalyticsConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfiguration func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsConfigurationInput) (req *request.Request, output *GetBucketAnalyticsConfigurationOutput) { @@ -2671,27 +3082,29 @@ func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsCon // GetBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // -// This implementation of the GET operation returns an analytics configuration +// This operation is not supported by directory buckets. +// +// This implementation of the GET action returns an analytics configuration // (identified by the analytics configuration ID) from the bucket. // // To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) -// in the Amazon Simple Storage Service Developer Guide. +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. // // For information about Amazon S3 analytics feature, see Amazon S3 Analytics // – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to GetBucketAnalyticsConfiguration: // -// * DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) +// - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) // -// * ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) +// - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) // -// * PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) +// - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2737,14 +3150,13 @@ const opGetBucketCors = "GetBucketCors" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketCorsRequest method. +// req, resp := client.GetBucketCorsRequest(params) // -// // Example sending a request using the GetBucketCorsRequest method. -// req, resp := client.GetBucketCorsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCors func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Request, output *GetBucketCorsOutput) { @@ -2765,20 +3177,32 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // GetBucketCors API operation for Amazon Simple Storage Service. // -// Returns the cors configuration information set for the bucket. +// This operation is not supported by directory buckets. +// +// Returns the Cross-Origin Resource Sharing (CORS) configuration information +// set for the bucket. // // To use this operation, you must have permission to perform the s3:GetBucketCORS // action. By default, the bucket owner has this permission and can grant it // to others. // -// For more information about cors, see Enabling Cross-Origin Resource Sharing +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. +// +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// +// For more information about CORS, see Enabling Cross-Origin Resource Sharing // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). // // The following operations are related to GetBucketCors: // -// * PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) +// - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) // -// * DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) +// - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2824,14 +3248,13 @@ const opGetBucketEncryption = "GetBucketEncryption" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketEncryptionRequest method. +// req, resp := client.GetBucketEncryptionRequest(params) // -// // Example sending a request using the GetBucketEncryptionRequest method. -// req, resp := client.GetBucketEncryptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryption func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *request.Request, output *GetBucketEncryptionOutput) { @@ -2852,21 +3275,26 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r // GetBucketEncryption API operation for Amazon Simple Storage Service. // -// Returns the default encryption configuration for an Amazon S3 bucket. For -// information about the Amazon S3 default encryption feature, see Amazon S3 -// Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html). +// This operation is not supported by directory buckets. +// +// Returns the default encryption configuration for an Amazon S3 bucket. By +// default, all buckets have a default encryption configuration that uses server-side +// encryption with Amazon S3 managed keys (SSE-S3). For information about the +// bucket default encryption feature, see Amazon S3 Bucket Default Encryption +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// in the Amazon S3 User Guide. // // To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // The following operations are related to GetBucketEncryption: // -// * PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) +// - PutBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) // -// * DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) +// - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2912,14 +3340,13 @@ const opGetBucketIntelligentTieringConfiguration = "GetBucketIntelligentTieringC // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketIntelligentTieringConfigurationRequest method. +// req, resp := client.GetBucketIntelligentTieringConfigurationRequest(params) // -// // Example sending a request using the GetBucketIntelligentTieringConfigurationRequest method. -// req, resp := client.GetBucketIntelligentTieringConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfiguration func (c *S3) GetBucketIntelligentTieringConfigurationRequest(input *GetBucketIntelligentTieringConfigurationInput) (req *request.Request, output *GetBucketIntelligentTieringConfigurationOutput) { @@ -2940,32 +3367,34 @@ func (c *S3) GetBucketIntelligentTieringConfigurationRequest(input *GetBucketInt // GetBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access -// tier, without additional operational overhead. S3 Intelligent-Tiering delivers -// automatic cost savings by moving data between access tiers, when access patterns -// change. -// -// The S3 Intelligent-Tiering storage class is suitable for objects larger than -// 128 KB that you plan to store for at least 30 days. If the size of an object -// is less than 128 KB, it is not eligible for auto-tiering. Smaller objects -// can be stored, but they are always charged at the frequent access tier rates +// tier, without performance impact or operational overhead. S3 Intelligent-Tiering +// delivers automatic cost savings in three low latency and high throughput +// access tiers. To get the lowest storage cost on data that can be accessed +// in minutes to hours, you can choose to activate additional archiving capabilities. +// +// The S3 Intelligent-Tiering storage class is the ideal storage class for data +// with unknown, changing, or unpredictable access patterns, independent of +// object size or retention period. If the size of an object is less than 128 +// KB, it is not monitored and not eligible for auto-tiering. Smaller objects +// can be stored, but they are always charged at the Frequent Access tier rates // in the S3 Intelligent-Tiering storage class. // -// If you delete an object before the end of the 30-day minimum storage duration -// period, you are charged for 30 days. For more information, see Storage class -// for automatically optimizing frequently and infrequently accessed objects -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). +// For more information, see Storage class for automatically optimizing frequently +// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). // // Operations related to GetBucketIntelligentTieringConfiguration include: // -// * DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) +// - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) // -// * PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) +// - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) // -// * ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) +// - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3011,14 +3440,13 @@ const opGetBucketInventoryConfiguration = "GetBucketInventoryConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketInventoryConfigurationRequest method. +// req, resp := client.GetBucketInventoryConfigurationRequest(params) // -// // Example sending a request using the GetBucketInventoryConfigurationRequest method. -// req, resp := client.GetBucketInventoryConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfiguration func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryConfigurationInput) (req *request.Request, output *GetBucketInventoryConfigurationOutput) { @@ -3039,25 +3467,27 @@ func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryCon // GetBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns an inventory configuration (identified by the inventory configuration // ID) from the bucket. // // To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration // action. The bucket owner has this permission by default and can grant this // permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about the Amazon S3 inventory feature, see Amazon S3 Inventory // (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html). // // The following operations are related to GetBucketInventoryConfiguration: // -// * DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) +// - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) // -// * ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) +// - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) // -// * PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) +// - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3103,14 +3533,13 @@ const opGetBucketLifecycle = "GetBucketLifecycle" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketLifecycleRequest method. +// req, resp := client.GetBucketLifecycleRequest(params) // -// // Example sending a request using the GetBucketLifecycleRequest method. -// req, resp := client.GetBucketLifecycleRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycle // @@ -3136,34 +3565,35 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req // GetBucketLifecycle API operation for Amazon Simple Storage Service. // -// // For an updated version of this API, see GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html). // If you configured a bucket lifecycle using the filter element, you should // see the updated version of this topic. This topic is provided for backward // compatibility. // +// This operation is not supported by directory buckets. +// // Returns the lifecycle configuration information set on the bucket. For information // about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). // // To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // GetBucketLifecycle has the following special error: // -// * Error code: NoSuchLifecycleConfiguration Description: The lifecycle -// configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault -// Code Prefix: Client +// - Error code: NoSuchLifecycleConfiguration Description: The lifecycle +// configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault +// Code Prefix: Client // // The following operations are related to GetBucketLifecycle: // -// * GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) +// - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) // -// * PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) +// - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) // -// * DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) +// - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3213,14 +3643,13 @@ const opGetBucketLifecycleConfiguration = "GetBucketLifecycleConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketLifecycleConfigurationRequest method. +// req, resp := client.GetBucketLifecycleConfigurationRequest(params) // -// // Example sending a request using the GetBucketLifecycleConfigurationRequest method. -// req, resp := client.GetBucketLifecycleConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfiguration func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleConfigurationInput) (req *request.Request, output *GetBucketLifecycleConfigurationOutput) { @@ -3241,14 +3670,18 @@ func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleCon // GetBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. // // Bucket lifecycle configuration now supports specifying a lifecycle rule using -// an object key name prefix, one or more object tags, or a combination of both. +// an object key name prefix, one or more object tags, object size, or any combination +// of these. Accordingly, this section describes the latest API. The previous +// version of the API supported filtering based only on an object key name prefix, +// which is supported for backward compatibility. For the related API description, +// see GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html). // Accordingly, this section describes the latest API. The response describes // the new filter element that you can use to specify a filter to select a subset // of objects to which the rule applies. If you are using a previous version -// of the lifecycle configuration, it still works. For the earlier API description, -// see GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html). +// of the lifecycle configuration, it still works. For the earlier action, // // Returns the lifecycle configuration information set on the bucket. For information // about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). @@ -3256,22 +3689,22 @@ func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleCon // To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration // action. The bucket owner has this permission, by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // GetBucketLifecycleConfiguration has the following special error: // -// * Error code: NoSuchLifecycleConfiguration Description: The lifecycle -// configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault -// Code Prefix: Client +// - Error code: NoSuchLifecycleConfiguration Description: The lifecycle +// configuration does not exist. HTTP Status Code: 404 Not Found SOAP Fault +// Code Prefix: Client // // The following operations are related to GetBucketLifecycleConfiguration: // -// * GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html) +// - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html) // -// * PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) +// - PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) // -// * DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) +// - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3317,14 +3750,13 @@ const opGetBucketLocation = "GetBucketLocation" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketLocationRequest method. +// req, resp := client.GetBucketLocationRequest(params) // -// // Example sending a request using the GetBucketLocationRequest method. -// req, resp := client.GetBucketLocationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocation func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *request.Request, output *GetBucketLocationOutput) { @@ -3345,17 +3777,30 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque // GetBucketLocation API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the Region the bucket resides in. You set the bucket's Region using // the LocationConstraint request parameter in a CreateBucket request. For more // information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). // -// To use this implementation of the operation, you must be the bucket owner. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. +// +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// +// We recommend that you use HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) +// to return the Region that a bucket resides in. For backward compatibility, +// Amazon S3 continues to support GetBucketLocation. // // The following operations are related to GetBucketLocation: // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3401,14 +3846,13 @@ const opGetBucketLogging = "GetBucketLogging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketLoggingRequest method. +// req, resp := client.GetBucketLoggingRequest(params) // -// // Example sending a request using the GetBucketLoggingRequest method. -// req, resp := client.GetBucketLoggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLogging func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request.Request, output *GetBucketLoggingOutput) { @@ -3429,14 +3873,16 @@ func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request // GetBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the logging status of a bucket and the permissions users have to -// view and modify that status. To use GET, you must be the bucket owner. +// view and modify that status. // // The following operations are related to GetBucketLogging: // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * PutBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html) +// - PutBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3482,14 +3928,13 @@ const opGetBucketMetricsConfiguration = "GetBucketMetricsConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketMetricsConfigurationRequest method. +// req, resp := client.GetBucketMetricsConfigurationRequest(params) // -// // Example sending a request using the GetBucketMetricsConfigurationRequest method. -// req, resp := client.GetBucketMetricsConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfiguration func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigurationInput) (req *request.Request, output *GetBucketMetricsConfigurationOutput) { @@ -3510,27 +3955,29 @@ func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigu // GetBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets a metrics configuration (specified by the metrics configuration ID) // from the bucket. Note that this doesn't include the daily storage metrics. // // To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about CloudWatch request metrics for Amazon S3, see Monitoring // Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). // // The following operations are related to GetBucketMetricsConfiguration: // -// * PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) +// - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) // -// * DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) +// - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) // -// * ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) +// - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) // -// * Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) +// - Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3576,14 +4023,13 @@ const opGetBucketNotification = "GetBucketNotification" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketNotificationRequest method. +// req, resp := client.GetBucketNotificationRequest(params) // -// // Example sending a request using the GetBucketNotificationRequest method. -// req, resp := client.GetBucketNotificationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotification // @@ -3609,6 +4055,8 @@ func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurat // GetBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3659,14 +4107,13 @@ const opGetBucketNotificationConfiguration = "GetBucketNotificationConfiguration // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketNotificationConfigurationRequest method. +// req, resp := client.GetBucketNotificationConfigurationRequest(params) // -// // Example sending a request using the GetBucketNotificationConfigurationRequest method. -// req, resp := client.GetBucketNotificationConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfiguration func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificationConfigurationRequest) (req *request.Request, output *NotificationConfiguration) { @@ -3687,23 +4134,34 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // GetBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the notification configuration of a bucket. // -// If notifications are not enabled on the bucket, the operation returns an -// empty NotificationConfiguration element. +// If notifications are not enabled on the bucket, the action returns an empty +// NotificationConfiguration element. // // By default, you must be the bucket owner to read the notification configuration // of a bucket. However, the bucket owner can use a bucket policy to grant permission // to other users to read this configuration with the s3:GetBucketNotification // permission. // +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. +// +// When you use this API operation with an Object Lambda access point, provide +// the alias of the Object Lambda access point in place of the bucket name. +// If the Object Lambda access point alias in a request is not valid, the error +// code InvalidAccessPointAliasError is returned. For more information about +// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// // For more information about setting and reading the notification configuration // on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). // For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). // -// The following operation is related to GetBucketNotification: +// The following action is related to GetBucketNotification: // -// * PutBucketNotification (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html) +// - PutBucketNotification (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotification.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3749,14 +4207,13 @@ const opGetBucketOwnershipControls = "GetBucketOwnershipControls" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketOwnershipControlsRequest method. +// req, resp := client.GetBucketOwnershipControlsRequest(params) // -// // Example sending a request using the GetBucketOwnershipControlsRequest method. -// req, resp := client.GetBucketOwnershipControlsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControls func (c *S3) GetBucketOwnershipControlsRequest(input *GetBucketOwnershipControlsInput) (req *request.Request, output *GetBucketOwnershipControlsOutput) { @@ -3777,18 +4234,20 @@ func (c *S3) GetBucketOwnershipControlsRequest(input *GetBucketOwnershipControls // GetBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:GetBucketOwnershipControls permission. For more information -// about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). +// about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html). // // For information about Amazon S3 Object Ownership, see Using Object Ownership -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html). +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html). // // The following operations are related to GetBucketOwnershipControls: // -// * PutBucketOwnershipControls +// - PutBucketOwnershipControls // -// * DeleteBucketOwnershipControls +// - DeleteBucketOwnershipControls // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3834,14 +4293,13 @@ const opGetBucketPolicy = "GetBucketPolicy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketPolicyRequest method. +// req, resp := client.GetBucketPolicyRequest(params) // -// // Example sending a request using the GetBucketPolicyRequest method. -// req, resp := client.GetBucketPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicy func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.Request, output *GetBucketPolicyOutput) { @@ -3862,26 +4320,66 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R // GetBucketPolicy API operation for Amazon Simple Storage Service. // -// Returns the policy of a specified bucket. If you are using an identity other -// than the root user of the AWS account that owns the bucket, the calling identity -// must have the GetBucketPolicy permissions on the specified bucket and belong -// to the bucket owner's account in order to use this operation. +// Returns the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the GetBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an // identity that belongs to the bucket owner's account, Amazon S3 returns a // 405 Method Not Allowed error. // -// As a security precaution, the root user of the AWS account that owns a bucket -// can always use this operation, even if the policy explicitly denies the root -// user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. +// +// - General purpose bucket permissions - The s3:GetBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:GetBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # Example bucket policies // -// For more information about bucket policies, see Using Bucket Policies and -// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. // -// The following operation is related to GetBucketPolicy: +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// +// The following action is related to GetBucketPolicy: +// +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3927,14 +4425,13 @@ const opGetBucketPolicyStatus = "GetBucketPolicyStatus" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketPolicyStatusRequest method. +// req, resp := client.GetBucketPolicyStatusRequest(params) // -// // Example sending a request using the GetBucketPolicyStatusRequest method. -// req, resp := client.GetBucketPolicyStatusRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatus func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (req *request.Request, output *GetBucketPolicyStatusOutput) { @@ -3955,6 +4452,8 @@ func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (re // GetBucketPolicyStatus API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the policy status for an Amazon S3 bucket, indicating whether the // bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus // permission. For more information about Amazon S3 permissions, see Specifying @@ -3965,13 +4464,13 @@ func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (re // // The following operations are related to GetBucketPolicyStatus: // -// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) +// - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) // -// * GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) +// - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) // -// * PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) +// - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) // -// * DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4017,14 +4516,13 @@ const opGetBucketReplication = "GetBucketReplication" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketReplicationRequest method. +// req, resp := client.GetBucketReplicationRequest(params) // -// // Example sending a request using the GetBucketReplicationRequest method. -// req, resp := client.GetBucketReplicationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplication func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req *request.Request, output *GetBucketReplicationOutput) { @@ -4045,6 +4543,8 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // GetBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the replication configuration of a bucket. // // It can take a while to propagate the put or delete a replication configuration @@ -4052,11 +4552,11 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // can return a wrong result. // // For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // -// This operation requires permissions for the s3:GetReplicationConfiguration -// action. For more information about permissions, see Using Bucket Policies -// and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// This action requires permissions for the s3:GetReplicationConfiguration action. +// For more information about permissions, see Using Bucket Policies and User +// Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). // // If you include the Filter element in a replication configuration, you must // also include the DeleteMarkerReplication and Priority elements. The response @@ -4067,9 +4567,9 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // // The following operations are related to GetBucketReplication: // -// * PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) +// - PutBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) // -// * DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) +// - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4115,14 +4615,13 @@ const opGetBucketRequestPayment = "GetBucketRequestPayment" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketRequestPaymentRequest method. +// req, resp := client.GetBucketRequestPaymentRequest(params) // -// // Example sending a request using the GetBucketRequestPaymentRequest method. -// req, resp := client.GetBucketRequestPaymentRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPayment func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput) (req *request.Request, output *GetBucketRequestPaymentOutput) { @@ -4143,13 +4642,15 @@ func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput) // GetBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the request payment configuration of a bucket. To use this version // of the operation, you must be the bucket owner. For more information, see // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). // // The following operations are related to GetBucketRequestPayment: // -// * ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) +// - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4195,14 +4696,13 @@ const opGetBucketTagging = "GetBucketTagging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketTaggingRequest method. +// req, resp := client.GetBucketTaggingRequest(params) // -// // Example sending a request using the GetBucketTaggingRequest method. -// req, resp := client.GetBucketTaggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTagging func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request.Request, output *GetBucketTaggingOutput) { @@ -4223,6 +4723,8 @@ func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request // GetBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag set associated with the bucket. // // To use this operation, you must have permission to perform the s3:GetBucketTagging @@ -4231,14 +4733,14 @@ func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request // // GetBucketTagging has the following special error: // -// * Error code: NoSuchTagSetError Description: There is no tag set associated -// with the bucket. +// - Error code: NoSuchTagSet Description: There is no tag set associated +// with the bucket. // // The following operations are related to GetBucketTagging: // -// * PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) +// - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) // -// * DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) +// - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4284,14 +4786,13 @@ const opGetBucketVersioning = "GetBucketVersioning" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketVersioningRequest method. +// req, resp := client.GetBucketVersioningRequest(params) // -// // Example sending a request using the GetBucketVersioningRequest method. -// req, resp := client.GetBucketVersioningRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioning func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *request.Request, output *GetBucketVersioningOutput) { @@ -4312,6 +4813,8 @@ func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *r // GetBucketVersioning API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the versioning state of a bucket. // // To retrieve the versioning state of a bucket, you must be the bucket owner. @@ -4322,11 +4825,11 @@ func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *r // // The following operations are related to GetBucketVersioning: // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// * DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) +// - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4372,14 +4875,13 @@ const opGetBucketWebsite = "GetBucketWebsite" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetBucketWebsiteRequest method. +// req, resp := client.GetBucketWebsiteRequest(params) // -// // Example sending a request using the GetBucketWebsiteRequest method. -// req, resp := client.GetBucketWebsiteRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsite func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request.Request, output *GetBucketWebsiteOutput) { @@ -4400,21 +4902,23 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request // GetBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the website configuration for a bucket. To host website on Amazon // S3, you can configure a bucket as website by adding a website configuration. // For more information about hosting websites, see Hosting Websites on Amazon // S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). // -// This GET operation requires the S3:GetBucketWebsite permission. By default, +// This GET action requires the S3:GetBucketWebsite permission. By default, // only the bucket owner can read the bucket website configuration. However, // bucket owners can allow other users to read the website configuration by // writing a bucket policy granting them the S3:GetBucketWebsite permission. // -// The following operations are related to DeleteBucketWebsite: +// The following operations are related to GetBucketWebsite: // -// * DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html) +// - DeleteBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketWebsite.html) // -// * PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) +// - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4460,14 +4964,13 @@ const opGetObject = "GetObject" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetObjectRequest method. +// req, resp := client.GetObjectRequest(params) // -// // Example sending a request using the GetObjectRequest method. -// req, resp := client.GetObjectRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, output *GetObjectOutput) { @@ -4488,133 +4991,132 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // GetObject API operation for Amazon Simple Storage Service. // -// Retrieves objects from Amazon S3. To use GET, you must have READ access to -// the object. If you grant READ access to the anonymous user, you can return -// the object without using an authorization header. -// -// An Amazon S3 bucket has no directory hierarchy such as you would find in -// a typical computer file system. You can, however, create a logical hierarchy -// by using object key names that imply a folder structure. For example, instead -// of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg. -// -// To get an object from such a logical hierarchy, specify the full key name -// for the object in the GET operation. For a virtual hosted-style request example, -// if you have the object photos/2006/February/sample.jpg, specify the resource -// as /photos/2006/February/sample.jpg. For a path-style request example, if -// you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, -// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For -// more information about request types, see HTTP Host Header Bucket Specification -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket). -// -// To distribute large files to many people, you can save bandwidth costs by -// using BitTorrent. For more information, see Amazon S3 Torrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html). -// For more information about returning the ACL of an object, see GetObjectAcl -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html). -// -// If the object you are retrieving is stored in the S3 Glacier or S3 Glacier -// Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering -// Deep Archive tiers, before you can retrieve the object you must first restore -// a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// Otherwise, this operation returns an InvalidObjectStateError error. For information -// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html). -// -// Encryption request headers, like x-amz-server-side-encryption, should not -// be sent for GET requests if your object uses server-side encryption with -// CMKs stored in AWS KMS (SSE-KMS) or server-side encryption with Amazon S3–managed -// encryption keys (SSE-S3). If your object does use these types of keys, you’ll -// get an HTTP 400 BadRequest error. -// -// If you encrypt an object by using server-side encryption with customer-provided -// encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you GET the object, you must use the following headers: -// -// * x-amz-server-side-encryption-customer-algorithm -// -// * x-amz-server-side-encryption-customer-key -// -// * x-amz-server-side-encryption-customer-key-MD5 -// -// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). -// -// Assuming you have permission to read object tags (permission for the s3:GetObjectVersionTagging -// action), the response also returns the x-amz-tagging-count header that provides -// the count of number of tags associated with the object. You can use GetObjectTagging -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) -// to retrieve the tag set associated with an object. +// Retrieves an object from Amazon S3. +// +// In the GetObject request, specify the full key name for the object. +// +// General purpose buckets - Both the virtual-hosted-style requests and the +// path-style requests are supported. For a virtual hosted-style request example, +// if you have the object photos/2006/February/sample.jpg, specify the object +// key name as /photos/2006/February/sample.jpg. For a path-style request example, +// if you have the object photos/2006/February/sample.jpg in the bucket named +// examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. +// For more information about request types, see HTTP Host Header Bucket Specification +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket) +// in the Amazon S3 User Guide. +// +// Directory buckets - Only virtual-hosted-style requests are supported. For +// a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg +// in the bucket named examplebucket--use1-az5--x-s3, specify the object key +// name as /photos/2006/February/sample.jpg. Also, when you make requests to +// this API operation, your requests are sent to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // // Permissions // -// You need the s3:GetObject permission for this operation. For more information, -// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object you request does not exist, the error Amazon S3 returns depends -// on whether you also have the s3:ListBucket permission. -// -// * If you have the s3:ListBucket permission on the bucket, Amazon S3 will -// return an HTTP status code 404 ("no such key") error. -// -// * If you don’t have the s3:ListBucket permission, Amazon S3 will return -// an HTTP status code 403 ("access denied") error. +// - General purpose bucket permissions - You must have the required permissions +// in a policy. To use GetObject, you must have the READ access to the object +// (or version). If you grant READ access to the anonymous user, the GetObject +// operation returns the object without using an authorization header. For +// more information, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If you include a versionId in your request +// header, you must have the s3:GetObjectVersion permission to access a specific +// version of an object. The s3:GetObject permission is not required in this +// scenario. If you request the current version of an object without a specific +// versionId in the request header, only the s3:GetObject permission is required. +// The s3:GetObjectVersion permission is not required in this scenario. If +// the object that you request doesn’t exist, the error that Amazon S3 +// returns depends on whether you also have the s3:ListBucket permission. +// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns +// an HTTP status code 404 Not Found error. If you don’t have the s3:ListBucket +// permission, Amazon S3 returns an HTTP status code 403 Access Denied error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Storage classes +// +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, only the S3 Express One Zone storage +// class is supported to store newly created objects. Unsupported storage class +// values won't write a destination object and will respond with the HTTP status +// code 400 Bad Request. +// +// # Encryption // -// Versioning -// -// By default, the GET operation returns the current version of an object. To -// return a different version, use the versionId subresource. +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for the GetObject requests, if your object uses server-side encryption +// with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in +// your GetObject requests for the object that uses these types of keys, you’ll +// get an HTTP 400 Bad Request error. // -// If the current version of the object is a delete marker, Amazon S3 behaves -// as if the object was deleted and includes x-amz-delete-marker: true in the -// response. +// # Overriding response header values through the request // -// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). +// There are times when you want to override certain response header values +// of a GetObject response. For example, you might override the Content-Disposition +// response header value through your GetObject request. // -// Overriding Response Header Values +// You can override values for a set of response headers. These modified response +// header values are included only in a successful response, that is, when the +// HTTP status code 200 OK is returned. The headers you can override using the +// following query parameters in the request are a subset of the headers that +// Amazon S3 accepts when you create an object. // -// There are times when you want to override certain response header values -// in a GET response. For example, you might override the Content-Disposition -// response header value in your GET request. -// -// You can override values for a set of response headers using the following -// query parameters. These response header values are sent only on a successful -// request, that is, when status code 200 OK is returned. The set of headers -// you can override using these parameters is a subset of the headers that Amazon -// S3 accepts when you create an object. The response headers that you can override -// for the GET response are Content-Type, Content-Language, Expires, Cache-Control, -// Content-Disposition, and Content-Encoding. To override these header values -// in the GET response, you use the following request parameters. -// -// You must sign the request, either using an Authorization header or a presigned -// URL, when using these parameters. They cannot be used with an unsigned (anonymous) -// request. +// The response headers that you can override for the GetObject response are +// Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, +// and Expires. // -// * response-content-type +// To override values for a set of response headers in the GetObject response, +// you can use the following query parameters in the request. // -// * response-content-language +// - response-cache-control // -// * response-expires +// - response-content-disposition // -// * response-cache-control +// - response-content-encoding // -// * response-content-disposition +// - response-content-language // -// * response-content-encoding +// - response-content-type // -// Additional Considerations about Request Headers +// - response-expires // -// If both of the If-Match and If-Unmodified-Since headers are present in the -// request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since -// condition evaluates to false; then, S3 returns 200 OK and the data requested. +// When you use these parameters, you must sign the request by using either +// an Authorization header or a presigned URL. These parameters cannot be used +// with an unsigned (anonymous) request. // -// If both of the If-None-Match and If-Modified-Since headers are present in -// the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since -// condition evaluates to true; then, S3 returns 304 Not Modified response code. +// # HTTP Host header syntax // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to GetObject: // -// * ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) +// - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) // -// * GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) +// - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4624,11 +5126,21 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // API operation GetObject for usage and error information. // // Returned Error Codes: -// * ErrCodeNoSuchKey "NoSuchKey" -// The specified key does not exist. // -// * ErrCodeInvalidObjectState "InvalidObjectState" -// Object is archived and inaccessible until restored. +// - ErrCodeNoSuchKey "NoSuchKey" +// The specified key does not exist. +// +// - ErrCodeInvalidObjectState "InvalidObjectState" +// Object is archived and inaccessible until restored. +// +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject func (c *S3) GetObject(input *GetObjectInput) (*GetObjectOutput, error) { @@ -4668,14 +5180,13 @@ const opGetObjectAcl = "GetObjectAcl" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetObjectAclRequest method. +// req, resp := client.GetObjectAclRequest(params) // -// // Example sending a request using the GetObjectAclRequest method. -// req, resp := client.GetObjectAclRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAcl func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request, output *GetObjectAclOutput) { @@ -4696,23 +5207,34 @@ func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request // GetObjectAcl API operation for Amazon Simple Storage Service. // -// Returns the access control list (ACL) of an object. To use this operation, -// you must have READ_ACP access to the object. +// This operation is not supported by directory buckets. // -// This action is not supported by Amazon S3 on Outposts. +// Returns the access control list (ACL) of an object. To use this operation, +// you must have s3:GetObjectAcl permissions or READ_ACP access to the object. +// For more information, see Mapping of ACL permissions and access policy permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping) +// in the Amazon S3 User Guide // -// Versioning +// This functionality is not supported for Amazon S3 on Outposts. // // By default, GET returns ACL information about the current version of an object. // To return ACL information about a different version, use the versionId subresource. // +// If your bucket uses the bucket owner enforced setting for S3 Object Ownership, +// requests to read ACLs are still supported and return the bucket-owner-full-control +// ACL with the owner being the account that created the bucket. For more information, +// see Controlling object ownership and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// // The following operations are related to GetObjectAcl: // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// +// - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) // -// * DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) +// - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4722,8 +5244,8 @@ func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request // API operation GetObjectAcl for usage and error information. // // Returned Error Codes: -// * ErrCodeNoSuchKey "NoSuchKey" -// The specified key does not exist. +// - ErrCodeNoSuchKey "NoSuchKey" +// The specified key does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAcl func (c *S3) GetObjectAcl(input *GetObjectAclInput) (*GetObjectAclOutput, error) { @@ -4747,6 +5269,201 @@ func (c *S3) GetObjectAclWithContext(ctx aws.Context, input *GetObjectAclInput, return out, req.Send() } +const opGetObjectAttributes = "GetObjectAttributes" + +// GetObjectAttributesRequest generates a "aws/request.Request" representing the +// client's request for the GetObjectAttributes operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetObjectAttributes for more information on using the GetObjectAttributes +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetObjectAttributesRequest method. +// req, resp := client.GetObjectAttributesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAttributes +func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *request.Request, output *GetObjectAttributesOutput) { + op := &request.Operation{ + Name: opGetObjectAttributes, + HTTPMethod: "GET", + HTTPPath: "/{Bucket}/{Key+}?attributes", + } + + if input == nil { + input = &GetObjectAttributesInput{} + } + + output = &GetObjectAttributesOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetObjectAttributes API operation for Amazon Simple Storage Service. +// +// Retrieves all the metadata from an object without returning the object itself. +// This operation is useful if you're interested only in an object's metadata. +// +// GetObjectAttributes combines the functionality of HeadObject and ListParts. +// All of the data returned with each of those individual calls can be returned +// with a single call to GetObjectAttributes. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - To use GetObjectAttributes, you +// must have READ access to the object. The permissions that you need to +// use this operation with depend on whether the bucket is versioned. If +// the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes +// permissions for this operation. If the bucket is not versioned, you need +// the s3:GetObject and s3:GetObjectAttributes permissions. For more information, +// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If the object that you request does not exist, +// the error Amazon S3 returns depends on whether you also have the s3:ListBucket +// permission. If you have the s3:ListBucket permission on the bucket, Amazon +// S3 returns an HTTP status code 404 Not Found ("no such key") error. If +// you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 Forbidden ("access denied") error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a GET request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. +// +// If you encrypt an object by using server-side encryption with customer-provided +// encryption keys (SSE-C) when you store the object in Amazon S3, then when +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: +// +// - x-amz-server-side-encryption-customer-algorithm +// +// - x-amz-server-side-encryption-customer-key +// +// - x-amz-server-side-encryption-customer-key-MD5 +// +// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided +// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. +// +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// # Versioning +// +// Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID is +// supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// # Conditional request headers +// +// Consider the following when using request headers: +// +// - If both of the If-Match and If-Unmodified-Since headers are present +// in the request as follows, then Amazon S3 returns the HTTP status code +// 200 OK and the data requested: If-Match condition evaluates to true. If-Unmodified-Since +// condition evaluates to false. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// +// - If both of the If-None-Match and If-Modified-Since headers are present +// in the request as follows, then Amazon S3 returns the HTTP status code +// 304 Not Modified: If-None-Match condition evaluates to false. If-Modified-Since +// condition evaluates to true. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// The following actions are related to GetObjectAttributes: +// +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// +// - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) +// +// - GetObjectLegalHold (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html) +// +// - GetObjectLockConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLockConfiguration.html) +// +// - GetObjectRetention (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectRetention.html) +// +// - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) +// +// - HeadObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html) +// +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation GetObjectAttributes for usage and error information. +// +// Returned Error Codes: +// - ErrCodeNoSuchKey "NoSuchKey" +// The specified key does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAttributes +func (c *S3) GetObjectAttributes(input *GetObjectAttributesInput) (*GetObjectAttributesOutput, error) { + req, out := c.GetObjectAttributesRequest(input) + return out, req.Send() +} + +// GetObjectAttributesWithContext is the same as GetObjectAttributes with the addition of +// the ability to pass a context and additional request options. +// +// See GetObjectAttributes for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) GetObjectAttributesWithContext(ctx aws.Context, input *GetObjectAttributesInput, opts ...request.Option) (*GetObjectAttributesOutput, error) { + req, out := c.GetObjectAttributesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetObjectLegalHold = "GetObjectLegalHold" // GetObjectLegalHoldRequest generates a "aws/request.Request" representing the @@ -4763,14 +5480,13 @@ const opGetObjectLegalHold = "GetObjectLegalHold" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetObjectLegalHoldRequest method. +// req, resp := client.GetObjectLegalHoldRequest(params) // -// // Example sending a request using the GetObjectLegalHoldRequest method. -// req, resp := client.GetObjectLegalHoldRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHold func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *request.Request, output *GetObjectLegalHoldOutput) { @@ -4791,10 +5507,16 @@ func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *req // GetObjectLegalHold API operation for Amazon Simple Storage Service. // -// Gets an object's current Legal Hold status. For more information, see Locking +// This operation is not supported by directory buckets. +// +// Gets an object's current legal hold status. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. +// +// The following action is related to GetObjectLegalHold: +// +// - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4840,14 +5562,13 @@ const opGetObjectLockConfiguration = "GetObjectLockConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetObjectLockConfigurationRequest method. +// req, resp := client.GetObjectLockConfigurationRequest(params) // -// // Example sending a request using the GetObjectLockConfigurationRequest method. -// req, resp := client.GetObjectLockConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfiguration func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfigurationInput) (req *request.Request, output *GetObjectLockConfigurationOutput) { @@ -4868,11 +5589,17 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration // GetObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the Object Lock configuration for a bucket. The rule specified in the // Object Lock configuration will be applied by default to every new object // placed in the specified bucket. For more information, see Locking Objects // (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // +// The following action is related to GetObjectLockConfiguration: +// +// - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4917,14 +5644,13 @@ const opGetObjectRetention = "GetObjectRetention" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetObjectRetentionRequest method. +// req, resp := client.GetObjectRetentionRequest(params) // -// // Example sending a request using the GetObjectRetentionRequest method. -// req, resp := client.GetObjectRetentionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetention func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *request.Request, output *GetObjectRetentionOutput) { @@ -4945,10 +5671,16 @@ func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *req // GetObjectRetention API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves an object's retention settings. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. +// +// The following action is related to GetObjectRetention: +// +// - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4994,14 +5726,13 @@ const opGetObjectTagging = "GetObjectTagging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetObjectTaggingRequest method. +// req, resp := client.GetObjectTaggingRequest(params) // -// // Example sending a request using the GetObjectTaggingRequest method. -// req, resp := client.GetObjectTaggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTagging func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request.Request, output *GetObjectTaggingOutput) { @@ -5022,11 +5753,13 @@ func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request // GetObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag-set of an object. You send the GET request against the tagging // subresource associated with the object. // // To use this operation, you must have permission to perform the s3:GetObjectTagging -// action. By default, the GET operation returns information about current version +// action. By default, the GET action returns information about current version // of an object. For a versioned bucket, you can have multiple versions of an // object in your bucket. To retrieve tags of any other version, use the versionId // query parameter. You also need permission for the s3:GetObjectVersionTagging @@ -5038,9 +5771,13 @@ func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request // For information about the Amazon S3 object tagging feature, see Object Tagging // (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). // -// The following operation is related to GetObjectTagging: +// The following actions are related to GetObjectTagging: +// +// - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html) // -// * PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) +// - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) +// +// - PutObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5086,14 +5823,13 @@ const opGetObjectTorrent = "GetObjectTorrent" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetObjectTorrentRequest method. +// req, resp := client.GetObjectTorrentRequest(params) // -// // Example sending a request using the GetObjectTorrentRequest method. -// req, resp := client.GetObjectTorrentRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrent func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request.Request, output *GetObjectTorrentOutput) { @@ -5114,9 +5850,10 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // GetObjectTorrent API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns torrent files from a bucket. BitTorrent can save you bandwidth when -// you're distributing large files. For more information about BitTorrent, see -// Using BitTorrent with Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html). +// you're distributing large files. // // You can get torrent only for objects that are less than 5 GB in size, and // that are not encrypted using server-side encryption with a customer-provided @@ -5124,11 +5861,11 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // // To use GET, you must have READ access to the object. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // -// The following operation is related to GetObjectTorrent: +// The following action is related to GetObjectTorrent: // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5174,14 +5911,13 @@ const opGetPublicAccessBlock = "GetPublicAccessBlock" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetPublicAccessBlockRequest method. +// req, resp := client.GetPublicAccessBlockRequest(params) // -// // Example sending a request using the GetPublicAccessBlockRequest method. -// req, resp := client.GetPublicAccessBlockRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlock func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req *request.Request, output *GetPublicAccessBlockOutput) { @@ -5202,6 +5938,8 @@ func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req // GetPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To // use this operation, you must have the s3:GetBucketPublicAccessBlock permission. // For more information about Amazon S3 permissions, see Specifying Permissions @@ -5219,13 +5957,13 @@ func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req // // The following operations are related to GetPublicAccessBlock: // -// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) +// - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) // -// * PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) +// - PutPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html) // -// * GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) +// - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) // -// * DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5271,14 +6009,13 @@ const opHeadBucket = "HeadBucket" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the HeadBucketRequest method. +// req, resp := client.HeadBucketRequest(params) // -// // Example sending a request using the HeadBucketRequest method. -// req, resp := client.HeadBucketRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucket func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, output *HeadBucketOutput) { @@ -5294,22 +6031,63 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou output = &HeadBucketOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // HeadBucket API operation for Amazon Simple Storage Service. // -// This operation is useful to determine if a bucket exists and you have permission -// to access it. The operation returns a 200 OK if the bucket exists and you -// have permission to access it. Otherwise, the operation might return responses -// such as 404 Not Found and 403 Forbidden. +// You can use this operation to determine if a bucket exists and if you have +// permission to access it. The action returns a 200 OK if the bucket exists +// and you have permission to access it. // -// To use this operation, you must have permissions to perform the s3:ListBucket -// action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// If the bucket does not exist or you do not have permission to access it, +// the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 +// Not Found code. A message body is not included, so you cannot determine the +// exception beyond these HTTP response codes. +// +// Directory buckets - You must make requests for this API operation to the +// Zonal endpoint. These endpoints support virtual-hosted-style requests in +// the format https://bucket_name.s3express-az_id.region.amazonaws.com. Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Authentication and authorization +// +// All HeadBucket requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). +// +// Directory bucket - You must use IAM credentials to authenticate and authorize +// your access to the HeadBucket API operation, instead of using the temporary +// security credentials through the CreateSession API operation. +// +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. +// +// Permissions +// +// - General purpose bucket permissions - To use this operation, you must +// have permissions to perform the s3:ListBucket action. The bucket owner +// has this permission by default and can grant this permission to others. +// For more information about permissions, see Managing access permissions +// to your Amazon S3 resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - You must have the s3express:CreateSession +// permission in the Action element of a policy. By default, the session +// is in the ReadWrite mode. If you want to restrict the access, you can +// explicitly set the s3express:SessionMode condition key to ReadOnly on +// the bucket. For more information about example bucket policies, see Example +// bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5319,8 +6097,8 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou // API operation HeadBucket for usage and error information. // // Returned Error Codes: -// * ErrCodeNoSuchBucket "NoSuchBucket" -// The specified bucket does not exist. +// - ErrCodeNoSuchBucket "NoSuchBucket" +// The specified bucket does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucket func (c *S3) HeadBucket(input *HeadBucketInput) (*HeadBucketOutput, error) { @@ -5360,14 +6138,13 @@ const opHeadObject = "HeadObject" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the HeadObjectRequest method. +// req, resp := client.HeadObjectRequest(params) // -// // Example sending a request using the HeadObjectRequest method. -// req, resp := client.HeadObjectRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObject func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, output *HeadObjectOutput) { @@ -5389,65 +6166,109 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // HeadObject API operation for Amazon Simple Storage Service. // // The HEAD operation retrieves metadata from an object without returning the -// object itself. This operation is useful if you're only interested in an object's -// metadata. To use HEAD, you must have READ access to the object. +// object itself. This operation is useful if you're interested only in an object's +// metadata. // // A HEAD request has the same options as a GET operation on an object. The // response is identical to the GET response except that there is no response -// body. +// body. Because of this, if the HEAD request generates an error, it returns +// a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 +// Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not +// possible to retrieve the exact exception of these error codes. +// +// Request headers are limited to 8 KB in size. For more information, see Common +// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - To use HEAD, you must have the +// s3:GetObject permission. You need the relevant read object (or version) +// permission for this operation. For more information, see Actions, resources, +// and condition keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) +// in the Amazon S3 User Guide. If the object you request doesn't exist, +// the error that Amazon S3 returns depends on whether you also have the +// s3:ListBucket permission. If you have the s3:ListBucket permission on +// the bucket, Amazon S3 returns an HTTP status code 404 Not Found error. +// If you don’t have the s3:ListBucket permission, Amazon S3 returns an +// HTTP status code 403 Forbidden error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a HEAD request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you retrieve the metadata from the object, you must use the following headers: +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: // -// * x-amz-server-side-encryption-customer-algorithm +// - x-amz-server-side-encryption-customer-algorithm // -// * x-amz-server-side-encryption-customer-key +// - x-amz-server-side-encryption-customer-key // -// * x-amz-server-side-encryption-customer-key-MD5 +// - x-amz-server-side-encryption-customer-key-MD5 // // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). -// -// Encryption request headers, like x-amz-server-side-encryption, should not -// be sent for GET requests if your object uses server-side encryption with -// CMKs stored in AWS KMS (SSE-KMS) or server-side encryption with Amazon S3–managed -// encryption keys (SSE-S3). If your object does use these types of keys, you’ll -// get an HTTP 400 BadRequest error. +// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. // -// Request headers are limited to 8 KB in size. For more information, see Common -// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// Consider the following when using request headers: +// Versioning // -// * Consideration 1 – If both of the If-Match and If-Unmodified-Since -// headers are present in the request as follows: If-Match condition evaluates -// to true, and; If-Unmodified-Since condition evaluates to false; Then Amazon -// S3 returns 200 OK and the data requested. +// - If the current version of the object is a delete marker, Amazon S3 behaves +// as if the object was deleted and includes x-amz-delete-marker: true in +// the response. // -// * Consideration 2 – If both of the If-None-Match and If-Modified-Since -// headers are present in the request as follows: If-None-Match condition -// evaluates to false, and; If-Modified-Since condition evaluates to true; -// Then Amazon S3 returns the 304 Not Modified response code. +// - If the specified version is a delete marker, the response returns a +// 405 Method Not Allowed error and the Last-Modified: timestamp response +// header. // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// - Directory buckets - Delete marker is not supported by directory buckets. // -// Permissions +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. // -// You need the s3:GetObject permission for this operation. For more information, -// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object you request does not exist, the error Amazon S3 returns depends -// on whether you also have the s3:ListBucket permission. +// # HTTP Host header syntax // -// * If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 ("no such key") error. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // -// * If you don’t have the s3:ListBucket permission, Amazon S3 returns -// an HTTP status code 403 ("access denied") error. +// The following actions are related to HeadObject: // -// The following operation is related to HeadObject: +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) // // See http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#RESTErrorResponses // for more information on returned errors. @@ -5496,14 +6317,13 @@ const opListBucketAnalyticsConfigurations = "ListBucketAnalyticsConfigurations" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListBucketAnalyticsConfigurationsRequest method. +// req, resp := client.ListBucketAnalyticsConfigurationsRequest(params) // -// // Example sending a request using the ListBucketAnalyticsConfigurationsRequest method. -// req, resp := client.ListBucketAnalyticsConfigurationsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurations func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalyticsConfigurationsInput) (req *request.Request, output *ListBucketAnalyticsConfigurationsOutput) { @@ -5524,33 +6344,35 @@ func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalytics // ListBucketAnalyticsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the analytics configurations for the bucket. You can have up to 1,000 // analytics configurations per bucket. // -// This operation supports list pagination and does not return more than 100 -// configurations at a time. You should always check the IsTruncated element -// in the response. If there are no more configurations to list, IsTruncated -// is set to false. If there are more configurations to list, IsTruncated is -// set to true, and there will be a value in NextContinuationToken. You use -// the NextContinuationToken value to continue the pagination of the list by -// passing the value in continuation-token in the request to GET the next page. +// This action supports list pagination and does not return more than 100 configurations +// at a time. You should always check the IsTruncated element in the response. +// If there are no more configurations to list, IsTruncated is set to false. +// If there are more configurations to list, IsTruncated is set to true, and +// there will be a value in NextContinuationToken. You use the NextContinuationToken +// value to continue the pagination of the list by passing the value in continuation-token +// in the request to GET the next page. // // To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about Amazon S3 analytics feature, see Amazon S3 Analytics // – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html). // // The following operations are related to ListBucketAnalyticsConfigurations: // -// * GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) +// - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) // -// * DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) +// - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) // -// * PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) +// - PutBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAnalyticsConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5596,14 +6418,13 @@ const opListBucketIntelligentTieringConfigurations = "ListBucketIntelligentTieri // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListBucketIntelligentTieringConfigurationsRequest method. +// req, resp := client.ListBucketIntelligentTieringConfigurationsRequest(params) // -// // Example sending a request using the ListBucketIntelligentTieringConfigurationsRequest method. -// req, resp := client.ListBucketIntelligentTieringConfigurationsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurations func (c *S3) ListBucketIntelligentTieringConfigurationsRequest(input *ListBucketIntelligentTieringConfigurationsInput) (req *request.Request, output *ListBucketIntelligentTieringConfigurationsOutput) { @@ -5624,32 +6445,34 @@ func (c *S3) ListBucketIntelligentTieringConfigurationsRequest(input *ListBucket // ListBucketIntelligentTieringConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access -// tier, without additional operational overhead. S3 Intelligent-Tiering delivers -// automatic cost savings by moving data between access tiers, when access patterns -// change. -// -// The S3 Intelligent-Tiering storage class is suitable for objects larger than -// 128 KB that you plan to store for at least 30 days. If the size of an object -// is less than 128 KB, it is not eligible for auto-tiering. Smaller objects -// can be stored, but they are always charged at the frequent access tier rates +// tier, without performance impact or operational overhead. S3 Intelligent-Tiering +// delivers automatic cost savings in three low latency and high throughput +// access tiers. To get the lowest storage cost on data that can be accessed +// in minutes to hours, you can choose to activate additional archiving capabilities. +// +// The S3 Intelligent-Tiering storage class is the ideal storage class for data +// with unknown, changing, or unpredictable access patterns, independent of +// object size or retention period. If the size of an object is less than 128 +// KB, it is not monitored and not eligible for auto-tiering. Smaller objects +// can be stored, but they are always charged at the Frequent Access tier rates // in the S3 Intelligent-Tiering storage class. // -// If you delete an object before the end of the 30-day minimum storage duration -// period, you are charged for 30 days. For more information, see Storage class -// for automatically optimizing frequently and infrequently accessed objects -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). +// For more information, see Storage class for automatically optimizing frequently +// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). // // Operations related to ListBucketIntelligentTieringConfigurations include: // -// * DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) +// - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) // -// * PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) +// - PutBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html) // -// * GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) +// - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5695,14 +6518,13 @@ const opListBucketInventoryConfigurations = "ListBucketInventoryConfigurations" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListBucketInventoryConfigurationsRequest method. +// req, resp := client.ListBucketInventoryConfigurationsRequest(params) // -// // Example sending a request using the ListBucketInventoryConfigurationsRequest method. -// req, resp := client.ListBucketInventoryConfigurationsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurations func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventoryConfigurationsInput) (req *request.Request, output *ListBucketInventoryConfigurationsOutput) { @@ -5723,33 +6545,35 @@ func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventory // ListBucketInventoryConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of inventory configurations for the bucket. You can have up // to 1,000 analytics configurations per bucket. // -// This operation supports list pagination and does not return more than 100 -// configurations at a time. Always check the IsTruncated element in the response. -// If there are no more configurations to list, IsTruncated is set to false. -// If there are more configurations to list, IsTruncated is set to true, and -// there is a value in NextContinuationToken. You use the NextContinuationToken -// value to continue the pagination of the list by passing the value in continuation-token +// This action supports list pagination and does not return more than 100 configurations +// at a time. Always check the IsTruncated element in the response. If there +// are no more configurations to list, IsTruncated is set to false. If there +// are more configurations to list, IsTruncated is set to true, and there is +// a value in NextContinuationToken. You use the NextContinuationToken value +// to continue the pagination of the list by passing the value in continuation-token // in the request to GET the next page. // // To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about the Amazon S3 inventory feature, see Amazon S3 Inventory // (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) // // The following operations are related to ListBucketInventoryConfigurations: // -// * GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) +// - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) // -// * DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) +// - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) // -// * PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) +// - PutBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5795,14 +6619,13 @@ const opListBucketMetricsConfigurations = "ListBucketMetricsConfigurations" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListBucketMetricsConfigurationsRequest method. +// req, resp := client.ListBucketMetricsConfigurationsRequest(params) // -// // Example sending a request using the ListBucketMetricsConfigurationsRequest method. -// req, resp := client.ListBucketMetricsConfigurationsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurations func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConfigurationsInput) (req *request.Request, output *ListBucketMetricsConfigurationsOutput) { @@ -5823,34 +6646,36 @@ func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConf // ListBucketMetricsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the metrics configurations for the bucket. The metrics configurations // are only for the request metrics of the bucket and do not provide information // on daily storage metrics. You can have up to 1,000 configurations per bucket. // -// This operation supports list pagination and does not return more than 100 -// configurations at a time. Always check the IsTruncated element in the response. -// If there are no more configurations to list, IsTruncated is set to false. -// If there are more configurations to list, IsTruncated is set to true, and -// there is a value in NextContinuationToken. You use the NextContinuationToken -// value to continue the pagination of the list by passing the value in continuation-token +// This action supports list pagination and does not return more than 100 configurations +// at a time. Always check the IsTruncated element in the response. If there +// are no more configurations to list, IsTruncated is set to false. If there +// are more configurations to list, IsTruncated is set to true, and there is +// a value in NextContinuationToken. You use the NextContinuationToken value +// to continue the pagination of the list by passing the value in continuation-token // in the request to GET the next page. // // To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For more information about metrics configurations and CloudWatch request // metrics, see Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). // // The following operations are related to ListBucketMetricsConfigurations: // -// * PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) +// - PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) // -// * GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) +// - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) // -// * DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) +// - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5896,14 +6721,13 @@ const opListBuckets = "ListBuckets" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListBucketsRequest method. +// req, resp := client.ListBucketsRequest(params) // -// // Example sending a request using the ListBucketsRequest method. -// req, resp := client.ListBucketsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBuckets func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, output *ListBucketsOutput) { @@ -5924,7 +6748,13 @@ func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, // ListBuckets API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of all buckets owned by the authenticated sender of the request. +// To use this operation, you must have the s3:ListAllMyBuckets permission. +// +// For information about Amazon S3 buckets, see Creating, configuring, and working +// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5954,6 +6784,160 @@ func (c *S3) ListBucketsWithContext(ctx aws.Context, input *ListBucketsInput, op return out, req.Send() } +const opListDirectoryBuckets = "ListDirectoryBuckets" + +// ListDirectoryBucketsRequest generates a "aws/request.Request" representing the +// client's request for the ListDirectoryBuckets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListDirectoryBuckets for more information on using the ListDirectoryBuckets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListDirectoryBucketsRequest method. +// req, resp := client.ListDirectoryBucketsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBucketsRequest(input *ListDirectoryBucketsInput) (req *request.Request, output *ListDirectoryBucketsOutput) { + op := &request.Operation{ + Name: opListDirectoryBuckets, + HTTPMethod: "GET", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"ContinuationToken"}, + OutputTokens: []string{"ContinuationToken"}, + LimitToken: "MaxDirectoryBuckets", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListDirectoryBucketsInput{} + } + + output = &ListDirectoryBucketsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListDirectoryBuckets API operation for Amazon Simple Storage Service. +// +// Returns a list of all Amazon S3 directory buckets owned by the authenticated +// sender of the request. For more information about directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to +// this API operation isn't supported. This operation can only be performed +// by the Amazon Web Services account that owns the resource. For more information +// about directory bucket policies and permissions, see Amazon Web Services +// Identity and Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation ListDirectoryBuckets for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBuckets(input *ListDirectoryBucketsInput) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + return out, req.Send() +} + +// ListDirectoryBucketsWithContext is the same as ListDirectoryBuckets with the addition of +// the ability to pass a context and additional request options. +// +// See ListDirectoryBuckets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, opts ...request.Option) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListDirectoryBucketsPages iterates over the pages of a ListDirectoryBuckets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListDirectoryBuckets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListDirectoryBuckets operation. +// pageNum := 0 +// err := client.ListDirectoryBucketsPages(params, +// func(page *s3.ListDirectoryBucketsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *S3) ListDirectoryBucketsPages(input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool) error { + return c.ListDirectoryBucketsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListDirectoryBucketsPagesWithContext same as ListDirectoryBucketsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsPagesWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListDirectoryBucketsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListDirectoryBucketsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListDirectoryBucketsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListMultipartUploads = "ListMultipartUploads" // ListMultipartUploadsRequest generates a "aws/request.Request" representing the @@ -5970,14 +6954,13 @@ const opListMultipartUploads = "ListMultipartUploads" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListMultipartUploadsRequest method. +// req, resp := client.ListMultipartUploadsRequest(params) // -// // Example sending a request using the ListMultipartUploadsRequest method. -// req, resp := client.ListMultipartUploadsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploads func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req *request.Request, output *ListMultipartUploadsOutput) { @@ -6004,40 +6987,91 @@ func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req // ListMultipartUploads API operation for Amazon Simple Storage Service. // -// This operation lists in-progress multipart uploads. An in-progress multipart -// upload is a multipart upload that has been initiated using the Initiate Multipart -// Upload request, but has not yet been completed or aborted. +// This operation lists in-progress multipart uploads in a bucket. An in-progress +// multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload +// request, but has not yet been completed or aborted. +// +// Directory buckets - If multipart uploads in a directory bucket are in progress, +// you can't delete the bucket until all the in-progress multipart uploads are +// aborted or completed. +// +// The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads +// in the response. The limit of 1,000 multipart uploads is also the default +// value. You can further limit the number of uploads in a response by specifying +// the max-uploads request parameter. If there are more than 1,000 multipart +// uploads that satisfy your ListMultipartUploads request, the response returns +// an IsTruncated element with the value of true, a NextKeyMarker element, and +// a NextUploadIdMarker element. To list the remaining multipart uploads, you +// need to make subsequent ListMultipartUploads requests. In these requests, +// include two query parameters: key-marker and upload-id-marker. Set the value +// of key-marker to the NextKeyMarker value from the previous response. Similarly, +// set the value of upload-id-marker to the NextUploadIdMarker value from the +// previous response. +// +// Directory buckets - The upload-id-marker element and the NextUploadIdMarker +// element aren't supported by directory buckets. To list the additional multipart +// uploads, you only need to set the value of key-marker to the NextKeyMarker +// value from the previous response. // -// This operation returns at most 1,000 multipart uploads in the response. 1,000 -// multipart uploads is the maximum number of uploads a response can include, -// which is also the default value. You can further limit the number of uploads -// in a response by specifying the max-uploads parameter in the response. If -// additional multipart uploads satisfy the list criteria, the response will -// contain an IsTruncated element with the value true. To list the additional -// multipart uploads, use the key-marker and upload-id-marker request parameters. +// For more information about multipart uploads, see Uploading Objects Using +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// In the response, the uploads are sorted by key. If your application has initiated -// more than one multipart upload using the same object key, then uploads in -// the response are first sorted by key. Additionally, uploads are sorted in -// ascending order within each key by the upload initiation time. +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Permissions // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting of multipart uploads in response +// +// - General purpose bucket - In the ListMultipartUploads response, the multipart +// uploads are sorted based on two criteria: Key-based sorting - Multipart +// uploads are initially sorted in ascending order based on their object +// keys. Time-based sorting - For uploads that share the same object key, +// they are further sorted in ascending order based on the upload initiation +// time. Among uploads with the same key, the one that was initiated first +// will appear before the ones that were initiated later. +// +// - Directory bucket - In the ListMultipartUploads response, the multipart +// uploads aren't sorted lexicographically based on the object keys. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListMultipartUploads: // -// * CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // -// * UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // -// * CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // -// * ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) // -// * AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) +// - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6075,15 +7109,14 @@ func (c *S3) ListMultipartUploadsWithContext(ctx aws.Context, input *ListMultipa // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListMultipartUploads operation. -// pageNum := 0 -// err := client.ListMultipartUploadsPages(params, -// func(page *s3.ListMultipartUploadsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListMultipartUploads operation. +// pageNum := 0 +// err := client.ListMultipartUploadsPages(params, +// func(page *s3.ListMultipartUploadsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *S3) ListMultipartUploadsPages(input *ListMultipartUploadsInput, fn func(*ListMultipartUploadsOutput, bool) bool) error { return c.ListMultipartUploadsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6135,14 +7168,13 @@ const opListObjectVersions = "ListObjectVersions" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListObjectVersionsRequest method. +// req, resp := client.ListObjectVersionsRequest(params) // -// // Example sending a request using the ListObjectVersionsRequest method. -// req, resp := client.ListObjectVersionsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersions func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *request.Request, output *ListObjectVersionsOutput) { @@ -6169,26 +7201,29 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req // ListObjectVersions API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns metadata about all versions of the objects in a bucket. You can also // use request parameters as selection criteria to return metadata about a subset // of all the object versions. // +// To use this operation, you must have permission to perform the s3:ListBucketVersions +// action. Be aware of the name difference. +// // A 200 OK response can contain valid or invalid XML. Make sure to design your // application to parse the contents of the response and handle it appropriately. // // To use this operation, you must have READ access to the bucket. // -// This action is not supported by Amazon S3 on Outposts. -// // The following operations are related to ListObjectVersions: // -// * ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) +// - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// * DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) +// - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6226,15 +7261,14 @@ func (c *S3) ListObjectVersionsWithContext(ctx aws.Context, input *ListObjectVer // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListObjectVersions operation. -// pageNum := 0 -// err := client.ListObjectVersionsPages(params, -// func(page *s3.ListObjectVersionsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListObjectVersions operation. +// pageNum := 0 +// err := client.ListObjectVersionsPages(params, +// func(page *s3.ListObjectVersionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *S3) ListObjectVersionsPages(input *ListObjectVersionsInput, fn func(*ListObjectVersionsOutput, bool) bool) error { return c.ListObjectVersionsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6286,14 +7320,13 @@ const opListObjects = "ListObjects" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListObjectsRequest method. +// req, resp := client.ListObjectsRequest(params) // -// // Example sending a request using the ListObjectsRequest method. -// req, resp := client.ListObjectsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjects func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, output *ListObjectsOutput) { @@ -6320,28 +7353,30 @@ func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, // ListObjects API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns some or all (up to 1,000) of the objects in a bucket. You can use // the request parameters as selection criteria to return a subset of the objects // in a bucket. A 200 OK response can contain valid or invalid XML. Be sure // to design your application to parse the contents of the response and handle // it appropriately. // -// This API has been revised. We recommend that you use the newer version, ListObjectsV2 -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html), +// This action has been revised. We recommend that you use the newer version, +// ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html), // when developing applications. For backward compatibility, Amazon S3 continues // to support ListObjects. // // The following operations are related to ListObjects: // -// * ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) +// - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) +// - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6351,8 +7386,8 @@ func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, // API operation ListObjects for usage and error information. // // Returned Error Codes: -// * ErrCodeNoSuchBucket "NoSuchBucket" -// The specified bucket does not exist. +// - ErrCodeNoSuchBucket "NoSuchBucket" +// The specified bucket does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjects func (c *S3) ListObjects(input *ListObjectsInput) (*ListObjectsOutput, error) { @@ -6384,15 +7419,14 @@ func (c *S3) ListObjectsWithContext(ctx aws.Context, input *ListObjectsInput, op // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListObjects operation. -// pageNum := 0 -// err := client.ListObjectsPages(params, -// func(page *s3.ListObjectsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListObjects operation. +// pageNum := 0 +// err := client.ListObjectsPages(params, +// func(page *s3.ListObjectsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *S3) ListObjectsPages(input *ListObjectsInput, fn func(*ListObjectsOutput, bool) bool) error { return c.ListObjectsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6444,14 +7478,13 @@ const opListObjectsV2 = "ListObjectsV2" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListObjectsV2Request method. +// req, resp := client.ListObjectsV2Request(params) // -// // Example sending a request using the ListObjectsV2Request method. -// req, resp := client.ListObjectsV2Request(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2 func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Request, output *ListObjectsV2Output) { @@ -6478,35 +7511,69 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque // ListObjectsV2 API operation for Amazon Simple Storage Service. // -// Returns some or all (up to 1,000) of the objects in a bucket. You can use -// the request parameters as selection criteria to return a subset of the objects -// in a bucket. A 200 OK response can contain valid or invalid XML. Make sure -// to design your application to parse the contents of the response and handle -// it appropriately. +// Returns some or all (up to 1,000) of the objects in a bucket with each request. +// You can use the request parameters as selection criteria to return a subset +// of the objects in a bucket. A 200 OK response can contain valid or invalid +// XML. Make sure to design your application to parse the contents of the response +// and handle it appropriately. For more information about listing objects, +// see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// To use this operation, you must have READ access to the bucket. +// Permissions // -// To use this operation in an AWS Identity and Access Management (IAM) policy, -// you must have permissions to perform the s3:ListBucket action. The bucket -// owner has this permission by default and can grant this permission to others. -// For more information about permissions, see Permissions Related to Bucket -// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// - General purpose bucket permissions - To use this operation, you must +// have READ access to the bucket. You must have permission to perform the +// s3:ListBucket action. The bucket owner has this permission by default +// and can grant this permission to others. For more information about permissions, +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting order of returned objects // -// This section describes the latest revision of the API. We recommend that -// you use this revised API for application development. For backward compatibility, -// Amazon S3 continues to support the prior version of this API, ListObjects -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). +// - General purpose bucket - For general purpose buckets, ListObjectsV2 +// returns objects in lexicographical order based on their key names. // -// To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). +// - Directory bucket - For directory buckets, ListObjectsV2 does not return +// objects in lexicographical order. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// This section describes the latest revision of this action. We recommend that +// you use this revised API operation for application development. For backward +// compatibility, Amazon S3 continues to support the prior version of this API +// operation, ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). // // The following operations are related to ListObjectsV2: // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6516,8 +7583,8 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque // API operation ListObjectsV2 for usage and error information. // // Returned Error Codes: -// * ErrCodeNoSuchBucket "NoSuchBucket" -// The specified bucket does not exist. +// - ErrCodeNoSuchBucket "NoSuchBucket" +// The specified bucket does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2 func (c *S3) ListObjectsV2(input *ListObjectsV2Input) (*ListObjectsV2Output, error) { @@ -6549,15 +7616,14 @@ func (c *S3) ListObjectsV2WithContext(ctx aws.Context, input *ListObjectsV2Input // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListObjectsV2 operation. -// pageNum := 0 -// err := client.ListObjectsV2Pages(params, -// func(page *s3.ListObjectsV2Output, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListObjectsV2 operation. +// pageNum := 0 +// err := client.ListObjectsV2Pages(params, +// func(page *s3.ListObjectsV2Output, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *S3) ListObjectsV2Pages(input *ListObjectsV2Input, fn func(*ListObjectsV2Output, bool) bool) error { return c.ListObjectsV2PagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6609,14 +7675,13 @@ const opListParts = "ListParts" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the ListPartsRequest method. +// req, resp := client.ListPartsRequest(params) // -// // Example sending a request using the ListPartsRequest method. -// req, resp := client.ListPartsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListParts func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, output *ListPartsOutput) { @@ -6644,33 +7709,72 @@ func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, outp // ListParts API operation for Amazon Simple Storage Service. // // Lists the parts that have been uploaded for a specific multipart upload. -// This operation must include the upload ID, which you obtain by sending the -// initiate multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)). -// This request returns a maximum of 1,000 uploaded parts. The default number -// of parts returned is 1,000 parts. You can restrict the number of parts returned -// by specifying the max-parts request parameter. If your multipart upload consists -// of more than 1,000 parts, the response returns an IsTruncated field with -// the value of true, and a NextPartNumberMarker element. In subsequent ListParts -// requests you can include the part-number-marker query string parameter and -// set its value to the NextPartNumberMarker field value from the previous response. +// +// To use this operation, you must provide the upload ID in the request. You +// obtain this uploadID by sending the initiate multipart upload request through +// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// +// The ListParts request returns a maximum of 1,000 uploaded parts. The limit +// of 1,000 parts is also the default value. You can restrict the number of +// parts in a response by specifying the max-parts request parameter. If your +// multipart upload consists of more than 1,000 parts, the response returns +// an IsTruncated field with the value of true, and a NextPartNumberMarker element. +// To list remaining uploaded parts, in subsequent ListParts requests, include +// the part-number-marker query string parameter and set its value to the NextPartNumberMarker +// field value from the previous response. // // For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. If the upload was created using server-side +// encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer +// server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you +// must have permission to the kms:Decrypt action for the ListParts request +// to succeed. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListParts: // -// * CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// +// - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // -// * UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // -// * CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) // -// * AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) +// - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) // -// * ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) +// - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6708,15 +7812,14 @@ func (c *S3) ListPartsWithContext(ctx aws.Context, input *ListPartsInput, opts . // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListParts operation. -// pageNum := 0 -// err := client.ListPartsPages(params, -// func(page *s3.ListPartsOutput, lastPage bool) bool { -// pageNum++ -// fmt.Println(page) -// return pageNum <= 3 -// }) -// +// // Example iterating over at most 3 pages of a ListParts operation. +// pageNum := 0 +// err := client.ListPartsPages(params, +// func(page *s3.ListPartsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) func (c *S3) ListPartsPages(input *ListPartsInput, fn func(*ListPartsOutput, bool) bool) error { return c.ListPartsPagesWithContext(aws.BackgroundContext(), input, fn) } @@ -6768,14 +7871,13 @@ const opPutBucketAccelerateConfiguration = "PutBucketAccelerateConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketAccelerateConfigurationRequest method. +// req, resp := client.PutBucketAccelerateConfigurationRequest(params) // -// // Example sending a request using the PutBucketAccelerateConfigurationRequest method. -// req, resp := client.PutBucketAccelerateConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfiguration func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateConfigurationInput) (req *request.Request, output *PutBucketAccelerateConfigurationOutput) { @@ -6797,6 +7899,8 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC // PutBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer // Acceleration is a bucket-level feature that enables you to perform faster // data transfers to Amazon S3. @@ -6804,18 +7908,18 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC // To use this operation, you must have permission to perform the s3:PutAccelerateConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // The Transfer Acceleration state of a bucket can be set to one of the following // two values: // -// * Enabled – Enables accelerated data transfers to the bucket. +// - Enabled – Enables accelerated data transfers to the bucket. // -// * Suspended – Disables accelerated data transfers to the bucket. +// - Suspended – Disables accelerated data transfers to the bucket. // // The GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html) -// operation returns the transfer acceleration state of a bucket. +// action returns the transfer acceleration state of a bucket. // // After setting the Transfer Acceleration state of a bucket to Enabled, it // might take up to thirty minutes before the data transfer rates to the bucket @@ -6829,9 +7933,9 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC // // The following operations are related to PutBucketAccelerateConfiguration: // -// * GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html) +// - GetBucketAccelerateConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAccelerateConfiguration.html) // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6877,14 +7981,13 @@ const opPutBucketAcl = "PutBucketAcl" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketAclRequest method. +// req, resp := client.PutBucketAclRequest(params) // -// // Example sending a request using the PutBucketAclRequest method. -// req, resp := client.PutBucketAclRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAcl func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request, output *PutBucketAclOutput) { @@ -6910,15 +8013,17 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // PutBucketAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the permissions on an existing bucket using access control lists (ACL). // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// To set the ACL of a bucket, you must have WRITE_ACP permission. +// To set the ACL of a bucket, you must have the WRITE_ACP permission. // // You can use one of the following two ways to set a bucket's permissions: // -// * Specify the ACL in the request body +// - Specify the ACL in the request body // -// * Specify permissions using request headers +// - Specify permissions using request headers // // You cannot specify access permission using both the body and the request // headers. @@ -6928,74 +8033,83 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // existing application that updates a bucket ACL using the request body, then // you can continue to use that approach. // -// Access Permissions -// -// You can set access permissions using one of the following methods: -// -// * Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports -// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a -// predefined set of grantees and permissions. Specify the canned ACL name -// as the value of x-amz-acl. If you use this header, you cannot use other -// access control-specific headers in your request. For more information, -// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, -// x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using -// these headers, you specify explicit access permissions and grantees (AWS -// accounts or Amazon S3 groups) who will receive the permission. If you -// use these ACL-specific headers, you cannot use the x-amz-acl header to -// set a canned ACL. These parameters map to the set of permissions that -// Amazon S3 supports in an ACL. For more information, see Access Control -// List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// You specify each grantee as a type=value pair, where the type is one of -// the following: id – if the value specified is the canonical user ID -// of an AWS account uri – if you are granting permissions to a predefined -// group emailAddress – if the value specified is the email address of -// an AWS account Using email addresses to specify a grantee is only supported -// in the following AWS Regions: US East (N. Virginia) US West (N. California) -// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific -// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all -// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints -// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in -// the AWS General Reference. For example, the following x-amz-grant-write -// header grants create, overwrite, and delete objects permission to LogDelivery -// group predefined by Amazon S3 and two AWS accounts identified by their -// email addresses. x-amz-grant-write: uri="http://acs.amazonaws.com/groups/s3/LogDelivery", -// id="111122223333", id="555566667777" +// If your bucket uses the bucket owner enforced setting for S3 Object Ownership, +// ACLs are disabled and no longer affect permissions. You must use policies +// to grant access to your bucket and the objects in it. Requests to set ACLs +// or update ACLs fail and return the AccessControlListNotSupported error code. +// Requests to read ACLs are still supported. For more information, see Controlling +// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// You can set access permissions by using one of the following methods: +// +// - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports +// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a +// predefined set of grantees and permissions. Specify the canned ACL name +// as the value of x-amz-acl. If you use this header, you cannot use other +// access control-specific headers in your request. For more information, +// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). +// +// - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, +// x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using +// these headers, you specify explicit access permissions and grantees (Amazon +// Web Services accounts or Amazon S3 groups) who will receive the permission. +// If you use these ACL-specific headers, you cannot use the x-amz-acl header +// to set a canned ACL. These parameters map to the set of permissions that +// Amazon S3 supports in an ACL. For more information, see Access Control +// List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). +// You specify each grantee as a type=value pair, where the type is one of +// the following: id – if the value specified is the canonical user ID +// of an Amazon Web Services account uri – if you are granting permissions +// to a predefined group emailAddress – if the value specified is the email +// address of an Amazon Web Services account Using email addresses to specify +// a grantee is only supported in the following Amazon Web Services Regions: +// US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific +// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) +// South America (São Paulo) For a list of all the Amazon S3 supported Regions +// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) +// in the Amazon Web Services General Reference. For example, the following +// x-amz-grant-write header grants create, overwrite, and delete objects +// permission to LogDelivery group predefined by Amazon S3 and two Amazon +// Web Services accounts identified by their email addresses. x-amz-grant-write: +// uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333", +// id="555566667777" // // You can use either a canned ACL or specify access permissions explicitly. // You cannot do both. // -// Grantee Values +// # Grantee Values // // You can specify the person (grantee) to whom you're assigning access rights // (using request elements) in the following ways: // -// * By the person's ID: <>ID<><>GranteesEmail<> -// DisplayName is optional and ignored in the request +// - By the person's ID: <>ID<><>GranteesEmail<> +// DisplayName is optional and ignored in the request // -// * By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> +// - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> // -// * By Email address: <>Grantees@email.com<>lt;/Grantee> -// The grantee is resolved to the CanonicalUser and, in a response to a GET -// Object acl request, appears as the CanonicalUser. Using email addresses -// to specify a grantee is only supported in the following AWS Regions: US -// East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific -// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) -// South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the AWS General Reference. +// - By Email address: <>Grantees@email.com<>& +// The grantee is resolved to the CanonicalUser and, in a response to a GET +// Object acl request, appears as the CanonicalUser. Using email addresses +// to specify a grantee is only supported in the following Amazon Web Services +// Regions: US East (N. Virginia) US West (N. California) US West (Oregon) +// Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe +// (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported +// Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) +// in the Amazon Web Services General Reference. // -// Related Resources +// The following operations are related to PutBucketAcl: // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) +// - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) // -// * GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) +// - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7041,14 +8155,13 @@ const opPutBucketAnalyticsConfiguration = "PutBucketAnalyticsConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketAnalyticsConfigurationRequest method. +// req, resp := client.PutBucketAnalyticsConfigurationRequest(params) // -// // Example sending a request using the PutBucketAnalyticsConfigurationRequest method. -// req, resp := client.PutBucketAnalyticsConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfiguration func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsConfigurationInput) (req *request.Request, output *PutBucketAnalyticsConfigurationOutput) { @@ -7070,6 +8183,8 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // PutBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets an analytics configuration for the bucket (specified by the analytics // configuration ID). You can have up to 1,000 analytics configurations per // bucket. @@ -7092,29 +8207,29 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// Special Errors +// PutBucketAnalyticsConfiguration has the following special errors: // -// * HTTP Error: HTTP 400 Bad Request Code: InvalidArgument Cause: Invalid -// argument. +// - HTTP Error: HTTP 400 Bad Request Code: InvalidArgument Cause: Invalid +// argument. // -// * HTTP Error: HTTP 400 Bad Request Code: TooManyConfigurations Cause: -// You are attempting to create a new configuration but have already reached -// the 1,000-configuration limit. +// - HTTP Error: HTTP 400 Bad Request Code: TooManyConfigurations Cause: +// You are attempting to create a new configuration but have already reached +// the 1,000-configuration limit. // -// * HTTP Error: HTTP 403 Forbidden Code: AccessDenied Cause: You are not -// the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration -// bucket permission to set the configuration on the bucket. +// - HTTP Error: HTTP 403 Forbidden Code: AccessDenied Cause: You are not +// the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration +// bucket permission to set the configuration on the bucket. // -// Related Resources +// The following operations are related to PutBucketAnalyticsConfiguration: // -// * GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) +// - GetBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAnalyticsConfiguration.html) // -// * DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) +// - DeleteBucketAnalyticsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketAnalyticsConfiguration.html) // -// * ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) +// - ListBucketAnalyticsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketAnalyticsConfigurations.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7160,14 +8275,13 @@ const opPutBucketCors = "PutBucketCors" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketCorsRequest method. +// req, resp := client.PutBucketCorsRequest(params) // -// // Example sending a request using the PutBucketCorsRequest method. -// req, resp := client.PutBucketCorsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCors func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Request, output *PutBucketCorsOutput) { @@ -7193,6 +8307,8 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // PutBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the cors configuration for your bucket. If the configuration exists, // Amazon S3 replaces it. // @@ -7216,26 +8332,26 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // a cross-origin request. For a rule to match, the following conditions must // be met: // -// * The request's Origin header must match AllowedOrigin elements. +// - The request's Origin header must match AllowedOrigin elements. // -// * The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method -// header in case of a pre-flight OPTIONS request must be one of the AllowedMethod -// elements. +// - The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method +// header in case of a pre-flight OPTIONS request must be one of the AllowedMethod +// elements. // -// * Every header specified in the Access-Control-Request-Headers request -// header of a pre-flight request must match an AllowedHeader element. +// - Every header specified in the Access-Control-Request-Headers request +// header of a pre-flight request must match an AllowedHeader element. // // For more information about CORS, go to Enabling Cross-Origin Resource Sharing // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon -// Simple Storage Service Developer Guide. +// S3 User Guide. // -// Related Resources +// The following operations are related to PutBucketCors: // -// * GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html) +// - GetBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketCors.html) // -// * DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) +// - DeleteBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html) // -// * RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) +// - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7281,14 +8397,13 @@ const opPutBucketEncryption = "PutBucketEncryption" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketEncryptionRequest method. +// req, resp := client.PutBucketEncryptionRequest(params) // -// // Example sending a request using the PutBucketEncryptionRequest method. -// req, resp := client.PutBucketEncryptionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryption func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *request.Request, output *PutBucketEncryptionOutput) { @@ -7314,33 +8429,37 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r // PutBucketEncryption API operation for Amazon Simple Storage Service. // -// This operation uses the encryption subresource to configure default encryption -// and Amazon S3 Bucket Key for an existing bucket. +// This operation is not supported by directory buckets. // -// Default encryption for a bucket can use server-side encryption with Amazon -// S3-managed keys (SSE-S3) or AWS KMS customer master keys (SSE-KMS). If you -// specify default encryption using SSE-KMS, you can also configure Amazon S3 -// Bucket Key. For information about default encryption, see Amazon S3 default -// bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) -// in the Amazon Simple Storage Service Developer Guide. For more information -// about S3 Bucket Keys, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon Simple Storage Service Developer Guide. +// This action uses the encryption subresource to configure default encryption +// and Amazon S3 Bucket Keys for an existing bucket. // -// This operation requires AWS Signature Version 4. For more information, see -// Authenticating Requests (AWS Signature Version 4) (sig-v4-authenticating-requests.html). +// By default, all buckets have a default encryption configuration that uses +// server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally +// configure default encryption for a bucket by using server-side encryption +// with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default +// encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html). If you +// use PutBucketEncryption to set your default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 +// does not validate the KMS key ID provided in PutBucketEncryption requests. // -// To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration +// This action requires Amazon Web Services Signature Version 4. For more information, +// see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). +// +// To use this operation, you must have permission to perform the s3:PutEncryptionConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) -// in the Amazon Simple Storage Service Developer Guide. +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. // -// Related Resources +// The following operations are related to PutBucketEncryption: // -// * GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) +// - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) // -// * DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) +// - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7386,14 +8505,13 @@ const opPutBucketIntelligentTieringConfiguration = "PutBucketIntelligentTieringC // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketIntelligentTieringConfigurationRequest method. +// req, resp := client.PutBucketIntelligentTieringConfigurationRequest(params) // -// // Example sending a request using the PutBucketIntelligentTieringConfigurationRequest method. -// req, resp := client.PutBucketIntelligentTieringConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketIntelligentTieringConfiguration func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketIntelligentTieringConfigurationInput) (req *request.Request, output *PutBucketIntelligentTieringConfigurationOutput) { @@ -7415,32 +8533,60 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt // PutBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // -// Puts a S3 Intelligent-Tiering configuration to the specified bucket. +// This operation is not supported by directory buckets. +// +// Puts a S3 Intelligent-Tiering configuration to the specified bucket. You +// can have up to 1,000 S3 Intelligent-Tiering configurations per bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access -// tier, without additional operational overhead. S3 Intelligent-Tiering delivers -// automatic cost savings by moving data between access tiers, when access patterns -// change. -// -// The S3 Intelligent-Tiering storage class is suitable for objects larger than -// 128 KB that you plan to store for at least 30 days. If the size of an object -// is less than 128 KB, it is not eligible for auto-tiering. Smaller objects -// can be stored, but they are always charged at the frequent access tier rates +// tier, without performance impact or operational overhead. S3 Intelligent-Tiering +// delivers automatic cost savings in three low latency and high throughput +// access tiers. To get the lowest storage cost on data that can be accessed +// in minutes to hours, you can choose to activate additional archiving capabilities. +// +// The S3 Intelligent-Tiering storage class is the ideal storage class for data +// with unknown, changing, or unpredictable access patterns, independent of +// object size or retention period. If the size of an object is less than 128 +// KB, it is not monitored and not eligible for auto-tiering. Smaller objects +// can be stored, but they are always charged at the Frequent Access tier rates // in the S3 Intelligent-Tiering storage class. // -// If you delete an object before the end of the 30-day minimum storage duration -// period, you are charged for 30 days. For more information, see Storage class -// for automatically optimizing frequently and infrequently accessed objects -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). +// For more information, see Storage class for automatically optimizing frequently +// and infrequently accessed objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access). // // Operations related to PutBucketIntelligentTieringConfiguration include: // -// * DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) +// - DeleteBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html) +// +// - GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) +// +// - ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) +// +// You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically +// move objects stored in the S3 Intelligent-Tiering storage class to the Archive +// Access or Deep Archive Access tier. // -// * GetBucketIntelligentTieringConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html) +// PutBucketIntelligentTieringConfiguration has the following special errors: // -// * ListBucketIntelligentTieringConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html) +// # HTTP 400 Bad Request Error +// +// Code: InvalidArgument +// +// Cause: Invalid Argument +// +// # HTTP 400 Bad Request Error +// +// Code: TooManyConfigurations +// +// Cause: You are attempting to create a new configuration but have already +// reached the 1,000-configuration limit. +// +// # HTTP 403 Forbidden Error +// +// Cause: You are not the owner of the specified bucket, or you do not have +// the s3:PutIntelligentTieringConfiguration bucket permission to set the configuration +// on the bucket. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7486,14 +8632,13 @@ const opPutBucketInventoryConfiguration = "PutBucketInventoryConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketInventoryConfigurationRequest method. +// req, resp := client.PutBucketInventoryConfigurationRequest(params) // -// // Example sending a request using the PutBucketInventoryConfigurationRequest method. -// req, resp := client.PutBucketInventoryConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfiguration func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryConfigurationInput) (req *request.Request, output *PutBucketInventoryConfigurationOutput) { @@ -7515,54 +8660,80 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon // PutBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // -// This implementation of the PUT operation adds an inventory configuration -// (identified by the inventory ID) to the bucket. You can have up to 1,000 -// inventory configurations per bucket. +// This operation is not supported by directory buckets. +// +// This implementation of the PUT action adds an inventory configuration (identified +// by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations +// per bucket. // // Amazon S3 inventory generates inventories of the objects in the bucket on // a daily or weekly basis, and the results are published to a flat file. The // bucket that is inventoried is called the source bucket, and the bucket where // the inventory flat file is stored is called the destination bucket. The destination -// bucket must be in the same AWS Region as the source bucket. +// bucket must be in the same Amazon Web Services Region as the source bucket. // // When you configure an inventory for a source bucket, you specify the destination // bucket where you want the inventory to be stored, and whether to generate // the inventory daily or weekly. You can also configure what object metadata // to include and whether to inventory all object versions or only current versions. // For more information, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // // You must create a bucket policy on the destination bucket to grant permissions // to Amazon S3 to write objects to the bucket in the defined location. For // an example policy, see Granting Permissions for Amazon S3 Inventory and Storage // Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9). // -// To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration +// # Permissions +// +// To use this operation, you must have permission to perform the s3:PutInventoryConfiguration // action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) -// in the Amazon Simple Storage Service Developer Guide. +// permission to others. // -// Special Errors +// The s3:PutInventoryConfiguration permission allows a user to create an S3 +// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html) +// report that includes all object metadata fields available and to specify +// the destination bucket to store the inventory. A user with read access to +// objects in the destination bucket can also access all object metadata fields +// that are available in the inventory report. // -// * HTTP 400 Bad Request Error Code: InvalidArgument Cause: Invalid Argument +// To restrict access to an inventory report, see Restricting access to an Amazon +// S3 Inventory report (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10) +// in the Amazon S3 User Guide. For more information about the metadata fields +// available in S3 Inventory, see Amazon S3 Inventory lists (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents) +// in the Amazon S3 User Guide. For more information about permissions, see +// Permissions related to bucket subresource operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Identity and access management in Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. // -// * HTTP 400 Bad Request Error Code: TooManyConfigurations Cause: You are -// attempting to create a new configuration but have already reached the -// 1,000-configuration limit. +// PutBucketInventoryConfiguration has the following special errors: // -// * HTTP 403 Forbidden Error Code: AccessDenied Cause: You are not the owner -// of the specified bucket, or you do not have the s3:PutInventoryConfiguration -// bucket permission to set the configuration on the bucket. +// # HTTP 400 Bad Request Error // -// Related Resources +// Code: InvalidArgument +// +// Cause: Invalid Argument +// +// # HTTP 400 Bad Request Error +// +// Code: TooManyConfigurations // -// * GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) +// Cause: You are attempting to create a new configuration but have already +// reached the 1,000-configuration limit. // -// * DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) +// # HTTP 403 Forbidden Error // -// * ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) +// Cause: You are not the owner of the specified bucket, or you do not have +// the s3:PutInventoryConfiguration bucket permission to set the configuration +// on the bucket. +// +// The following operations are related to PutBucketInventoryConfiguration: +// +// - GetBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html) +// +// - DeleteBucketInventoryConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html) +// +// - ListBucketInventoryConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7608,14 +8779,13 @@ const opPutBucketLifecycle = "PutBucketLifecycle" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketLifecycleRequest method. +// req, resp := client.PutBucketLifecycleRequest(params) // -// // Example sending a request using the PutBucketLifecycleRequest method. -// req, resp := client.PutBucketLifecycleRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycle // @@ -7646,6 +8816,7 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req // PutBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. // // For an updated version of this API, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html). // This version has been deprecated. Existing lifecycle configurations will @@ -7654,47 +8825,47 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req // Creates a new lifecycle configuration for the bucket or replaces an existing // lifecycle configuration. For information about lifecycle configuration, see // Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // // By default, all Amazon S3 resources, including buckets, objects, and related // subresources (for example, lifecycle configuration and website configuration) -// are private. Only the resource owner, the AWS account that created the resource, -// can access it. The resource owner can optionally grant access permissions -// to others by writing an access policy. For this operation, users must get -// the s3:PutLifecycleConfiguration permission. +// are private. Only the resource owner, the Amazon Web Services account that +// created the resource, can access it. The resource owner can optionally grant +// access permissions to others by writing an access policy. For this operation, +// users must get the s3:PutLifecycleConfiguration permission. // // You can also explicitly deny permissions. Explicit denial also supersedes // any other permissions. If you want to prevent users or accounts from removing // or deleting objects from your bucket, you must deny them permissions for // the following actions: // -// * s3:DeleteObject +// - s3:DeleteObject // -// * s3:DeleteObjectVersion +// - s3:DeleteObjectVersion // -// * s3:PutLifecycleConfiguration +// - s3:PutLifecycleConfiguration // // For more information about permissions, see Managing Access Permissions to -// your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) -// in the Amazon Simple Storage Service Developer Guide. +// your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. // // For more examples of transitioning objects to storage classes such as STANDARD_IA // or ONEZONE_IA, see Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#lifecycle-configuration-examples). // -// Related Resources +// The following operations are related to PutBucketLifecycle: // -// * GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)(Deprecated) +// - GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html)(Deprecated) // -// * GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) +// - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) // -// * RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) +// - RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) // -// * By default, a resource owner—in this case, a bucket owner, which is -// the AWS account that created the bucket—can perform any of the operations. -// A resource owner can also grant others permission to perform the operation. -// For more information, see the following topics in the Amazon Simple Storage -// Service Developer Guide: Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) +// - By default, a resource owner—in this case, a bucket owner, which is +// the Amazon Web Services account that created the bucket—can perform +// any of the operations. A resource owner can also grant others permission +// to perform the operation. For more information, see the following topics +// in the Amazon S3 User Guide: Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7744,14 +8915,13 @@ const opPutBucketLifecycleConfiguration = "PutBucketLifecycleConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketLifecycleConfigurationRequest method. +// req, resp := client.PutBucketLifecycleConfigurationRequest(params) // -// // Example sending a request using the PutBucketLifecycleConfigurationRequest method. -// req, resp := client.PutBucketLifecycleConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfiguration func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleConfigurationInput) (req *request.Request, output *PutBucketLifecycleConfigurationOutput) { @@ -7777,69 +8947,74 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // PutBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a new lifecycle configuration for the bucket or replaces an existing -// lifecycle configuration. For information about lifecycle configuration, see -// Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// lifecycle configuration. Keep in mind that this will overwrite an existing +// lifecycle configuration, so if you want to retain any configuration details, +// they must be included in the new lifecycle configuration. For information +// about lifecycle configuration, see Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html). // // Bucket lifecycle configuration now supports specifying a lifecycle rule using -// an object key name prefix, one or more object tags, or a combination of both. -// Accordingly, this section describes the latest API. The previous version -// of the API supported filtering based only on an object key name prefix, which -// is supported for backward compatibility. For the related API description, +// an object key name prefix, one or more object tags, object size, or any combination +// of these. Accordingly, this section describes the latest API. The previous +// version of the API supported filtering based only on an object key name prefix, +// which is supported for backward compatibility. For the related API description, // see PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html). // -// Rules +// # Rules // // You specify the lifecycle configuration in your request body. The lifecycle -// configuration is specified as XML consisting of one or more rules. Each rule -// consists of the following: +// configuration is specified as XML consisting of one or more rules. An Amazon +// S3 Lifecycle configuration can have up to 1,000 rules. This limit is not +// adjustable. Each rule consists of the following: // -// * Filter identifying a subset of objects to which the rule applies. The -// filter can be based on a key name prefix, object tags, or a combination -// of both. +// - A filter identifying a subset of objects to which the rule applies. +// The filter can be based on a key name prefix, object tags, object size, +// or any combination of these. // -// * Status whether the rule is in effect. +// - A status indicating whether the rule is in effect. // -// * One or more lifecycle transition and expiration actions that you want -// Amazon S3 to perform on the objects identified by the filter. If the state -// of your bucket is versioning-enabled or versioning-suspended, you can -// have many versions of the same object (one current version and zero or -// more noncurrent versions). Amazon S3 provides predefined actions that -// you can specify for current and noncurrent object versions. +// - One or more lifecycle transition and expiration actions that you want +// Amazon S3 to perform on the objects identified by the filter. If the state +// of your bucket is versioning-enabled or versioning-suspended, you can +// have many versions of the same object (one current version and zero or +// more noncurrent versions). Amazon S3 provides predefined actions that +// you can specify for current and noncurrent object versions. // // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) // and Lifecycle Configuration Elements (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html). // -// Permissions +// # Permissions // // By default, all Amazon S3 resources are private, including buckets, objects, // and related subresources (for example, lifecycle configuration and website -// configuration). Only the resource owner (that is, the AWS account that created -// it) can access the resource. The resource owner can optionally grant access -// permissions to others by writing an access policy. For this operation, a -// user must get the s3:PutLifecycleConfiguration permission. +// configuration). Only the resource owner (that is, the Amazon Web Services +// account that created it) can access the resource. The resource owner can +// optionally grant access permissions to others by writing an access policy. +// For this operation, a user must get the s3:PutLifecycleConfiguration permission. // -// You can also explicitly deny permissions. Explicit deny also supersedes any -// other permissions. If you want to block users or accounts from removing or -// deleting objects from your bucket, you must deny them permissions for the -// following actions: +// You can also explicitly deny permissions. An explicit deny also supersedes +// any other permissions. If you want to block users or accounts from removing +// or deleting objects from your bucket, you must deny them permissions for +// the following actions: // -// * s3:DeleteObject +// - s3:DeleteObject // -// * s3:DeleteObjectVersion +// - s3:DeleteObjectVersion // -// * s3:PutLifecycleConfiguration +// - s3:PutLifecycleConfiguration // // For more information about permissions, see Managing Access Permissions to -// Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// The following are related to PutBucketLifecycleConfiguration: +// The following operations are related to PutBucketLifecycleConfiguration: // -// * Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html) +// - Examples of Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-configuration-examples.html) // -// * GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) +// - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) // -// * DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) +// - DeleteBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7885,14 +9060,13 @@ const opPutBucketLogging = "PutBucketLogging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketLoggingRequest method. +// req, resp := client.PutBucketLoggingRequest(params) // -// // Example sending a request using the PutBucketLoggingRequest method. -// req, resp := client.PutBucketLoggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLogging func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request.Request, output *PutBucketLoggingOutput) { @@ -7918,31 +9092,39 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // PutBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Set the logging parameters for a bucket and to specify permissions for who // can view and modify the logging parameters. All logs are saved to buckets -// in the same AWS Region as the source bucket. To set the logging status of -// a bucket, you must be the bucket owner. +// in the same Amazon Web Services Region as the source bucket. To set the logging +// status of a bucket, you must be the bucket owner. // // The bucket owner is automatically granted FULL_CONTROL to all logs. You use // the Grantee request element to grant access to other people. The Permissions // request element specifies the kind of access the grantee has to the logs. // -// Grantee Values +// If the target bucket for log delivery uses the bucket owner enforced setting +// for S3 Object Ownership, you can't use the Grantee request element to grant +// access to others. Permissions can only be granted using policies. For more +// information, see Permissions for server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) +// in the Amazon S3 User Guide. +// +// # Grantee Values // // You can specify the person (grantee) to whom you're assigning access rights -// (using request elements) in the following ways: +// (by using request elements) in the following ways: // -// * By the person's ID: <>ID<><>GranteesEmail<> -// DisplayName is optional and ignored in the request. +// - By the person's ID: <>ID<><>GranteesEmail<> +// DisplayName is optional and ignored in the request. // -// * By Email address: <>Grantees@email.com<> -// The grantee is resolved to the CanonicalUser and, in a response to a GET -// Object acl request, appears as the CanonicalUser. +// - By Email address: <>Grantees@email.com<> +// The grantee is resolved to the CanonicalUser and, in a response to a GETObjectAcl +// request, appears as the CanonicalUser. // -// * By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> +// - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> // // To enable logging, you use LoggingEnabled and its children request elements. // To disable logging, you use an empty BucketLoggingStatus request element: @@ -7950,7 +9132,8 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // // // For more information about server access logging, see Server Access Logging -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html). +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html) in +// the Amazon S3 User Guide. // // For more information about creating a bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). // For more information about returning the logging status of a bucket, see @@ -7958,13 +9141,13 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // // The following operations are related to PutBucketLogging: // -// * PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // -// * DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) +// - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html) +// - GetBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8010,14 +9193,13 @@ const opPutBucketMetricsConfiguration = "PutBucketMetricsConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketMetricsConfigurationRequest method. +// req, resp := client.PutBucketMetricsConfigurationRequest(params) // -// // Example sending a request using the PutBucketMetricsConfigurationRequest method. -// req, resp := client.PutBucketMetricsConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfiguration func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigurationInput) (req *request.Request, output *PutBucketMetricsConfigurationOutput) { @@ -8039,6 +9221,8 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // PutBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets a metrics configuration (specified by the metrics configuration ID) // for the bucket. You can have up to 1,000 metrics configurations per bucket. // If you're updating an existing metrics configuration, note that this is a @@ -8048,25 +9232,25 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration // action. The bucket owner has this permission by default. The bucket owner // can grant this permission to others. For more information about permissions, -// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // // For information about CloudWatch request metrics for Amazon S3, see Monitoring // Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). // // The following operations are related to PutBucketMetricsConfiguration: // -// * DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) +// - DeleteBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html) // -// * PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html) +// - GetBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html) // -// * ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) +// - ListBucketMetricsConfigurations (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html) // -// GetBucketLifecycle has the following special error: +// PutBucketMetricsConfiguration has the following special error: // -// * Error code: TooManyConfigurations Description: You are attempting to -// create a new configuration but have already reached the 1,000-configuration -// limit. HTTP Status Code: HTTP 400 Bad Request +// - Error code: TooManyConfigurations Description: You are attempting to +// create a new configuration but have already reached the 1,000-configuration +// limit. HTTP Status Code: HTTP 400 Bad Request // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8112,14 +9296,13 @@ const opPutBucketNotification = "PutBucketNotification" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketNotificationRequest method. +// req, resp := client.PutBucketNotificationRequest(params) // -// // Example sending a request using the PutBucketNotificationRequest method. -// req, resp := client.PutBucketNotificationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotification // @@ -8150,6 +9333,8 @@ func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (re // PutBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see the PutBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html) // operation. // @@ -8201,14 +9386,13 @@ const opPutBucketNotificationConfiguration = "PutBucketNotificationConfiguration // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketNotificationConfigurationRequest method. +// req, resp := client.PutBucketNotificationConfigurationRequest(params) // -// // Example sending a request using the PutBucketNotificationConfigurationRequest method. -// req, resp := client.PutBucketNotificationConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfiguration func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificationConfigurationInput) (req *request.Request, output *PutBucketNotificationConfigurationOutput) { @@ -8230,6 +9414,8 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // PutBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Enables notifications of specified events for a bucket. For more information // about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). // @@ -8245,13 +9431,13 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // // // -// This operation replaces the existing notification configuration with the -// configuration you include in the request body. +// This action replaces the existing notification configuration with the configuration +// you include in the request body. // // After Amazon S3 receives this request, it first verifies that any Amazon // Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon // SQS) destination exists, and that the bucket owner has permission to publish -// to it by sending a test notification. In the case of AWS Lambda destinations, +// to it by sending a test notification. In the case of Lambda destinations, // Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission // to invoke the function from the Amazon S3 bucket. For more information, see // Configuring Notifications for Amazon S3 Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). @@ -8259,26 +9445,29 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // You can disable notifications by adding the empty NotificationConfiguration // element. // +// For more information about the number of event notification configurations +// that you can create per bucket, see Amazon S3 service quotas (https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3) +// in Amazon Web Services General Reference. +// // By default, only the bucket owner can configure notifications on a bucket. // However, bucket owners can use a bucket policy to grant permission to other -// users to set this configuration with s3:PutBucketNotification permission. +// users to set this configuration with the required s3:PutBucketNotification +// permission. // // The PUT notification is an atomic operation. For example, suppose your notification // configuration includes SNS topic, SQS queue, and Lambda function configurations. // When you send a PUT request with this configuration, Amazon S3 sends test -// messages to your SNS topic. If the message fails, the entire PUT operation -// will fail, and Amazon S3 will not add the configuration to your bucket. -// -// Responses +// messages to your SNS topic. If the message fails, the entire PUT action will +// fail, and Amazon S3 will not add the configuration to your bucket. // // If the configuration in the request body includes only one TopicConfiguration // specifying only the s3:ReducedRedundancyLostObject event type, the response // will also include the x-amz-sns-test-message-id header containing the message // ID of the test notification sent to the topic. // -// The following operation is related to PutBucketNotificationConfiguration: +// The following action is related to PutBucketNotificationConfiguration: // -// * GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) +// - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8324,14 +9513,13 @@ const opPutBucketOwnershipControls = "PutBucketOwnershipControls" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketOwnershipControlsRequest method. +// req, resp := client.PutBucketOwnershipControlsRequest(params) // -// // Example sending a request using the PutBucketOwnershipControlsRequest method. -// req, resp := client.PutBucketOwnershipControlsRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControls func (c *S3) PutBucketOwnershipControlsRequest(input *PutBucketOwnershipControlsInput) (req *request.Request, output *PutBucketOwnershipControlsOutput) { @@ -8357,19 +9545,21 @@ func (c *S3) PutBucketOwnershipControlsRequest(input *PutBucketOwnershipControls // PutBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this // operation, you must have the s3:PutBucketOwnershipControls permission. For -// more information about Amazon S3 permissions, see Specifying Permissions -// in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). +// more information about Amazon S3 permissions, see Specifying permissions +// in a policy (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html). // -// For information about Amazon S3 Object Ownership, see Using Object Ownership -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html). +// For information about Amazon S3 Object Ownership, see Using object ownership +// (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html). // // The following operations are related to PutBucketOwnershipControls: // -// * GetBucketOwnershipControls +// - GetBucketOwnershipControls // -// * DeleteBucketOwnershipControls +// - DeleteBucketOwnershipControls // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8415,14 +9605,13 @@ const opPutBucketPolicy = "PutBucketPolicy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketPolicyRequest method. +// req, resp := client.PutBucketPolicyRequest(params) // -// // Example sending a request using the PutBucketPolicyRequest method. -// req, resp := client.PutBucketPolicyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicy func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.Request, output *PutBucketPolicyOutput) { @@ -8448,28 +9637,68 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // PutBucketPolicy API operation for Amazon Simple Storage Service. // -// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using -// an identity other than the root user of the AWS account that owns the bucket, -// the calling identity must have the PutBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account in order to use this operation. +// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the PutBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an // identity that belongs to the bucket owner's account, Amazon S3 returns a // 405 Method Not Allowed error. // -// As a security precaution, the root user of the AWS account that owns a bucket -// can always use this operation, even if the policy explicitly denies the root -// user the ability to perform this action. +// To ensure that bucket owners don't inadvertently lock themselves out of their +// own buckets, the root principal in a bucket owner's Amazon Web Services account +// can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy +// API actions, even if their bucket policy explicitly denies the root principal's +// access. Bucket owner root principals can only be blocked from performing +// these API actions by VPC endpoint policies and Amazon Web Services Organizations +// policies. +// +// - General purpose bucket permissions - The s3:PutBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:PutBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # Example bucket policies // -// For more information about bucket policies, see Using Bucket Policies and -// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to PutBucketPolicy: // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) +// - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8515,14 +9744,13 @@ const opPutBucketReplication = "PutBucketReplication" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketReplicationRequest method. +// req, resp := client.PutBucketReplicationRequest(params) // -// // Example sending a request using the PutBucketReplicationRequest method. -// req, resp := client.PutBucketReplicationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplication func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req *request.Request, output *PutBucketReplicationOutput) { @@ -8548,18 +9776,19 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // PutBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a replication configuration or replaces an existing one. For more // information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) -// in the Amazon S3 Developer Guide. -// -// To perform this operation, the user or role performing the operation must -// have the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html) -// permission. +// in the Amazon S3 User Guide. // // Specify the replication configuration in the request body. In the replication // configuration, you provide the name of the destination bucket or buckets // where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 // can assume to replicate objects on your behalf, and other relevant information. +// You can invoke this request for a specific Amazon Web Services Region by +// using the aws:RequestedRegion (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion) +// condition key. // // A replication configuration must include at least one rule, and can contain // a maximum of 1,000. Each rule identifies a subset of objects to replicate @@ -8579,29 +9808,38 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // For information about enabling versioning on a bucket, see Using Versioning // (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html). // -// By default, a resource owner, in this case the AWS account that created the -// bucket, can perform this operation. The resource owner can also grant others -// permissions to perform the operation. For more information about permissions, -// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). -// -// Handling Replication of Encrypted Objects +// # Handling Replication of Encrypted Objects // // By default, Amazon S3 doesn't replicate objects that are stored at rest using -// server-side encryption with CMKs stored in AWS KMS. To replicate AWS KMS-encrypted +// server-side encryption with KMS keys. To replicate Amazon Web Services KMS-encrypted // objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects, // Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about // replication configuration, see Replicating Objects Created with SSE Using -// CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html). +// KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html). // // For information on PutBucketReplication errors, see List of replication-related // error codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList) // +// # Permissions +// +// To create a PutBucketReplication request, you must have s3:PutReplicationConfiguration +// permissions for the bucket. +// +// By default, a resource owner, in this case the Amazon Web Services account +// that created the bucket, can perform this operation. The resource owner can +// also grant others permissions to perform the operation. For more information +// about permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). +// +// To perform this operation, the user or role performing the action must have +// the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html) +// permission. +// // The following operations are related to PutBucketReplication: // -// * GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) +// - GetBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html) // -// * DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) +// - DeleteBucketReplication (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8647,14 +9885,13 @@ const opPutBucketRequestPayment = "PutBucketRequestPayment" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketRequestPaymentRequest method. +// req, resp := client.PutBucketRequestPaymentRequest(params) // -// // Example sending a request using the PutBucketRequestPaymentRequest method. -// req, resp := client.PutBucketRequestPaymentRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPayment func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) (req *request.Request, output *PutBucketRequestPaymentOutput) { @@ -8680,6 +9917,8 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) // PutBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the request payment configuration for a bucket. By default, the bucket // owner pays for downloads from the bucket. This configuration parameter enables // the bucket owner (only) to specify that the person requesting the download @@ -8688,9 +9927,9 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) // // The following operations are related to PutBucketRequestPayment: // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * GetBucketRequestPayment (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html) +// - GetBucketRequestPayment (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8736,14 +9975,13 @@ const opPutBucketTagging = "PutBucketTagging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketTaggingRequest method. +// req, resp := client.PutBucketTaggingRequest(params) // -// // Example sending a request using the PutBucketTaggingRequest method. -// req, resp := client.PutBucketTaggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTagging func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request.Request, output *PutBucketTaggingOutput) { @@ -8769,48 +10007,50 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // PutBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the tags for a bucket. // -// Use tags to organize your AWS bill to reflect your own cost structure. To -// do this, sign up to get your AWS account bill with tag key values included. -// Then, to see the cost of combined resources, organize your billing information -// according to resources with the same tag key values. For example, you can -// tag several resources with a specific application name, and then organize -// your billing information to see the total cost of that application across -// several services. For more information, see Cost Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html). +// Use tags to organize your Amazon Web Services bill to reflect your own cost +// structure. To do this, sign up to get your Amazon Web Services account bill +// with tag key values included. Then, to see the cost of combined resources, +// organize your billing information according to resources with the same tag +// key values. For example, you can tag several resources with a specific application +// name, and then organize your billing information to see the total cost of +// that application across several services. For more information, see Cost +// Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) +// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // -// Within a bucket, if you add a tag that has the same key as an existing tag, -// the new value overwrites the old value. For more information, see Using Cost -// Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). +// When this operation sets the tags for a bucket, it will overwrite any current +// tags the bucket already has. You cannot use this operation to add tags to +// an existing list of tags. // // To use this operation, you must have permissions to perform the s3:PutBucketTagging // action. The bucket owner has this permission by default and can grant this // permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). +// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// PutBucketTagging has the following special errors: +// PutBucketTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// * Error code: InvalidTagError Description: The tag provided was not a -// valid tag. This error can occur if the tag did not pass input validation. -// For information about tag restrictions, see User-Defined Tag Restrictions -// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// and AWS-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html). +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Using +// Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // -// * Error code: MalformedXMLError Description: The XML provided does not -// match the schema. +// - MalformedXML - The XML provided does not match the schema. // -// * Error code: OperationAbortedError Description: A conflicting conditional -// operation is currently in progress against this resource. Please try again. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// * Error code: InternalError Description: The service was unable to apply -// the provided tag to the bucket. +// - InternalError - The service was unable to apply the provided tag to +// the bucket. // // The following operations are related to PutBucketTagging: // -// * GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) +// - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) // -// * DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) +// - DeleteBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8856,14 +10096,13 @@ const opPutBucketVersioning = "PutBucketVersioning" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketVersioningRequest method. +// req, resp := client.PutBucketVersioningRequest(params) // -// // Example sending a request using the PutBucketVersioningRequest method. -// req, resp := client.PutBucketVersioningRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioning func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *request.Request, output *PutBucketVersioningOutput) { @@ -8889,8 +10128,9 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r // PutBucketVersioning API operation for Amazon Simple Storage Service. // -// Sets the versioning state of an existing bucket. To set the versioning state, -// you must be the bucket owner. +// This operation is not supported by directory buckets. +// +// Sets the versioning state of an existing bucket. // // You can set the versioning state with one of the following values: // @@ -8904,26 +10144,26 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r // state; a GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) // request does not return a versioning state value. // -// If the bucket owner enables MFA Delete in the bucket versioning configuration, -// the bucket owner must include the x-amz-mfa request header and the Status -// and the MfaDelete request elements in a request to set the versioning state -// of the bucket. +// In order to enable MFA Delete, you must be the bucket owner. If you are the +// bucket owner and want to enable MFA Delete in the bucket versioning configuration, +// you must include the x-amz-mfa request header and the Status and the MfaDelete +// request elements in a request to set the versioning state of the bucket. // -// If you have an object expiration lifecycle policy in your non-versioned bucket -// and you want to maintain the same permanent delete behavior when you enable -// versioning, you must add a noncurrent expiration policy. The noncurrent expiration -// lifecycle policy will manage the deletes of the noncurrent object versions -// in the version-enabled bucket. (A version-enabled bucket maintains one current -// and zero or more noncurrent object versions.) For more information, see Lifecycle -// and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config). +// If you have an object expiration lifecycle configuration in your non-versioned +// bucket and you want to maintain the same permanent delete behavior when you +// enable versioning, you must add a noncurrent expiration policy. The noncurrent +// expiration lifecycle configuration will manage the deletes of the noncurrent +// object versions in the version-enabled bucket. (A version-enabled bucket +// maintains one current and zero or more noncurrent object versions.) For more +// information, see Lifecycle and Versioning (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-and-other-bucket-config). // -// Related Resources +// The following operations are related to PutBucketVersioning: // -// * CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // -// * DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) +// - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) // -// * GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) +// - GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8969,14 +10209,13 @@ const opPutBucketWebsite = "PutBucketWebsite" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutBucketWebsiteRequest method. +// req, resp := client.PutBucketWebsiteRequest(params) // -// // Example sending a request using the PutBucketWebsiteRequest method. -// req, resp := client.PutBucketWebsiteRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsite func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request.Request, output *PutBucketWebsiteOutput) { @@ -9002,13 +10241,15 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // PutBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the configuration of the website that is specified in the website subresource. // To configure a bucket as a website, you can add this subresource on the bucket // with website configuration information such as the file name of the index // document and any redirect rules. For more information, see Hosting Websites // on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). // -// This PUT operation requires the S3:PutBucketWebsite permission. By default, +// This PUT action requires the S3:PutBucketWebsite permission. By default, // only the bucket owner can configure the website attached to a bucket; however, // bucket owners can allow other users to set the website configuration by writing // a bucket policy that grants them the S3:PutBucketWebsite permission. @@ -9018,13 +10259,13 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // are sent to another website, you don't need to provide index document name // for the bucket. // -// * WebsiteConfiguration +// - WebsiteConfiguration // -// * RedirectAllRequestsTo +// - RedirectAllRequestsTo // -// * HostName +// - HostName // -// * Protocol +// - Protocol // // If you want granular control over redirects, you can use the following elements // to add routing rules that describe conditions for redirecting requests and @@ -9032,42 +10273,44 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // must provide an index document for the bucket, because some requests might // not be redirected. // -// * WebsiteConfiguration +// - WebsiteConfiguration // -// * IndexDocument +// - IndexDocument // -// * Suffix +// - Suffix // -// * ErrorDocument +// - ErrorDocument // -// * Key +// - Key // -// * RoutingRules +// - RoutingRules // -// * RoutingRule +// - RoutingRule // -// * Condition +// - Condition // -// * HttpErrorCodeReturnedEquals +// - HttpErrorCodeReturnedEquals // -// * KeyPrefixEquals +// - KeyPrefixEquals // -// * Redirect +// - Redirect // -// * Protocol +// - Protocol // -// * HostName +// - HostName // -// * ReplaceKeyPrefixWith +// - ReplaceKeyPrefixWith // -// * ReplaceKeyWith +// - ReplaceKeyWith // -// * HttpRedirectCode +// - HttpRedirectCode // // Amazon S3 has a limitation of 50 routing rules per website configuration. // If you require more than 50 routing rules, you can use object redirect. For // more information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. +// +// The maximum request length is limited to 128 KB. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9113,14 +10356,13 @@ const opPutObject = "PutObject" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutObjectRequest method. +// req, resp := client.PutObjectRequest(params) // -// // Example sending a request using the PutObjectRequest method. -// req, resp := client.PutObjectRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObject func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, output *PutObjectOutput) { @@ -9141,77 +10383,89 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // PutObject API operation for Amazon Simple Storage Service. // -// Adds an object to a bucket. You must have WRITE permissions on a bucket to -// add an object to it. +// Adds an object to a bucket. // -// Amazon S3 never adds partial objects; if you receive a success response, -// Amazon S3 added the entire object to the bucket. +// - Amazon S3 never adds partial objects; if you receive a success response, +// Amazon S3 added the entire object to the bucket. You cannot use PutObject +// to only update a single piece of metadata for an existing object. You +// must put the entire object with updated metadata if you want to update +// some values. +// +// - If your bucket uses the bucket owner enforced setting for Object Ownership, +// ACLs are disabled and no longer affect permissions. All objects written +// to the bucket by any account will be owned by the bucket owner. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // // Amazon S3 is a distributed system. If it receives multiple write requests // for the same object simultaneously, it overwrites all but the last object -// written. Amazon S3 does not provide object locking; if you need this, make -// sure to build it into your application layer or use versioning instead. -// -// To ensure that data is not corrupted traversing the network, use the Content-MD5 -// header. When you use this header, Amazon S3 checks the object against the -// provided MD5 value and, if they do not match, returns an error. Additionally, -// you can calculate the MD5 while putting an object to Amazon S3 and compare -// the returned ETag to the calculated MD5 value. -// -// The Content-MD5 header is required for any request to upload an object with -// a retention period configured using Amazon S3 Object Lock. For more information -// about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// Server-side Encryption -// -// You can optionally request server-side encryption. With server-side encryption, -// Amazon S3 encrypts your data as it writes it to disks in its data centers -// and decrypts the data when you access it. You have the option to provide -// your own encryption key or use AWS managed encryption keys (SSE-S3 or SSE-KMS). -// For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). -// -// If you request server-side encryption using AWS Key Management Service (SSE-KMS), -// you can enable an S3 Bucket Key at the object-level. For more information, -// see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// Access Control List (ACL)-Specific Request Headers -// -// You can use headers to grant ACL- based permissions. By default, all objects -// are private. Only the owner has full access control. When adding a new object, -// you can grant permissions to individual AWS accounts or to predefined groups -// defined by Amazon S3. These permissions are then added to the ACL on the -// object. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). -// -// Storage Class Options -// -// By default, Amazon S3 uses the STANDARD Storage Class to store newly created -// objects. The STANDARD storage class provides high durability and high availability. -// Depending on performance needs, you can specify a different Storage Class. -// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, -// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 Service Developer Guide. +// written. However, Amazon S3 provides features that can modify this behavior: +// +// - S3 Object Lock - To prevent objects from being deleted or overwritten, +// you can use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) +// in the Amazon S3 User Guide. This functionality is not supported for directory +// buckets. +// +// - S3 Versioning - When you enable versioning for a bucket, if Amazon S3 +// receives multiple write requests for the same object simultaneously, it +// stores all versions of the objects. For each write request that is made +// to the same object, Amazon S3 automatically generates a unique version +// ID of that object being stored in Amazon S3. You can retrieve, replace, +// or delete any version of the object. For more information about versioning, +// see Adding Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) +// in the Amazon S3 User Guide. For information about returning the versioning +// state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). +// This functionality is not supported for directory buckets. // -// Versioning +// Permissions // -// If you enable versioning for a bucket, Amazon S3 automatically generates -// a unique version ID for the object being stored. Amazon S3 returns this ID -// in the response. When you enable versioning for a bucket, if Amazon S3 receives -// multiple write requests for the same object simultaneously, it stores all -// of the objects. +// - General purpose bucket permissions - The following permissions are required +// in your policies when your PutObject request includes specific headers. +// s3:PutObject - To successfully complete the PutObject request, you must +// always have the s3:PutObject permission on a bucket to add an object to +// it. s3:PutObjectAcl - To successfully change the objects ACL of your PutObject +// request, you must have the s3:PutObjectAcl. s3:PutObjectTagging - To successfully +// set the tag-set with your PutObject request, you must have the s3:PutObjectTagging. // -// For more information about versioning, see Adding Objects to Versioning Enabled -// Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html). -// For information about returning the versioning state of a bucket, see GetBucketVersioning -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). // -// Related Resources +// Data integrity with Content-MD5 +// +// - General purpose bucket - To ensure that data is not corrupted traversing +// the network, use the Content-MD5 header. When you use this header, Amazon +// S3 checks the object against the provided MD5 value and, if they do not +// match, Amazon S3 returns an error. Alternatively, when the object's ETag +// is its MD5 digest, you can calculate the MD5 while putting the object +// to Amazon S3 and compare the returned ETag to the calculated MD5 value. +// +// - Directory bucket - This functionality is not supported for directory +// buckets. +// +// # HTTP Host header syntax // -// * CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // -// * DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) +// For more information about related Amazon S3 APIs, see the following: +// +// - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// +// - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9257,14 +10511,13 @@ const opPutObjectAcl = "PutObjectAcl" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutObjectAclRequest method. +// req, resp := client.PutObjectAclRequest(params) // -// // Example sending a request using the PutObjectAclRequest method. -// req, resp := client.PutObjectAclRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAcl func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request, output *PutObjectAclOutput) { @@ -9289,92 +10542,102 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // PutObjectAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Uses the acl subresource to set the access control list (ACL) permissions -// for a new or existing object in an S3 bucket. You must have WRITE_ACP permission -// to set the ACL of an object. For more information, see What permissions can -// I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) -// in the Amazon Simple Storage Service Developer Guide. +// for a new or existing object in an S3 bucket. You must have the WRITE_ACP +// permission to set the ACL of an object. For more information, see What permissions +// can I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) +// in the Amazon S3 User Guide. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Depending on your application needs, you can choose to set the ACL on an // object using either the request body or the headers. For example, if you // have an existing application that updates a bucket ACL using the request // body, you can continue to use that approach. For more information, see Access // Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. // -// Access Permissions +// If your bucket uses the bucket owner enforced setting for S3 Object Ownership, +// ACLs are disabled and no longer affect permissions. You must use policies +// to grant access to your bucket and the objects in it. Requests to set ACLs +// or update ACLs fail and return the AccessControlListNotSupported error code. +// Requests to read ACLs are still supported. For more information, see Controlling +// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// # Permissions // // You can set access permissions using one of the following methods: // -// * Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports -// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a -// predefined set of grantees and permissions. Specify the canned ACL name -// as the value of x-amz-acl. If you use this header, you cannot use other -// access control-specific headers in your request. For more information, -// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, -// x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using -// these headers, you specify explicit access permissions and grantees (AWS -// accounts or Amazon S3 groups) who will receive the permission. If you -// use these ACL-specific headers, you cannot use x-amz-acl header to set -// a canned ACL. These parameters map to the set of permissions that Amazon -// S3 supports in an ACL. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// You specify each grantee as a type=value pair, where the type is one of -// the following: id – if the value specified is the canonical user ID -// of an AWS account uri – if you are granting permissions to a predefined -// group emailAddress – if the value specified is the email address of -// an AWS account Using email addresses to specify a grantee is only supported -// in the following AWS Regions: US East (N. Virginia) US West (N. California) -// US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific -// (Tokyo) Europe (Ireland) South America (São Paulo) For a list of all -// the Amazon S3 supported Regions and endpoints, see Regions and Endpoints -// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in -// the AWS General Reference. For example, the following x-amz-grant-read -// header grants list objects permission to the two AWS accounts identified -// by their email addresses. x-amz-grant-read: emailAddress="xyz@amazon.com", -// emailAddress="abc@amazon.com" +// - Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports +// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a +// predefined set of grantees and permissions. Specify the canned ACL name +// as the value of x-amz-acl. If you use this header, you cannot use other +// access control-specific headers in your request. For more information, +// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). +// +// - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, +// x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using +// these headers, you specify explicit access permissions and grantees (Amazon +// Web Services accounts or Amazon S3 groups) who will receive the permission. +// If you use these ACL-specific headers, you cannot use x-amz-acl header +// to set a canned ACL. These parameters map to the set of permissions that +// Amazon S3 supports in an ACL. For more information, see Access Control +// List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). +// You specify each grantee as a type=value pair, where the type is one of +// the following: id – if the value specified is the canonical user ID +// of an Amazon Web Services account uri – if you are granting permissions +// to a predefined group emailAddress – if the value specified is the email +// address of an Amazon Web Services account Using email addresses to specify +// a grantee is only supported in the following Amazon Web Services Regions: +// US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific +// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) +// South America (São Paulo) For a list of all the Amazon S3 supported Regions +// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) +// in the Amazon Web Services General Reference. For example, the following +// x-amz-grant-read header grants list objects permission to the two Amazon +// Web Services accounts identified by their email addresses. x-amz-grant-read: +// emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com" // // You can use either a canned ACL or specify access permissions explicitly. // You cannot do both. // -// Grantee Values +// # Grantee Values // // You can specify the person (grantee) to whom you're assigning access rights // (using request elements) in the following ways: // -// * By the person's ID: <>ID<><>GranteesEmail<> -// DisplayName is optional and ignored in the request. +// - By the person's ID: <>ID<><>GranteesEmail<> +// DisplayName is optional and ignored in the request. // -// * By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> +// - By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> // -// * By Email address: <>Grantees@email.com<>lt;/Grantee> -// The grantee is resolved to the CanonicalUser and, in a response to a GET -// Object acl request, appears as the CanonicalUser. Using email addresses -// to specify a grantee is only supported in the following AWS Regions: US -// East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific -// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) -// South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the AWS General Reference. +// - By Email address: <>Grantees@email.com<>lt;/Grantee> +// The grantee is resolved to the CanonicalUser and, in a response to a GET +// Object acl request, appears as the CanonicalUser. Using email addresses +// to specify a grantee is only supported in the following Amazon Web Services +// Regions: US East (N. Virginia) US West (N. California) US West (Oregon) +// Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe +// (Ireland) South America (São Paulo) For a list of all the Amazon S3 supported +// Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) +// in the Amazon Web Services General Reference. // -// Versioning +// # Versioning // // The ACL of an object is set at the object version level. By default, PUT // sets the ACL of the current version of an object. To set the ACL of a different // version, use the versionId subresource. // -// Related Resources +// The following operations are related to PutObjectAcl: // -// * CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9384,8 +10647,8 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // API operation PutObjectAcl for usage and error information. // // Returned Error Codes: -// * ErrCodeNoSuchKey "NoSuchKey" -// The specified key does not exist. +// - ErrCodeNoSuchKey "NoSuchKey" +// The specified key does not exist. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAcl func (c *S3) PutObjectAcl(input *PutObjectAclInput) (*PutObjectAclOutput, error) { @@ -9425,14 +10688,13 @@ const opPutObjectLegalHold = "PutObjectLegalHold" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutObjectLegalHoldRequest method. +// req, resp := client.PutObjectLegalHoldRequest(params) // -// // Example sending a request using the PutObjectLegalHoldRequest method. -// req, resp := client.PutObjectLegalHoldRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHold func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *request.Request, output *PutObjectLegalHoldOutput) { @@ -9457,13 +10719,12 @@ func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *req // PutObjectLegalHold API operation for Amazon Simple Storage Service. // -// Applies a Legal Hold configuration to the specified object. +// This operation is not supported by directory buckets. // -// This action is not supported by Amazon S3 on Outposts. +// Applies a legal hold configuration to the specified object. For more information, +// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// Related Resources -// -// * Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9509,14 +10770,13 @@ const opPutObjectLockConfiguration = "PutObjectLockConfiguration" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutObjectLockConfigurationRequest method. +// req, resp := client.PutObjectLockConfigurationRequest(params) // -// // Example sending a request using the PutObjectLockConfigurationRequest method. -// req, resp := client.PutObjectLockConfigurationRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfiguration func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfigurationInput) (req *request.Request, output *PutObjectLockConfigurationOutput) { @@ -9541,16 +10801,20 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // PutObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Places an Object Lock configuration on the specified bucket. The rule specified // in the Object Lock configuration will be applied by default to every new -// object placed in the specified bucket. +// object placed in the specified bucket. For more information, see Locking +// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// DefaultRetention requires either Days or Years. You can't specify both at -// the same time. +// - The DefaultRetention settings require both a mode and a period. // -// Related Resources +// - The DefaultRetention period can be either Days or Years but you must +// select one. You cannot specify Days and Years at the same time. // -// * Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// - You can enable Object Lock for new or existing buckets. For more information, +// see Configuring Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9596,14 +10860,13 @@ const opPutObjectRetention = "PutObjectRetention" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutObjectRetentionRequest method. +// req, resp := client.PutObjectRetentionRequest(params) // -// // Example sending a request using the PutObjectRetentionRequest method. -// req, resp := client.PutObjectRetentionRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetention func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *request.Request, output *PutObjectRetentionOutput) { @@ -9628,13 +10891,15 @@ func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *req // PutObjectRetention API operation for Amazon Simple Storage Service. // -// Places an Object Retention configuration on an object. +// This operation is not supported by directory buckets. // -// This action is not supported by Amazon S3 on Outposts. -// -// Related Resources +// Places an Object Retention configuration on an object. For more information, +// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). +// Users or accounts require the s3:PutObjectRetention permission in order to +// place an Object Retention configuration on objects. Bypassing a Governance +// Retention configuration requires the s3:BypassGovernanceRetention permission. // -// * Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9680,14 +10945,13 @@ const opPutObjectTagging = "PutObjectTagging" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutObjectTaggingRequest method. +// req, resp := client.PutObjectTaggingRequest(params) // -// // Example sending a request using the PutObjectTaggingRequest method. -// req, resp := client.PutObjectTaggingRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTagging func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request.Request, output *PutObjectTaggingOutput) { @@ -9712,12 +10976,15 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // PutObjectTagging API operation for Amazon Simple Storage Service. // -// Sets the supplied tag-set to an object that already exists in a bucket. +// This operation is not supported by directory buckets. +// +// Sets the supplied tag-set to an object that already exists in a bucket. A +// tag is a key-value pair. For more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). // -// A tag is a key-value pair. You can associate tags with an object by sending -// a PUT request against the tagging subresource that is associated with the -// object. You can retrieve tags by sending a GET request. For more information, -// see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). +// You can associate tags with an object by sending a PUT request against the +// tagging subresource that is associated with the object. You can retrieve +// tags by sending a GET request. For more information, see GetObjectTagging +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). // // For tagging-related restrictions related to characters and encodings, see // Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html). @@ -9730,26 +10997,26 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // To put tags of any other version, use the versionId query parameter. You // also need permission for the s3:PutObjectVersionTagging action. // -// For information about the Amazon S3 object tagging feature, see Object Tagging -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). +// PutObjectTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// Special Errors +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Object +// Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). // -// * Code: InvalidTagError Cause: The tag provided was not a valid tag. This -// error can occur if the tag did not pass input validation. For more information, -// see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). +// - MalformedXML - The XML provided does not match the schema. // -// * Code: MalformedXMLError Cause: The XML provided does not match the schema. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// * Code: OperationAbortedError Cause: A conflicting conditional operation -// is currently in progress against this resource. Please try again. +// - InternalError - The service was unable to apply the provided tag to +// the object. // -// * Code: InternalError Cause: The service was unable to apply the provided -// tag to the object. +// The following operations are related to PutObjectTagging: // -// Related Resources +// - GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) // -// * GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) +// - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9795,14 +11062,13 @@ const opPutPublicAccessBlock = "PutPublicAccessBlock" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the PutPublicAccessBlockRequest method. +// req, resp := client.PutPublicAccessBlockRequest(params) // -// // Example sending a request using the PutPublicAccessBlockRequest method. -// req, resp := client.PutPublicAccessBlockRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlock func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req *request.Request, output *PutPublicAccessBlockOutput) { @@ -9828,6 +11094,8 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // PutPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies the PublicAccessBlock configuration for an Amazon S3 // bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock // permission. For more information about Amazon S3 permissions, see Specifying @@ -9843,15 +11111,15 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // For more information about when Amazon S3 considers a bucket or an object // public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status). // -// Related Resources +// The following operations are related to PutPublicAccessBlock: // -// * GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) +// - GetPublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html) // -// * DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// - DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) // -// * GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) +// - GetBucketPolicyStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicyStatus.html) // -// * Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) +// - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9897,14 +11165,13 @@ const opRestoreObject = "RestoreObject" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the RestoreObjectRequest method. +// req, resp := client.RestoreObjectRequest(params) // -// // Example sending a request using the RestoreObjectRequest method. -// req, resp := client.RestoreObjectRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Request, output *RestoreObjectOutput) { @@ -9925,148 +11192,103 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // RestoreObject API operation for Amazon Simple Storage Service. // -// Restores an archived copy of an object back into Amazon S3 +// This operation is not supported by directory buckets. // -// This action is not supported by Amazon S3 on Outposts. +// # Restores an archived copy of an object back into Amazon S3 +// +// This functionality is not supported for Amazon S3 on Outposts. // // This action performs the following types of requests: // -// * select - Perform a select query on an archived object +// - restore an archive - Restore an archived object +// +// For more information about the S3 structure in the request body, see the +// following: +// +// - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) +// +// - Managing Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) +// in the Amazon S3 User Guide // -// * restore an archive - Restore an archived object +// - Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) +// in the Amazon S3 User Guide +// +// # Permissions // // To use this operation, you must have permissions to perform the s3:RestoreObject // action. The bucket owner has this permission by default and can grant this // permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// Querying Archives with Select Requests -// -// You use a select type of request to perform SQL queries on archived objects. -// The archived objects that are being queried by the select request must be -// formatted as uncompressed comma-separated values (CSV) files. You can run -// queries and custom analytics on your archived data without having to restore -// your data to a hotter Amazon S3 tier. For an overview about select requests, -// see Querying Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// When making a select request, do the following: -// -// * Define an output location for the select query's output. This must be -// an Amazon S3 bucket in the same AWS Region as the bucket that contains -// the archive object that is being queried. The AWS account that initiates -// the job must have permissions to write to the S3 bucket. You can specify -// the storage class and encryption for the output objects stored in the -// bucket. For more information about output, see Querying Archived Objects -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/querying-glacier-archives.html) -// in the Amazon Simple Storage Service Developer Guide. For more information -// about the S3 structure in the request body, see the following: PutObject -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) Managing -// Access with ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) -// in the Amazon Simple Storage Service Developer Guide Protecting Data Using -// Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) -// in the Amazon Simple Storage Service Developer Guide -// -// * Define the SQL expression for the SELECT type of restoration for your -// query in the request body's SelectParameters structure. You can use expressions -// like the following examples. The following expression returns all records -// from the specified object. SELECT * FROM Object Assuming that you are -// not using any headers for data stored in the object, you can specify columns -// with positional headers. SELECT s._1, s._2 FROM Object s WHERE s._3 > -// 100 If you have headers and you set the fileHeaderInfo in the CSV structure -// in the request body to USE, you can specify headers in the query. (If -// you set the fileHeaderInfo field to IGNORE, the first row is skipped for -// the query.) You cannot mix ordinal positions with header column names. -// SELECT s.Id, s.FirstName, s.SSN FROM S3Object s -// -// For more information about using SQL with S3 Glacier Select restore, see -// SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// When making a select request, you can also do the following: -// -// * To expedite your queries, specify the Expedited tier. For more information -// about tiers, see "Restoring Archives," later in this topic. -// -// * Specify details about the data serialization format of both the input -// object that is being queried and the serialization of the CSV-encoded -// query results. -// -// The following are additional important facts about the select feature: -// -// * The output results are new Amazon S3 objects. Unlike archive retrievals, -// they are stored until explicitly deleted-manually or through a lifecycle -// policy. -// -// * You can issue more than one select request on the same Amazon S3 object. -// Amazon S3 doesn't deduplicate requests, so avoid issuing duplicate requests. -// -// * Amazon S3 accepts a select request even if the object has already been -// restored. A select request doesn’t return error response 409. -// -// Restoring objects -// -// Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive storage -// class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep -// Archive tiers are not accessible in real time. For objects in Archive Access -// or Deep Archive Access tiers you must first initiate a restore request, and -// then wait until the object is moved into the Frequent Access tier. For objects -// in S3 Glacier or S3 Glacier Deep Archive storage classes you must first initiate -// a restore request, and then wait until a temporary copy of the object is -// available. To access an archived object, you must restore the object for -// the duration (number of days) that you specify. +// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// # Restoring objects +// +// Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval +// or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive +// or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real +// time. For objects in the S3 Glacier Flexible Retrieval Flexible Retrieval +// or S3 Glacier Deep Archive storage classes, you must first initiate a restore +// request, and then wait until a temporary copy of the object is available. +// If you want a permanent copy of the object, create a copy of it in the Amazon +// S3 Standard storage class in your S3 bucket. To access an archived object, +// you must restore the object for the duration (number of days) that you specify. +// For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering, +// you must first initiate a restore request, and then wait until the object +// is moved into the Frequent Access tier. // // To restore a specific object version, you can provide a version ID. If you // don't provide a version ID, Amazon S3 restores the current version. // -// When restoring an archived object (or using a select request), you can specify -// one of the following data access tier options in the Tier element of the -// request body: -// -// * Expedited - Expedited retrievals allow you to quickly access your data -// stored in the S3 Glacier storage class or S3 Intelligent-Tiering Archive -// tier when occasional urgent requests for a subset of archives are required. -// For all but the largest archived objects (250 MB+), data accessed using -// Expedited retrievals is typically made available within 1–5 minutes. -// Provisioned capacity ensures that retrieval capacity for Expedited retrievals -// is available when you need it. Expedited retrievals and provisioned capacity -// are not available for objects stored in the S3 Glacier Deep Archive storage -// class or S3 Intelligent-Tiering Deep Archive tier. -// -// * Standard - Standard retrievals allow you to access any of your archived -// objects within several hours. This is the default option for retrieval -// requests that do not specify the retrieval option. Standard retrievals -// typically finish within 3–5 hours for objects stored in the S3 Glacier -// storage class or S3 Intelligent-Tiering Archive tier. They typically finish -// within 12 hours for objects stored in the S3 Glacier Deep Archive storage -// class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals -// are free for objects stored in S3 Intelligent-Tiering. -// -// * Bulk - Bulk retrievals are the lowest-cost retrieval option in S3 Glacier, -// enabling you to retrieve large amounts, even petabytes, of data inexpensively. -// Bulk retrievals typically finish within 5–12 hours for objects stored -// in the S3 Glacier storage class or S3 Intelligent-Tiering Archive tier. -// They typically finish within 48 hours for objects stored in the S3 Glacier -// Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. -// Bulk retrievals are free for objects stored in S3 Intelligent-Tiering. +// When restoring an archived object, you can specify one of the following data +// access tier options in the Tier element of the request body: +// +// - Expedited - Expedited retrievals allow you to quickly access your data +// stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage +// class or S3 Intelligent-Tiering Archive tier when occasional urgent requests +// for restoring archives are required. For all but the largest archived +// objects (250 MB+), data accessed using Expedited retrievals is typically +// made available within 1–5 minutes. Provisioned capacity ensures that +// retrieval capacity for Expedited retrievals is available when you need +// it. Expedited retrievals and provisioned capacity are not available for +// objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering +// Deep Archive tier. +// +// - Standard - Standard retrievals allow you to access any of your archived +// objects within several hours. This is the default option for retrieval +// requests that do not specify the retrieval option. Standard retrievals +// typically finish within 3–5 hours for objects stored in the S3 Glacier +// Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering +// Archive tier. They typically finish within 12 hours for objects stored +// in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering +// Deep Archive tier. Standard retrievals are free for objects stored in +// S3 Intelligent-Tiering. +// +// - Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible +// Retrieval and S3 Intelligent-Tiering storage classes, enabling you to +// retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals +// typically finish within 5–12 hours for objects stored in the S3 Glacier +// Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering +// Archive tier. Bulk retrievals are also the lowest-cost retrieval option +// when restoring objects from S3 Glacier Deep Archive. They typically finish +// within 48 hours for objects stored in the S3 Glacier Deep Archive storage +// class or S3 Intelligent-Tiering Deep Archive tier. // // For more information about archive retrieval options and provisioned capacity // for Expedited data access, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // // You can use Amazon S3 restore speed upgrade to change the restore speed to // a faster speed while it is in progress. For more information, see Upgrading // the speed of an in-progress restore (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html#restoring-objects-upgrade-tier.title.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // // To get the status of object restoration, you can send a HEAD request. Operations // return the x-amz-restore header, which provides information about the restoration // status, in the response. You can use Amazon S3 event notifications to notify // you when a restore is initiated or completed. For more information, see Configuring // Amazon S3 Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // // After restoring an archived object, you can update the restoration period // by reissuing the request with a new period. Amazon S3 updates the restoration @@ -10081,38 +11303,33 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // the object in 3 days. For more information about lifecycle configuration, // see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) // and Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) -// in Amazon Simple Storage Service Developer Guide. -// -// Responses +// in Amazon S3 User Guide. // -// A successful operation returns either the 200 OK or 202 Accepted status code. +// # Responses // -// * If the object is not previously restored, then Amazon S3 returns 202 -// Accepted in the response. +// A successful action returns either the 200 OK or 202 Accepted status code. // -// * If the object is previously restored, Amazon S3 returns 200 OK in the -// response. +// - If the object is not previously restored, then Amazon S3 returns 202 +// Accepted in the response. // -// Special Errors +// - If the object is previously restored, Amazon S3 returns 200 OK in the +// response. // -// * Code: RestoreAlreadyInProgress Cause: Object restore is already in progress. -// (This error does not apply to SELECT type requests.) HTTP Status Code: -// 409 Conflict SOAP Fault Code Prefix: Client +// - Special errors: Code: RestoreAlreadyInProgress Cause: Object restore +// is already in progress. HTTP Status Code: 409 Conflict SOAP Fault Code +// Prefix: Client // -// * Code: GlacierExpeditedRetrievalNotAvailable Cause: expedited retrievals -// are currently not available. Try again later. (Returned if there is insufficient -// capacity to process the Expedited request. This error applies only to -// Expedited retrievals and not to S3 Standard or Bulk retrievals.) HTTP -// Status Code: 503 SOAP Fault Code Prefix: N/A -// -// Related Resources +// - Code: GlacierExpeditedRetrievalNotAvailable Cause: expedited retrievals +// are currently not available. Try again later. (Returned if there is insufficient +// capacity to process the Expedited request. This error applies only to +// Expedited retrievals and not to S3 Standard or Bulk retrievals.) HTTP +// Status Code: 503 SOAP Fault Code Prefix: N/A // -// * PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) +// The following operations are related to RestoreObject: // -// * GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) +// - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) // -// * SQL Reference for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon Simple Storage Service Developer Guide +// - GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10122,8 +11339,8 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // API operation RestoreObject for usage and error information. // // Returned Error Codes: -// * ErrCodeObjectAlreadyInActiveTierError "ObjectAlreadyInActiveTierError" -// This operation is not allowed against this storage tier. +// - ErrCodeObjectAlreadyInActiveTierError "ObjectAlreadyInActiveTierError" +// This action is not allowed against this storage tier. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject func (c *S3) RestoreObject(input *RestoreObjectInput) (*RestoreObjectOutput, error) { @@ -10163,14 +11380,13 @@ const opSelectObjectContent = "SelectObjectContent" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the SelectObjectContentRequest method. +// req, resp := client.SelectObjectContentRequest(params) // -// // Example sending a request using the SelectObjectContentRequest method. -// req, resp := client.SelectObjectContentRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContent func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *request.Request, output *SelectObjectContentOutput) { @@ -10200,7 +11416,9 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SelectObjectContent API operation for Amazon Simple Storage Service. // -// This operation filters the contents of an Amazon S3 object based on a simple +// This operation is not supported by directory buckets. +// +// This action filters the contents of an Amazon S3 object based on a simple // structured query language (SQL) statement. In the request, along with the // SQL expression, you must also specify a data serialization format (JSON, // CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse @@ -10208,86 +11426,86 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SQL expression. You must also specify the data serialization format for the // response. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // For more information about Amazon S3 Select, see Selecting Content from Objects // (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html) -// in the Amazon Simple Storage Service Developer Guide. +// and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html) +// in the Amazon S3 User Guide. // -// For more information about using SQL with Amazon S3 Select, see SQL Reference -// for Amazon S3 Select and S3 Glacier Select (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// Permissions +// # Permissions // -// You must have s3:GetObject permission for this operation. Amazon S3 Select +// You must have the s3:GetObject permission for this operation. Amazon S3 Select // does not support anonymous access. For more information about permissions, // see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. // -// Object Data Formats +// # Object Data Formats // // You can use Amazon S3 Select to query objects that have the following format // properties: // -// * CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format. +// - CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format. // -// * UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports. +// - UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports. // -// * GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2. -// GZIP and BZIP2 are the only compression formats that Amazon S3 Select -// supports for CSV and JSON files. Amazon S3 Select supports columnar compression -// for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object -// compression for Parquet objects. +// - GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2. +// GZIP and BZIP2 are the only compression formats that Amazon S3 Select +// supports for CSV and JSON files. Amazon S3 Select supports columnar compression +// for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object +// compression for Parquet objects. // -// * Server-side encryption - Amazon S3 Select supports querying objects -// that are protected with server-side encryption. For objects that are encrypted -// with customer-provided encryption keys (SSE-C), you must use HTTPS, and -// you must use the headers that are documented in the GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). -// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) -// in the Amazon Simple Storage Service Developer Guide. For objects that -// are encrypted with Amazon S3 managed encryption keys (SSE-S3) and customer -// master keys (CMKs) stored in AWS Key Management Service (SSE-KMS), server-side -// encryption is handled transparently, so you don't need to specify anything. -// For more information about server-side encryption, including SSE-S3 and -// SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) -// in the Amazon Simple Storage Service Developer Guide. +// - Server-side encryption - Amazon S3 Select supports querying objects +// that are protected with server-side encryption. For objects that are encrypted +// with customer-provided encryption keys (SSE-C), you must use HTTPS, and +// you must use the headers that are documented in the GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). +// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided +// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. For objects that are encrypted with Amazon +// S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side +// encryption is handled transparently, so you don't need to specify anything. +// For more information about server-side encryption, including SSE-S3 and +// SSE-KMS, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) +// in the Amazon S3 User Guide. // -// Working with the Response Body +// # Working with the Response Body // // Given the response size is unknown, Amazon S3 Select streams the response // as a series of messages and includes a Transfer-Encoding header with chunked // as its value in the response. For more information, see Appendix: SelectObjectContent -// Response (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html) . +// Response (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html). // -// GetObject Support +// # GetObject Support // -// The SelectObjectContent operation does not support the following GetObject -// functionality. For more information, see GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). +// The SelectObjectContent action does not support the following GetObject functionality. +// For more information, see GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html). // -// * Range: Although you can specify a scan range for an Amazon S3 Select -// request (see SelectObjectContentRequest - ScanRange (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange) -// in the request parameters), you cannot specify the range of bytes of an -// object to return. +// - Range: Although you can specify a scan range for an Amazon S3 Select +// request (see SelectObjectContentRequest - ScanRange (https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange) +// in the request parameters), you cannot specify the range of bytes of an +// object to return. // -// * GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot -// specify the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes. -// For more information, about storage classes see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro) -// in the Amazon Simple Storage Service Developer Guide. +// - The GLACIER, DEEP_ARCHIVE, and REDUCED_REDUNDANCY storage classes, or +// the ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING +// storage class: You cannot query objects in the GLACIER, DEEP_ARCHIVE, +// or REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS +// or DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage +// class. For more information about storage classes, see Using Amazon S3 +// storage classes (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) +// in the Amazon S3 User Guide. // -// Special Errors +// # Special Errors // // For a list of special errors for this operation, see List of SELECT Object // Content Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList) // -// Related Resources +// The following operations are related to SelectObjectContent: // -// * GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) +// - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // -// * GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) +// - GetBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html) // -// * PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) +// - PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10318,6 +11536,7 @@ func (c *S3) SelectObjectContentWithContext(ctx aws.Context, input *SelectObject } var _ awserr.Error +var _ time.Time // SelectObjectContentEventStream provides the event stream handling for the SelectObjectContent. // @@ -10356,10 +11575,10 @@ type SelectObjectContentEventStream struct { // (e.g. http.Response.Body), that will be closed when the stream Close method // is called. // -// es := NewSelectObjectContentEventStream(func(o *SelectObjectContentEventStream{ -// es.Reader = myMockStreamReader -// es.StreamCloser = myMockStreamCloser -// }) +// es := NewSelectObjectContentEventStream(func(o *SelectObjectContentEventStream){ +// es.Reader = myMockStreamReader +// es.StreamCloser = myMockStreamCloser +// }) func NewSelectObjectContentEventStream(opts ...func(*SelectObjectContentEventStream)) *SelectObjectContentEventStream { es := &SelectObjectContentEventStream{ done: make(chan struct{}), @@ -10412,12 +11631,12 @@ func (es *SelectObjectContentEventStream) waitStreamPartClose() { // // These events are: // -// * ContinuationEvent -// * EndEvent -// * ProgressEvent -// * RecordsEvent -// * StatsEvent -// * SelectObjectContentEventStreamUnknownEvent +// - ContinuationEvent +// - EndEvent +// - ProgressEvent +// - RecordsEvent +// - StatsEvent +// - SelectObjectContentEventStreamUnknownEvent func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent { return es.Reader.Events() } @@ -10453,7 +11672,6 @@ func (es *SelectObjectContentEventStream) runOutputStream(r *request.Request) { // // You can use the closing of the Reader's Events channel to terminate your // application's read from the API's stream. -// func (es *SelectObjectContentEventStream) Close() (err error) { es.closeOnce.Do(es.safeClose) return es.Err() @@ -10501,14 +11719,13 @@ const opUploadPart = "UploadPart" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the UploadPartRequest method. +// req, resp := client.UploadPartRequest(params) // -// // Example sending a request using the UploadPartRequest method. -// req, resp := client.UploadPartRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPart func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, output *UploadPartOutput) { @@ -10531,92 +11748,130 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // // Uploads a part in a multipart upload. // -// In this operation, you provide part data in your request. However, you have -// an option to specify your existing Amazon S3 object as a data source for -// the part you are uploading. To upload a part from an existing object, you -// use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// In this operation, you provide new data as a part of an object in your request. +// However, you have an option to specify your existing Amazon S3 object as +// a data source for the part you are uploading. To upload a part from an existing +// object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. // // You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)) // before you can upload any part. In response to your initiate request, Amazon -// S3 returns an upload ID, a unique identifier, that you must include in your +// S3 returns an upload ID, a unique identifier that you must include in your // upload part request. // // Part numbers can be any number from 1 to 10,000, inclusive. A part number // uniquely identifies a part and also defines its position within the object // being created. If you upload a new part using the same part number that was -// used with a previous part, the previously uploaded part is overwritten. Each -// part must be at least 5 MB in size, except the last part. There is no size -// limit on the last part of your multipart upload. -// -// To ensure that data is not corrupted when traversing the network, specify -// the Content-MD5 header in the upload part request. Amazon S3 checks the part -// data against the provided MD5 value. If they do not match, Amazon S3 returns -// an error. -// -// If the upload request is signed with Signature Version 4, then AWS S3 uses -// the x-amz-content-sha256 header as a checksum instead of Content-MD5. For -// more information see Authenticating Requests: Using the Authorization Header -// (AWS Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). -// -// Note: After you initiate multipart upload and upload one or more parts, you -// must either complete or abort multipart upload in order to stop getting charged +// used with a previous part, the previously uploaded part is overwritten. +// +// For information about maximum and minimum part sizes and other multipart +// upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) +// in the Amazon S3 User Guide. +// +// After you initiate multipart upload and upload one or more parts, you must +// either complete or abort multipart upload in order to stop getting charged // for storage of the uploaded parts. Only after you either complete or abort // multipart upload, Amazon S3 frees up the parts storage and stops charging // you for the parts storage. // // For more information on multipart uploads, go to Multipart Upload Overview // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the -// Amazon Simple Storage Service Developer Guide . -// -// For information on the permissions required to use the multipart upload API, -// go to Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// You can optionally request server-side encryption where Amazon S3 encrypts -// your data as it writes it to disks in its data centers and decrypts it for -// you when you access it. You have the option of providing your own encryption -// key, or you can use the AWS managed encryption keys. If you choose to provide -// your own encryption key, the request headers you provide in the request must -// match the headers you used in the request to initiate the upload by using -// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). -// For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) -// in the Amazon Simple Storage Service Developer Guide. -// -// Server-side encryption is supported by the S3 Multipart Upload actions. Unless -// you are using a customer-provided encryption key, you don't need to specify -// the encryption parameters in each UploadPart request. Instead, you only need -// to specify the server-side encryption parameters in the initial Initiate -// Multipart request. For more information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). -// -// If you requested server-side encryption using a customer-provided encryption -// key in your initiate multipart upload request, you must provide identical -// encryption information in each part upload using the following headers. -// -// * x-amz-server-side-encryption-customer-algorithm -// -// * x-amz-server-side-encryption-customer-key -// -// * x-amz-server-side-encryption-customer-key-MD5 -// -// Special Errors -// -// * Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code -// Prefix: Client -// -// Related Resources -// -// * CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// Amazon S3 User Guide . // -// * CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// * AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) -// -// * ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// Permissions // -// * ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) +// - General purpose bucket permissions - For information on the permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Data integrity +// +// General purpose bucket - To ensure that data is not corrupted traversing +// the network, specify the Content-MD5 header in the upload part request. Amazon +// S3 checks the part data against the provided MD5 value. If they do not match, +// Amazon S3 returns an error. If the upload request is signed with Signature +// Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header +// as a checksum instead of Content-MD5. For more information see Authenticating +// Requests: Using the Authorization Header (Amazon Web Services Signature Version +// 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). +// +// Directory buckets - MD5 is not supported by directory buckets. You can use +// checksum algorithms to check object integrity. +// +// Encryption +// +// - General purpose bucket - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. You have mutually exclusive +// options to protect data using server-side encryption in Amazon S3, depending +// on how you choose to manage the encryption keys. Specifically, the encryption +// key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS +// keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts +// data with server-side encryption using Amazon S3 managed keys (SSE-S3) +// by default. You can optionally tell Amazon S3 to encrypt data at rest +// using server-side encryption with other key options. The option you use +// depends on whether you want to use KMS keys (SSE-KMS) or provide your +// own encryption key (SSE-C). Server-side encryption is supported by the +// S3 Multipart Upload operations. Unless you are using a customer-provided +// encryption key (SSE-C), you don't need to specify the encryption parameters +// in each UploadPart request. Instead, you only need to specify the server-side +// encryption parameters in the initial Initiate Multipart request. For more +// information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// If you request server-side encryption using a customer-provided encryption +// key (SSE-C) in your initiate multipart upload request, you must provide +// identical encryption information in each part upload using the following +// request headers. x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key +// x-amz-server-side-encryption-customer-key-MD5 +// +// - Directory bucket - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) +// in the Amazon S3 User Guide. +// +// Special errors +// +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// SOAP Fault Code Prefix: Client +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// The following operations are related to UploadPart: +// +// - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// +// - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// +// - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) +// +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// +// - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10662,14 +11917,13 @@ const opUploadPartCopy = "UploadPartCopy" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the UploadPartCopyRequest method. +// req, resp := client.UploadPartCopyRequest(params) // -// // Example sending a request using the UploadPartCopyRequest method. -// req, resp := client.UploadPartCopyRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopy func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Request, output *UploadPartCopyOutput) { @@ -10690,95 +11944,119 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // UploadPartCopy API operation for Amazon Simple Storage Service. // -// Uploads a part by copying data from an existing object as data source. You -// specify the data source by adding the request header x-amz-copy-source in -// your request and a byte range by adding the request header x-amz-copy-source-range +// Uploads a part by copying data from an existing object as data source. To +// specify the data source, you add the request header x-amz-copy-source in +// your request. To specify a byte range, you add the request header x-amz-copy-source-range // in your request. // -// The minimum allowable part size for a multipart upload is 5 MB. For more -// information about multipart upload limits, go to Quick Facts (https://docs.aws.amazon.com/AmazonS3/latest/dev/qfacts.html) -// in the Amazon Simple Storage Service Developer Guide. +// For information about maximum and minimum part sizes and other multipart +// upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) +// in the Amazon S3 User Guide. // -// Instead of using an existing object as part data, you might use the UploadPart -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) operation -// and provide data in your request. +// Instead of copying data from an existing object as part data, you might use +// the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// action to upload new data as a part of an object in your request. // // You must initiate a multipart upload before you can upload any part. In response -// to your initiate request. Amazon S3 returns a unique identifier, the upload -// ID, that you must include in your upload part request. -// -// For more information about using the UploadPartCopy operation, see the following: +// to your initiate request, Amazon S3 returns the upload ID, a unique identifier +// that you must include in your upload part request. +// +// For conceptual information about multipart uploads, see Uploading Objects +// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. For information about copying objects using +// a single atomic action vs. a multipart upload, see Operations on Objects +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) in +// the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Authentication and authorization +// +// All UploadPartCopy requests must be authenticated and signed by using IAM +// credentials (access key ID and secret access key for the IAM identities). +// All headers with the x-amz- prefix, including x-amz-copy-source, must be +// signed. For more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // -// * For conceptual information about multipart uploads, see Uploading Objects -// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) -// in the Amazon Simple Storage Service Developer Guide. +// Directory buckets - You must use IAM credentials to authenticate and authorize +// your access to the UploadPartCopy API operation, instead of using the temporary +// security credentials through the CreateSession API operation. // -// * For information about permissions required to use the multipart upload -// API, see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// in the Amazon Simple Storage Service Developer Guide. +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. // -// * For information about copying objects using a single atomic operation -// vs. the multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) -// in the Amazon Simple Storage Service Developer Guide. +// # Permissions // -// * For information about using server-side encryption with customer-provided -// encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) -// and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). +// You must have READ access to the source object and WRITE access to the destination +// bucket. // -// Note the following additional considerations about the request headers x-amz-copy-source-if-match, -// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and -// x-amz-copy-source-if-modified-since: +// - General purpose bucket permissions - You must have the permissions in +// a policy based on the bucket types of your source bucket and destination +// bucket in an UploadPartCopy operation. If the source object is in a general +// purpose bucket, you must have the s3:GetObject permission to read the +// source object that is being copied. If the destination bucket is a general +// purpose bucket, you must have the s3:PutObject permission to write the +// object copy to the destination bucket. For information about permissions +// required to use the multipart upload API, see Multipart upload API and +// permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// in the Amazon S3 User Guide. // -// * Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request as follows: x-amz-copy-source-if-match -// condition evaluates to true, and; x-amz-copy-source-if-unmodified-since -// condition evaluates to false; Amazon S3 returns 200 OK and copies the -// data. +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in an UploadPartCopy operation. If the source object that +// you want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object. By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key cannot be set to ReadOnly on the copy destination. For example +// policies, see Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. // -// * Consideration 2 - If both of the x-amz-copy-source-if-none-match and -// x-amz-copy-source-if-modified-since headers are present in the request -// as follows: x-amz-copy-source-if-none-match condition evaluates to false, -// and; x-amz-copy-source-if-modified-since condition evaluates to true; -// Amazon S3 returns 412 Precondition Failed response code. +// Encryption // -// Versioning +// - General purpose buckets - For information about using server-side encryption +// with customer-provided encryption keys with the UploadPartCopy operation, +// see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). // -// If your bucket has versioning enabled, you could have multiple versions of -// the same object. By default, x-amz-copy-source identifies the current version -// of the object to copy. If the current version is a delete marker and you -// don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404 -// error, because the object does not exist. If you specify versionId in the -// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns -// an HTTP 400 error, because you are not allowed to specify a delete marker -// as a version for the x-amz-copy-source. +// - Directory buckets - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// You can optionally specify a specific version of the source object to copy -// by adding the versionId subresource as shown in the following example: +// Special errors // -// x-amz-copy-source: /bucket/object?versionId=version id +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found // -// Special Errors +// - Error Code: InvalidRequest Description: The specified copy source is +// not supported as a byte-range copy source. HTTP Status Code: 400 Bad Request // -// * Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found +// # HTTP Host header syntax // -// * Code: InvalidRequest Cause: The specified copy source is not supported -// as a byte-range copy source. HTTP Status Code: 400 Bad Request +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // -// Related Resources +// The following operations are related to UploadPartCopy: // -// * CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // -// * UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // -// * CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) +// - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // -// * AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) +// - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) // -// * ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// - ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) // -// * ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) +// - ListMultipartUploads (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html) // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10808,11 +12086,134 @@ func (c *S3) UploadPartCopyWithContext(ctx aws.Context, input *UploadPartCopyInp return out, req.Send() } +const opWriteGetObjectResponse = "WriteGetObjectResponse" + +// WriteGetObjectResponseRequest generates a "aws/request.Request" representing the +// client's request for the WriteGetObjectResponse operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See WriteGetObjectResponse for more information on using the WriteGetObjectResponse +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the WriteGetObjectResponseRequest method. +// req, resp := client.WriteGetObjectResponseRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/WriteGetObjectResponse +func (c *S3) WriteGetObjectResponseRequest(input *WriteGetObjectResponseInput) (req *request.Request, output *WriteGetObjectResponseOutput) { + op := &request.Operation{ + Name: opWriteGetObjectResponse, + HTTPMethod: "POST", + HTTPPath: "/WriteGetObjectResponse", + } + + if input == nil { + input = &WriteGetObjectResponseInput{} + } + + output = &WriteGetObjectResponseOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Sign.Remove(v4.SignRequestHandler) + handler := v4.BuildNamedHandler("v4.CustomSignerHandler", v4.WithUnsignedPayload) + req.Handlers.Sign.PushFrontNamed(handler) + req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("{RequestRoute}.", input.hostLabels)) + req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) + return +} + +// WriteGetObjectResponse API operation for Amazon Simple Storage Service. +// +// This operation is not supported by directory buckets. +// +// Passes transformed objects to a GetObject operation when using Object Lambda +// access points. For information about Object Lambda access points, see Transforming +// objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) +// in the Amazon S3 User Guide. +// +// This operation supports metadata that can be returned by GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html), +// in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage. +// The GetObject response metadata is supported so that the WriteGetObjectResponse +// caller, typically an Lambda function, can provide the same metadata when +// it internally invokes GetObject. When WriteGetObjectResponse is called by +// a customer-owned Lambda function, the metadata returned to the end user GetObject +// call might differ from what Amazon S3 would normally return. +// +// You can include any number of metadata headers. When including a metadata +// header, it should be prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header: +// MyCustomValue. The primary use case for this is to forward GetObject metadata. +// +// Amazon Web Services provides some prebuilt Lambda functions that you can +// use with S3 Object Lambda to detect and redact personally identifiable information +// (PII) and decompress S3 objects. These Lambda functions are available in +// the Amazon Web Services Serverless Application Repository, and can be selected +// through the Amazon Web Services Management Console when you create your Object +// Lambda access point. +// +// Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, +// a natural language processing (NLP) service using machine learning to find +// insights and relationships in text. It automatically detects personally identifiable +// information (PII) such as names, addresses, dates, credit card numbers, and +// social security numbers from documents in your Amazon S3 bucket. +// +// Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a +// natural language processing (NLP) service using machine learning to find +// insights and relationships in text. It automatically redacts personally identifiable +// information (PII) such as names, addresses, dates, credit card numbers, and +// social security numbers from documents in your Amazon S3 bucket. +// +// Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, +// is equipped to decompress objects stored in S3 in one of six compressed file +// formats including bzip2, gzip, snappy, zlib, zstandard and ZIP. +// +// For information on how to view and use these functions, see Using Amazon +// Web Services built Lambda functions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-examples.html) +// in the Amazon S3 User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation WriteGetObjectResponse for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/WriteGetObjectResponse +func (c *S3) WriteGetObjectResponse(input *WriteGetObjectResponseInput) (*WriteGetObjectResponseOutput, error) { + req, out := c.WriteGetObjectResponseRequest(input) + return out, req.Send() +} + +// WriteGetObjectResponseWithContext is the same as WriteGetObjectResponse with the addition of +// the ability to pass a context and additional request options. +// +// See WriteGetObjectResponse for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) WriteGetObjectResponseWithContext(ctx aws.Context, input *WriteGetObjectResponseInput, opts ...request.Option) (*WriteGetObjectResponseOutput, error) { + req, out := c.WriteGetObjectResponseRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) -// in the Amazon Simple Storage Service Developer Guide. +// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) +// in the Amazon S3 User Guide. type AbortIncompleteMultipartUpload struct { _ struct{} `type:"structure"` @@ -10821,12 +12222,20 @@ type AbortIncompleteMultipartUpload struct { DaysAfterInitiation *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AbortIncompleteMultipartUpload) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AbortIncompleteMultipartUpload) GoString() string { return s.String() } @@ -10842,27 +12251,41 @@ type AbortMultipartUploadInput struct { // The bucket name to which the upload was taking place. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key of the object for which the multipart upload was initiated. @@ -10871,10 +12294,14 @@ type AbortMultipartUploadInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID that identifies the multipart upload. @@ -10883,12 +12310,20 @@ type AbortMultipartUploadInput struct { UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AbortMultipartUploadInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AbortMultipartUploadInput) GoString() string { return s.String() } @@ -10987,15 +12422,25 @@ type AbortMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AbortMultipartUploadOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AbortMultipartUploadOutput) GoString() string { return s.String() } @@ -11008,7 +12453,7 @@ func (s *AbortMultipartUploadOutput) SetRequestCharged(v string) *AbortMultipart // Configures the transfer acceleration state for an Amazon S3 bucket. For more // information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. type AccelerateConfiguration struct { _ struct{} `type:"structure"` @@ -11016,12 +12461,20 @@ type AccelerateConfiguration struct { Status *string `type:"string" enum:"BucketAccelerateStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccelerateConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccelerateConfiguration) GoString() string { return s.String() } @@ -11043,12 +12496,20 @@ type AccessControlPolicy struct { Owner *Owner `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccessControlPolicy) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccessControlPolicy) GoString() string { return s.String() } @@ -11091,18 +12552,26 @@ type AccessControlTranslation struct { // Specifies the replica ownership. For default and valid values, see PUT bucket // replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) - // in the Amazon Simple Storage Service API Reference. + // in the Amazon S3 API Reference. // // Owner is a required field Owner *string `type:"string" required:"true" enum:"OwnerOverride"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccessControlTranslation) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AccessControlTranslation) GoString() string { return s.String() } @@ -11140,12 +12609,20 @@ type AnalyticsAndOperator struct { Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsAndOperator) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsAndOperator) GoString() string { return s.String() } @@ -11204,12 +12681,20 @@ type AnalyticsConfiguration struct { StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsConfiguration) GoString() string { return s.String() } @@ -11268,12 +12753,20 @@ type AnalyticsExportDestination struct { S3BucketDestination *AnalyticsS3BucketDestination `type:"structure" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsExportDestination) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsExportDestination) GoString() string { return s.String() } @@ -11319,12 +12812,20 @@ type AnalyticsFilter struct { Tag *Tag `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsFilter) GoString() string { return s.String() } @@ -11392,12 +12893,20 @@ type AnalyticsS3BucketDestination struct { Prefix *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsS3BucketDestination) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AnalyticsS3BucketDestination) GoString() string { return s.String() } @@ -11449,8 +12958,7 @@ func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDes return s } -// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name -// is globally unique, and the namespace is shared by all AWS accounts. +// In terms of implementation, a Bucket is a resource. type Bucket struct { _ struct{} `type:"structure"` @@ -11462,12 +12970,20 @@ type Bucket struct { Name *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Bucket) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Bucket) GoString() string { return s.String() } @@ -11484,9 +13000,54 @@ func (s *Bucket) SetName(v string) *Bucket { return s } +// Specifies the information about the bucket that will be created. For more +// information about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type BucketInfo struct { + _ struct{} `type:"structure"` + + // The number of Availability Zone that's used for redundancy for the bucket. + DataRedundancy *string `type:"string" enum:"DataRedundancy"` + + // The type of bucket. + Type *string `type:"string" enum:"BucketType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) GoString() string { + return s.String() +} + +// SetDataRedundancy sets the DataRedundancy field's value. +func (s *BucketInfo) SetDataRedundancy(v string) *BucketInfo { + s.DataRedundancy = &v + return s +} + +// SetType sets the Type field's value. +func (s *BucketInfo) SetType(v string) *BucketInfo { + s.Type = &v + return s +} + // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. type BucketLifecycleConfiguration struct { _ struct{} `type:"structure"` @@ -11496,12 +13057,20 @@ type BucketLifecycleConfiguration struct { Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BucketLifecycleConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BucketLifecycleConfiguration) GoString() string { return s.String() } @@ -11542,16 +13111,24 @@ type BucketLoggingStatus struct { // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) - // in the Amazon Simple Storage Service API Reference. + // in the Amazon S3 API Reference. LoggingEnabled *LoggingEnabled `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BucketLoggingStatus) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s BucketLoggingStatus) GoString() string { return s.String() } @@ -11580,7 +13157,7 @@ func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggin // Describes the cross-origin access configuration for objects in an Amazon // S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon -// Simple Storage Service Developer Guide. +// S3 User Guide. type CORSConfiguration struct { _ struct{} `type:"structure"` @@ -11591,12 +13168,20 @@ type CORSConfiguration struct { CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CORSConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CORSConfiguration) GoString() string { return s.String() } @@ -11656,17 +13241,28 @@ type CORSRule struct { // object). ExposeHeaders []*string `locationName:"ExposeHeader" type:"list" flattened:"true"` + // Unique identifier for the rule. The value cannot be longer than 255 characters. + ID *string `type:"string"` + // The time in seconds that your browser is to cache the preflight response // for the specified resource. MaxAgeSeconds *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CORSRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CORSRule) GoString() string { return s.String() } @@ -11711,6 +13307,12 @@ func (s *CORSRule) SetExposeHeaders(v []*string) *CORSRule { return s } +// SetID sets the ID field's value. +func (s *CORSRule) SetID(v string) *CORSRule { + s.ID = &v + return s +} + // SetMaxAgeSeconds sets the MaxAgeSeconds field's value. func (s *CORSRule) SetMaxAgeSeconds(v int64) *CORSRule { s.MaxAgeSeconds = &v @@ -11729,7 +13331,9 @@ type CSVInput struct { // A single character used to indicate that a row should be ignored when the // character is present at the start of that row. You can specify any character - // to indicate a comment line. + // to indicate a comment line. The default character is #. + // + // Default: # Comments *string `type:"string"` // A single character used to separate individual fields in a record. You can @@ -11769,12 +13373,20 @@ type CSVInput struct { RecordDelimiter *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CSVInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CSVInput) GoString() string { return s.String() } @@ -11851,12 +13463,20 @@ type CSVOutput struct { RecordDelimiter *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CSVOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CSVOutput) GoString() string { return s.String() } @@ -11891,7 +13511,94 @@ func (s *CSVOutput) SetRecordDelimiter(v string) *CSVOutput { return s } -// Container for specifying the AWS Lambda notification configuration. +// Contains all the possible checksum or digest values for an object. +type Checksum struct { + _ struct{} `type:"structure"` + + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Checksum) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Checksum) GoString() string { + return s.String() +} + +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *Checksum) SetChecksumCRC32(v string) *Checksum { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *Checksum) SetChecksumCRC32C(v string) *Checksum { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *Checksum) SetChecksumSHA1(v string) *Checksum { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *Checksum) SetChecksumSHA256(v string) *Checksum { + s.ChecksumSHA256 = &v + return s +} + +// Container for specifying the Lambda notification configuration. type CloudFunctionConfiguration struct { _ struct{} `type:"structure"` @@ -11905,7 +13612,7 @@ type CloudFunctionConfiguration struct { Event *string `deprecated:"true" type:"string" enum:"Event"` // Bucket events for which to send notifications. - Events []*string `locationName:"Event" type:"list" flattened:"true"` + Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"` // An optional unique identifier for configurations in a notification configuration. // If you don't provide one, Amazon S3 will assign an ID. @@ -11915,12 +13622,20 @@ type CloudFunctionConfiguration struct { InvocationRole *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudFunctionConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CloudFunctionConfiguration) GoString() string { return s.String() } @@ -11967,12 +13682,20 @@ type CommonPrefix struct { Prefix *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CommonPrefix) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CommonPrefix) GoString() string { return s.String() } @@ -11988,12 +13711,69 @@ type CompleteMultipartUploadInput struct { // Name of the bucket to which the multipart upload was initiated. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32 checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32C checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 160-bit SHA-1 digest of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 256-bit SHA-256 digest of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -12005,24 +13785,65 @@ type CompleteMultipartUploadInput struct { MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // The server-side encryption (SSE) algorithm used to encrypt the object. This + // parameter is required only when the object was created using a checksum algorithm + // or if your bucket policy requires the use of SSE-C. For more information, + // see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` + + // The server-side encryption (SSE) customer managed key. This parameter is + // needed only when the object was created using a checksum algorithm. For more + // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CompleteMultipartUploadInput's + // String and GoString methods. + SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` + + // The MD5 server-side encryption (SSE) customer managed key. This parameter + // is needed only when the object was created using a checksum algorithm. For + // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // ID for the initiated multipart upload. // // UploadId is a required field UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompleteMultipartUploadInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompleteMultipartUploadInput) GoString() string { return s.String() } @@ -12065,6 +13886,30 @@ func (s *CompleteMultipartUploadInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *CompleteMultipartUploadInput) SetChecksumCRC32(v string) *CompleteMultipartUploadInput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *CompleteMultipartUploadInput) SetChecksumCRC32C(v string) *CompleteMultipartUploadInput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *CompleteMultipartUploadInput) SetChecksumSHA1(v string) *CompleteMultipartUploadInput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *CompleteMultipartUploadInput) SetChecksumSHA256(v string) *CompleteMultipartUploadInput { + s.ChecksumSHA256 = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *CompleteMultipartUploadInput) SetExpectedBucketOwner(v string) *CompleteMultipartUploadInput { s.ExpectedBucketOwner = &v @@ -12089,6 +13934,31 @@ func (s *CompleteMultipartUploadInput) SetRequestPayer(v string) *CompleteMultip return s } +// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value. +func (s *CompleteMultipartUploadInput) SetSSECustomerAlgorithm(v string) *CompleteMultipartUploadInput { + s.SSECustomerAlgorithm = &v + return s +} + +// SetSSECustomerKey sets the SSECustomerKey field's value. +func (s *CompleteMultipartUploadInput) SetSSECustomerKey(v string) *CompleteMultipartUploadInput { + s.SSECustomerKey = &v + return s +} + +func (s *CompleteMultipartUploadInput) getSSECustomerKey() (v string) { + if s.SSECustomerKey == nil { + return v + } + return *s.SSECustomerKey +} + +// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value. +func (s *CompleteMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CompleteMultipartUploadInput { + s.SSECustomerKeyMD5 = &v + return s +} + // SetUploadId sets the UploadId field's value. func (s *CompleteMultipartUploadInput) SetUploadId(v string) *CompleteMultipartUploadInput { s.UploadId = &v @@ -12125,38 +13995,72 @@ func (s CompleteMultipartUploadInput) updateArnableField(v string) (interface{}, type CompleteMultipartUploadOutput struct { _ struct{} `type:"structure"` - // The name of the bucket that contains the newly created object. - // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // The name of the bucket that contains the newly created object. Does not return + // the access point ARN or access point alias if used. + // + // Access points are not supported by directory buckets. Bucket *string `type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with AWS KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `type:"string"` + // Entity tag that identifies the newly created object's data. Objects with // different object data will have different entity tags. The entity tag is // an opaque string. The entity tag may or may not be an MD5 digest of the object // data. If the entity tag is not an MD5 digest of the object data, it will // contain one or more nonhexadecimal characters and/or will consist of less - // than 32 or more than 32 hexadecimal digits. + // than 32 or more than 32 hexadecimal digits. For more information about how + // the entity tag is calculated, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. ETag *string `type:"string"` // If the object expiration is configured, this will contain the expiration - // date (expiry-date) and rule ID (rule-id). The value of rule-id is URL encoded. + // date (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The object key of the newly created object. @@ -12167,30 +14071,48 @@ type CompleteMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // If present, specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) that was used for the - // object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If you specified server-side encryption either with an Amazon S3-managed - // encryption key or an AWS KMS customer master key (CMK) in your initiate multipart - // upload request, the response includes this header. It confirms the encryption - // algorithm that Amazon S3 used to encrypt the object. + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created object, in case the bucket has versioning // turned on. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompleteMultipartUploadOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompleteMultipartUploadOutput) GoString() string { return s.String() } @@ -12214,6 +14136,30 @@ func (s *CompleteMultipartUploadOutput) SetBucketKeyEnabled(v bool) *CompleteMul return s } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *CompleteMultipartUploadOutput) SetChecksumCRC32(v string) *CompleteMultipartUploadOutput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *CompleteMultipartUploadOutput) SetChecksumCRC32C(v string) *CompleteMultipartUploadOutput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *CompleteMultipartUploadOutput) SetChecksumSHA1(v string) *CompleteMultipartUploadOutput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *CompleteMultipartUploadOutput) SetChecksumSHA256(v string) *CompleteMultipartUploadOutput { + s.ChecksumSHA256 = &v + return s +} + // SetETag sets the ETag field's value. func (s *CompleteMultipartUploadOutput) SetETag(v string) *CompleteMultipartUploadOutput { s.ETag = &v @@ -12267,15 +14213,26 @@ type CompletedMultipartUpload struct { _ struct{} `type:"structure"` // Array of CompletedPart data types. + // + // If you do not supply a valid Part with your request, the service sends back + // an HTTP 400 response. Parts []*CompletedPart `locationName:"Part" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompletedMultipartUpload) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompletedMultipartUpload) GoString() string { return s.String() } @@ -12290,24 +14247,106 @@ func (s *CompletedMultipartUpload) SetParts(v []*CompletedPart) *CompletedMultip type CompletedPart struct { _ struct{} `type:"structure"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `type:"string"` + // Entity tag returned when the part was uploaded. ETag *string `type:"string"` // Part number that identifies the part. This is a positive integer between // 1 and 10,000. + // + // * General purpose buckets - In CompleteMultipartUpload, when a additional + // checksum (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) is applied to each part, the PartNumber must + // start at 1 and the part numbers must be consecutive. Otherwise, Amazon + // S3 generates an HTTP 400 Bad Request status code and an InvalidPartOrder + // error code. + // + // * Directory buckets - In CompleteMultipartUpload, the PartNumber must + // start at 1 and the part numbers must be consecutive. PartNumber *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompletedPart) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CompletedPart) GoString() string { return s.String() } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *CompletedPart) SetChecksumCRC32(v string) *CompletedPart { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *CompletedPart) SetChecksumCRC32C(v string) *CompletedPart { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *CompletedPart) SetChecksumSHA1(v string) *CompletedPart { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *CompletedPart) SetChecksumSHA256(v string) *CompletedPart { + s.ChecksumSHA256 = &v + return s +} + // SetETag sets the ETag field's value. func (s *CompletedPart) SetETag(v string) *CompletedPart { s.ETag = &v @@ -12341,15 +14380,27 @@ type Condition struct { // the parent element Condition is specified and sibling HttpErrorCodeReturnedEquals // is not specified. If both conditions are specified, both must be true for // the redirect to be applied. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). KeyPrefixEquals *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Condition) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Condition) GoString() string { return s.String() } @@ -12370,12 +14421,20 @@ type ContinuationEvent struct { _ struct{} `locationName:"ContinuationEvent" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ContinuationEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ContinuationEvent) GoString() string { return s.String() } @@ -12402,66 +14461,134 @@ func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg even type CopyObjectInput struct { _ struct{} `locationName:"CopyObjectRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned access control list (ACL) to apply to the object. + // + // When you copy an object, the ACL metadata is not preserved and is set to + // private by default. Only the owner has full access control. To override the + // default ACL setting, specify a new ACL when you generate a copy request. + // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // + // If the destination bucket that you're copying objects to uses the bucket + // owner enforced setting for S3 Object Ownership, ACLs are disabled and no + // longer affect permissions. Buckets that use this setting only accept PUT + // requests that don't specify an ACL or PUT requests that specify bucket owner + // full control ACLs, such as the bucket-owner-full-control canned ACL or an + // equivalent form of this ACL expressed in the XML format. For more information, + // see Controlling ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // * If your destination bucket uses the bucket owner enforced setting for + // Object Ownership, all objects written to the bucket by any account will + // be owned by the bucket owner. + // + // * This functionality is not supported for directory buckets. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // The name of the destination bucket. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the + // object. // - // Specifying this header with a COPY operation doesn’t affect bucket-level - // settings for S3 Bucket Key. + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. Specifying this header with a COPY action + // doesn’t affect bucket-level settings for S3 Bucket Key. + // + // For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` - // Specifies caching behavior along the request/reply chain. + // Specifies the caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Specifies presentational information for the object. + // Indicates the algorithm that you want Amazon S3 to use to create the checksum + // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // When you copy an object, if the source object has a checksum, that checksum + // value will be copied to the new object by default. If the CopyObject request + // does not include this x-amz-checksum-algorithm header, the checksum algorithm + // will be copied from the source object to the destination object (if it's + // present on the source object). You can optionally specify a different checksum + // algorithm to use with the x-amz-checksum-algorithm header. Unrecognized or + // unsupported values will respond with the HTTP status code 400 Bad Request. + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // Specifies presentational information for the object. Indicates whether an + // object should be displayed in a web browser or downloaded as a file. It allows + // specifying the desired filename for the downloaded file. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` - // A standard MIME type describing the format of the object data. + // A standard MIME type that describes the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies the source object for the copy operation. You specify the value - // in one of two formats, depending on whether you want to access the source - // object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html): + // Specifies the source object for the copy operation. The source object can + // be up to 5 GB. If the source object is an object that was uploaded by using + // a multipart upload, the object copy will be a single part object after the + // source object is copied to the destination bucket. + // + // You specify the value of the copy source in one of two formats, depending + // on whether you want to access the source object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): // // * For objects not accessed through an access point, specify the name of // the source bucket and the key of the source object, separated by a slash - // (/). For example, to copy the object reports/january.pdf from the bucket - // awsexamplebucket, use awsexamplebucket/reports/january.pdf. The value - // must be URL encoded. + // (/). For example, to copy the object reports/january.pdf from the general + // purpose bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. + // The value must be URL-encoded. To copy the object reports/january.pdf + // from the directory bucket awsexamplebucket--use1-az5--x-s3, use awsexamplebucket--use1-az5--x-s3/reports/january.pdf. + // The value must be URL-encoded. // // * For objects accessed through access points, specify the Amazon Resource // Name (ARN) of the object as accessed through the access point, in the @@ -12470,57 +14597,130 @@ type CopyObjectInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same AWS Region. Alternatively, for objects accessed through Amazon S3 - // on Outposts, specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. - // The value must be URL encoded. + // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // If your source bucket versioning is enabled, the x-amz-copy-source header + // by default identifies the current version of an object to copy. If the current + // version is a delete marker, Amazon S3 behaves as if the object was deleted. + // To copy a different version, use the versionId query parameter. Specifically, + // append ?versionId= to the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). // If you don't specify a version ID, Amazon S3 copies the latest version of // the source object. // + // If you enable versioning on the destination bucket, Amazon S3 generates a + // unique version ID for the copied object. This version ID is different from + // the version ID of the source object. Amazon S3 returns the version ID of + // the copied object in the x-amz-version-id response header in the response. + // + // If you do not enable versioning or suspend it on the destination bucket, + // the version ID that Amazon S3 generates in the x-amz-version-id response + // header is always null. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. + // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt - // the source object. The encryption key provided in this header must be one - // that was used when the source object was created. + // the source object. The encryption key provided in this header must be the + // same one that was used when the source object was created. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. + // + // CopySourceSSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CopyObjectInput's + // String and GoString methods. CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account id of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request will fail with an HTTP - // 403 (Access Denied) error. + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account id of the expected source bucket owner. If the source bucket - // is owned by a different account, the request will fail with an HTTP 403 (Access - // Denied) error. + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. @@ -12528,22 +14728,30 @@ type CopyObjectInput struct { // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // The key of the destination object. @@ -12555,87 +14763,289 @@ type CopyObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether the metadata is copied from the source object or replaced - // with metadata provided in the request. + // with metadata that's provided in the request. When copying an object, you + // can preserve all metadata (the default) or specify new metadata. If this + // header isn’t specified, COPY is the default behavior. + // + // General purpose bucket - For general purpose buckets, when you grant permissions, + // you can use the s3:x-amz-metadata-directive condition key to enforce certain + // metadata behavior when objects are uploaded. For more information, see Amazon + // S3 condition key examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) + // in the Amazon S3 User Guide. + // + // x-amz-website-redirect-location is unique to each object and is not copied + // when using the x-amz-metadata-directive header. To copy the value, you must + // specify x-amz-website-redirect-location in the request header. MetadataDirective *string `location:"header" locationName:"x-amz-metadata-directive" type:"string" enum:"MetadataDirective"` - // Specifies whether you want to apply a Legal Hold to the copied object. + // Specifies whether you want to apply a legal hold to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode that you want to apply to the copied object. + // The Object Lock mode that you want to apply to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want the copied object's Object Lock to expire. + // The date and time when you want the Object Lock of the object copy to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting - // data. This value is used to store the object and then it is discarded; Amazon + // data. This value is used to store the object and then it is discarded. Amazon // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CopyObjectInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // Specifies the AWS KMS Encryption Context to use for object encryption. The - // value of this header is a base64-encoded UTF-8 string holding JSON with the - // encryption context key-value pairs. + // Specifies the Amazon Web Services KMS Encryption Context to use for object + // encryption. The value of this header is a base64-encoded UTF-8 string holding + // JSON with the encryption context key-value pairs. This value must be explicitly + // added to specify encryption context for CopyObject requests. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // + // SSEKMSEncryptionContext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CopyObjectInput's + // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT - // requests for an object protected by AWS KMS will fail if not made via SSL - // or using SigV4. For information about configuring using any of the officially - // supported AWS SDKs and AWS CLI, see Specifying the Signature Version in Request - // Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 Developer Guide. + // Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object encryption. + // All GET and PUT requests for an object protected by KMS will fail if they're + // not made via SSL or using SigV4. For information about configuring any of + // the officially supported Amazon Web Services SDKs and Amazon Web Services + // CLI, see Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // in the Amazon S3 User Guide. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CopyObjectInput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). Unrecognized or unsupported + // values won’t write a destination object and will receive a 400 Bad Request + // response. + // + // Amazon S3 automatically encrypts all new objects that are copied to an S3 + // bucket. When copying an object, if you don't specify encryption information + // in your copy request, the encryption setting of the target object is set + // to the default encryption configuration of the destination bucket. By default, + // all buckets have a base level of encryption configuration that uses server-side + // encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket + // has a default encryption configuration that uses server-side encryption with + // Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption + // with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with + // customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding + // KMS key, or a customer-provided key to encrypt the target object copy. + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // With server-side encryption, Amazon S3 encrypts your data as it writes your + // data to disks in its data centers and decrypts the data when you access it. + // For more information about server-side encryption, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) + // in the Amazon S3 User Guide. + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // By default, Amazon S3 uses the STANDARD Storage Class to store newly created - // objects. The STANDARD storage class provides high durability and high availability. - // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // in the Amazon S3 Service Developer Guide. + // If the x-amz-storage-class header is not used, the copied object will be + // stored in the STANDARD Storage Class by default. The STANDARD storage class + // provides high durability and high availability. Depending on performance + // needs, you can specify a different Storage Class. + // + // * Directory buckets - For directory buckets, only the S3 Express One Zone + // storage class is supported to store newly created objects. Unsupported + // storage class values won't write a destination object and will respond + // with the HTTP status code 400 Bad Request. + // + // * Amazon S3 on Outposts - S3 on Outposts only uses the OUTPOSTS Storage + // Class. + // + // You can use the CopyObject action to change the storage class of an object + // that is already stored in Amazon S3 by using the x-amz-storage-class header. + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // in the Amazon S3 User Guide. + // + // Before using an object as a source object for the copy operation, you must + // restore a copy of it if it meets any of the following conditions: + // + // * The storage class of the source object is GLACIER or DEEP_ARCHIVE. + // + // * The storage class of the source object is INTELLIGENT_TIERING and it's + // S3 Intelligent-Tiering access tier (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition) + // is Archive Access or Deep Archive Access. + // + // For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) + // and Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html) + // in the Amazon S3 User Guide. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The tag-set for the object destination object this value must be used in - // conjunction with the TaggingDirective. The tag-set must be encoded as URL - // Query parameters. + // The tag-set for the object copy in the destination bucket. This value must + // be used in conjunction with the x-amz-tagging-directive if you choose REPLACE + // for the x-amz-tagging-directive. If you choose COPY for the x-amz-tagging-directive, + // you don't need to set the x-amz-tagging header, because the tag-set will + // be copied from the source object directly. The tag-set must be encoded as + // URL Query parameters. + // + // The default value is the empty value. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` - // Specifies whether the object tag-set are copied from the source object or - // replaced with tag-set provided in the request. + // Specifies whether the object tag-set is copied from the source object or + // replaced with the tag-set that's provided in the request. + // + // The default value is COPY. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. TaggingDirective *string `location:"header" locationName:"x-amz-tagging-directive" type:"string" enum:"TaggingDirective"` - // If the bucket is configured as a website, redirects requests for this object - // to another object in the same bucket or to an external URL. Amazon S3 stores - // the value of this header in the object metadata. + // If the destination bucket is configured as a website, redirects requests + // for this object copy to another object in the same bucket or to an external + // URL. Amazon S3 stores the value of this header in the object metadata. This + // value is unique to each object and is not copied when using the x-amz-metadata-directive + // header. Instead, you may opt to provide this header in combination with the + // x-amz-metadata-directive header. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyObjectInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyObjectInput) GoString() string { return s.String() } @@ -12696,6 +15106,12 @@ func (s *CopyObjectInput) SetCacheControl(v string) *CopyObjectInput { return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *CopyObjectInput) SetChecksumAlgorithm(v string) *CopyObjectInput { + s.ChecksumAlgorithm = &v + return s +} + // SetContentDisposition sets the ContentDisposition field's value. func (s *CopyObjectInput) SetContentDisposition(v string) *CopyObjectInput { s.ContentDisposition = &v @@ -12957,56 +15373,93 @@ type CopyObjectOutput struct { _ struct{} `type:"structure" payload:"CopyObjectResult"` // Indicates whether the copied object uses an S3 Bucket Key for server-side - // encryption with AWS KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. CopyObjectResult *CopyObjectResult `type:"structure"` - // Version of the copied object in the destination bucket. + // Version ID of the source object that was copied. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If the object expiration is configured, the response includes this header. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the AWS KMS Encryption Context to use for object encryption. - // The value of this header is a base64-encoded UTF-8 string holding JSON with - // the encryption context key-value pairs. + // If present, indicates the Amazon Web Services KMS Encryption Context to use + // for object encryption. The value of this header is a base64-encoded UTF-8 + // string holding JSON with the encryption context key-value pairs. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSEncryptionContext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CopyObjectOutput's + // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) that was used for the - // object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CopyObjectOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created copy. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyObjectOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyObjectOutput) GoString() string { return s.String() } @@ -13081,25 +15534,80 @@ func (s *CopyObjectOutput) SetVersionId(v string) *CopyObjectOutput { type CopyObjectResult struct { _ struct{} `type:"structure"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `type:"string"` + // Returns the ETag of the new object. The ETag reflects only changes to the - // contents of an object, not its metadata. The source and destination ETag - // is identical for a successfully copied object. + // contents of an object, not its metadata. ETag *string `type:"string"` - // Returns the date that the object was last modified. + // Creation date of the object. LastModified *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyObjectResult) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyObjectResult) GoString() string { return s.String() } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *CopyObjectResult) SetChecksumCRC32(v string) *CopyObjectResult { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *CopyObjectResult) SetChecksumCRC32C(v string) *CopyObjectResult { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *CopyObjectResult) SetChecksumSHA1(v string) *CopyObjectResult { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *CopyObjectResult) SetChecksumSHA256(v string) *CopyObjectResult { + s.ChecksumSHA256 = &v + return s +} + // SetETag sets the ETag field's value. func (s *CopyObjectResult) SetETag(v string) *CopyObjectResult { s.ETag = &v @@ -13116,6 +15624,46 @@ func (s *CopyObjectResult) SetLastModified(v time.Time) *CopyObjectResult { type CopyPartResult struct { _ struct{} `type:"structure"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `type:"string"` + // Entity tag of the object. ETag *string `type:"string"` @@ -13123,16 +15671,48 @@ type CopyPartResult struct { LastModified *time.Time `type:"timestamp"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyPartResult) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CopyPartResult) GoString() string { return s.String() } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *CopyPartResult) SetChecksumCRC32(v string) *CopyPartResult { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *CopyPartResult) SetChecksumCRC32C(v string) *CopyPartResult { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *CopyPartResult) SetChecksumSHA1(v string) *CopyPartResult { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *CopyPartResult) SetChecksumSHA256(v string) *CopyPartResult { + s.ChecksumSHA256 = &v + return s +} + // SetETag sets the ETag field's value. func (s *CopyPartResult) SetETag(v string) *CopyPartResult { s.ETag = &v @@ -13149,21 +15729,66 @@ func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult { type CreateBucketConfiguration struct { _ struct{} `type:"structure"` - // Specifies the Region where the bucket will be created. If you don't specify - // a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1). + // Specifies the information about the bucket that will be created. + // + // This functionality is only supported by directory buckets. + Bucket *BucketInfo `type:"structure"` + + // Specifies the location where the bucket will be created. + // + // For directory buckets, the location type is Availability Zone. + // + // This functionality is only supported by directory buckets. + Location *LocationInfo `type:"structure"` + + // Specifies the Region where the bucket will be created. You might choose a + // Region to optimize latency, minimize costs, or address regulatory requirements. + // For example, if you reside in Europe, you will probably find it advantageous + // to create buckets in the Europe (Ireland) Region. For more information, see + // Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro) + // in the Amazon S3 User Guide. + // + // If you don't specify a Region, the bucket is created in the US East (N. Virginia) + // Region (us-east-1) by default. + // + // This functionality is not supported for directory buckets. LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateBucketConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateBucketConfiguration) GoString() string { return s.String() } +// SetBucket sets the Bucket field's value. +func (s *CreateBucketConfiguration) SetBucket(v *BucketInfo) *CreateBucketConfiguration { + s.Bucket = v + return s +} + +func (s *CreateBucketConfiguration) getBucket() (v *BucketInfo) { + return s.Bucket +} + +// SetLocation sets the Location field's value. +func (s *CreateBucketConfiguration) SetLocation(v *LocationInfo) *CreateBucketConfiguration { + s.Location = v + return s +} + // SetLocationConstraint sets the LocationConstraint field's value. func (s *CreateBucketConfiguration) SetLocationConstraint(v string) *CreateBucketConfiguration { s.LocationConstraint = &v @@ -13174,10 +15799,25 @@ type CreateBucketInput struct { _ struct{} `locationName:"CreateBucketRequest" type:"structure" payload:"CreateBucketConfiguration"` // The canned ACL to apply to the bucket. + // + // This functionality is not supported for directory buckets. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` // The name of the bucket to create. // + // General purpose buckets - For information about bucket naming restrictions, + // see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -13186,30 +15826,80 @@ type CreateBucketInput struct { // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. + // + // This functionality is not supported for directory buckets. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. + // + // This functionality is not supported for directory buckets. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. + // + // This functionality is not supported for directory buckets. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to create, overwrite, and delete any object in the bucket. + // Allows grantee to create new objects in the bucket. + // + // For the bucket and object owners of existing objects, also allows deletions + // and overwrites of those objects. + // + // This functionality is not supported for directory buckets. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. + // + // This functionality is not supported for directory buckets. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Specifies whether you want S3 Object Lock to be enabled for the new bucket. + // + // This functionality is not supported for directory buckets. ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` + + // The container element for object ownership for a bucket's ownership controls. + // + // BucketOwnerPreferred - Objects uploaded to the bucket change ownership to + // the bucket owner if the objects are uploaded with the bucket-owner-full-control + // canned ACL. + // + // ObjectWriter - The uploading account will own the object if the object is + // uploaded with the bucket-owner-full-control canned ACL. + // + // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer + // affect permissions. The bucket owner automatically owns and has full control + // over every object in the bucket. The bucket only accepts PUT requests that + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. + ObjectOwnership *string `location:"header" locationName:"x-amz-object-ownership" type:"string" enum:"ObjectOwnership"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateBucketInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateBucketInput) GoString() string { return s.String() } @@ -13291,21 +15981,33 @@ func (s *CreateBucketInput) SetObjectLockEnabledForBucket(v bool) *CreateBucketI return s } +// SetObjectOwnership sets the ObjectOwnership field's value. +func (s *CreateBucketInput) SetObjectOwnership(v string) *CreateBucketInput { + s.ObjectOwnership = &v + return s +} + type CreateBucketOutput struct { _ struct{} `type:"structure"` - // Specifies the Region where the bucket will be created. If you are creating - // a bucket on the US East (N. Virginia) Region (us-east-1), you do not need - // to specify the location. + // A forward slash followed by the name of the bucket. Location *string `location:"header" locationName:"Location" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateBucketOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateBucketOutput) GoString() string { return s.String() } @@ -13319,83 +16021,253 @@ func (s *CreateBucketOutput) SetLocation(v string) *CreateBucketOutput { type CreateMultipartUploadInput struct { _ struct{} `locationName:"CreateMultipartUploadRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned ACL to apply to the object. Amazon S3 supports a set of predefined + // ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees + // and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. // - // This action is not supported by Amazon S3 on Outposts. - ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` - - // The name of the bucket to which to initiate the upload + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can grant access permissions to individual + // Amazon Web Services accounts or to predefined groups defined by Amazon S3. + // These permissions are then added to the access control list (ACL) on the + // new object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // One way to grant the permissions using the request headers is to specify + // a canned ACL with the x-amz-acl request header. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // * This functionality is not supported for directory buckets. // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // * This functionality is not supported for Amazon S3 on Outposts. + ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` + + // The name of the bucket where the multipart upload is initiated and where + // the object is uploaded. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // - // Specifying this header with an object operation doesn’t affect bucket-level + // Specifying this header with an object action doesn’t affect bucket-level // settings for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // Indicates the algorithm that you want Amazon S3 to use to create the checksum + // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` - // The language the content is in. + // The language that the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` - // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. + // Specify access permissions explicitly to give the grantee READ, READ_ACP, + // and WRITE_ACP permissions on the object. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group // - // This action is not supported by Amazon S3 on Outposts. + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` - // Allows grantee to read the object data and its metadata. + // Specify access permissions explicitly to allow grantee to read the object + // data and its metadata. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group // - // This action is not supported by Amazon S3 on Outposts. + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` - // Allows grantee to read the object ACL. + // Specify access permissions explicitly to allows grantee to read the object + // ACL. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account // - // This action is not supported by Amazon S3 on Outposts. + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to write the ACL for the applicable object. + // Specify access permissions explicitly to allows grantee to allow grantee + // to write the ACL for the applicable object. + // + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: // - // This action is not supported by Amazon S3 on Outposts. + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the multipart upload is to be initiated. @@ -13406,24 +16278,35 @@ type CreateMultipartUploadInput struct { // A map of metadata to store with the object in S3. Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` - // Specifies whether you want to apply a Legal Hold to the uploaded object. + // Specifies whether you want to apply a legal hold to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // Specifies the Object Lock mode that you want to apply to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // Specifies the date and time when you want the Object Lock to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -13431,53 +16314,88 @@ type CreateMultipartUploadInput struct { // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateMultipartUploadInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // Specifies the AWS KMS Encryption Context to use for object encryption. The - // value of this header is a base64-encoded UTF-8 string holding JSON with the - // encryption context key-value pairs. + // Specifies the Amazon Web Services KMS Encryption Context to use for object + // encryption. The value of this header is a base64-encoded UTF-8 string holding + // JSON with the encryption context key-value pairs. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSEncryptionContext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateMultipartUploadInput's + // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the ID of the symmetric customer managed AWS KMS CMK to use for - // object encryption. All GET and PUT requests for an object protected by AWS - // KMS will fail if not made via SSL or using SigV4. For information about configuring - // using any of the officially supported AWS SDKs and AWS CLI, see Specifying - // the Signature Version in Request Authentication (https://docs.aws.amazon.com/http:/docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 Developer Guide. + // Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric encryption + // customer managed key to use for object encryption. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateMultipartUploadInput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // in the Amazon S3 Service Developer Guide. + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateMultipartUploadInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateMultipartUploadInput) GoString() string { return s.String() } @@ -13535,6 +16453,12 @@ func (s *CreateMultipartUploadInput) SetCacheControl(v string) *CreateMultipartU return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *CreateMultipartUploadInput) SetChecksumAlgorithm(v string) *CreateMultipartUploadInput { + s.ChecksumAlgorithm = &v + return s +} + // SetContentDisposition sets the ContentDisposition field's value. func (s *CreateMultipartUploadInput) SetContentDisposition(v string) *CreateMultipartUploadInput { s.ContentDisposition = &v @@ -13727,80 +16651,106 @@ type CreateMultipartUploadOutput struct { // name in the request, the response includes this header. The header indicates // when the initiated multipart upload becomes eligible for an abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon S3 User Guide. // // The response also includes the x-amz-abort-rule-id header that provides the - // ID of the lifecycle configuration rule that defines this action. + // ID of the lifecycle configuration rule that defines the abort action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // the applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` - // The name of the bucket to which the multipart upload was initiated. + // The name of the bucket to which the multipart upload was initiated. Does + // not return the access point ARN or access point alias if used. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points are not supported by directory buckets. Bucket *string `locationName:"Bucket" type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with AWS KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` + // The algorithm that was used to create a checksum of the object. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + // Object key for which the multipart upload was initiated. Key *string `min:"1" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the AWS KMS Encryption Context to use for object encryption. - // The value of this header is a base64-encoded UTF-8 string holding JSON with - // the encryption context key-value pairs. + // If present, indicates the Amazon Web Services KMS Encryption Context to use + // for object encryption. The value of this header is a base64-encoded UTF-8 + // string holding JSON with the encryption context key-value pairs. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSEncryptionContext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's + // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) that was used for the - // object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // ID for the initiated multipart upload. UploadId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateMultipartUploadOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s CreateMultipartUploadOutput) GoString() string { return s.String() } @@ -13836,6 +16786,12 @@ func (s *CreateMultipartUploadOutput) SetBucketKeyEnabled(v bool) *CreateMultipa return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *CreateMultipartUploadOutput) SetChecksumAlgorithm(v string) *CreateMultipartUploadOutput { + s.ChecksumAlgorithm = &v + return s +} + // SetKey sets the Key field's value. func (s *CreateMultipartUploadOutput) SetKey(v string) *CreateMultipartUploadOutput { s.Key = &v @@ -13884,28 +16840,173 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo return s } +type CreateSessionInput struct { + _ struct{} `locationName:"CreateSessionRequest" type:"structure"` + + // The name of the bucket that you create a session for. + // + // Bucket is a required field + Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + + // Specifies the mode of the session that will be created, either ReadWrite + // or ReadOnly. By default, a ReadWrite session is created. A ReadWrite session + // is capable of executing all the Zonal endpoint APIs on a directory bucket. + // A ReadOnly session is constrained to execute the following Zonal endpoint + // APIs: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, ListParts, + // and ListMultipartUploads. + SessionMode *string `location:"header" locationName:"x-amz-create-session-mode" type:"string" enum:"SessionMode"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSessionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSessionInput"} + if s.Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("Bucket")) + } + if s.Bucket != nil && len(*s.Bucket) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Bucket", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBucket sets the Bucket field's value. +func (s *CreateSessionInput) SetBucket(v string) *CreateSessionInput { + s.Bucket = &v + return s +} + +func (s *CreateSessionInput) getBucket() (v string) { + if s.Bucket == nil { + return v + } + return *s.Bucket +} + +// SetSessionMode sets the SessionMode field's value. +func (s *CreateSessionInput) SetSessionMode(v string) *CreateSessionInput { + s.SessionMode = &v + return s +} + +func (s *CreateSessionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *CreateSessionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + +// updateArnableField updates the value of the input field that +// takes an ARN as an input. This method is useful to backfill +// the parsed resource name from ARN into the input member. +// It returns a pointer to a modified copy of input and an error. +// Note that original input is not modified. +func (s CreateSessionInput) updateArnableField(v string) (interface{}, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + s.Bucket = aws.String(v) + return &s, nil +} + +type CreateSessionOutput struct { + _ struct{} `type:"structure"` + + // The established temporary security credentials for the created session. + // + // Credentials is a required field + Credentials *SessionCredentials `locationName:"Credentials" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) GoString() string { + return s.String() +} + +// SetCredentials sets the Credentials field's value. +func (s *CreateSessionOutput) SetCredentials(v *SessionCredentials) *CreateSessionOutput { + s.Credentials = v + return s +} + // The container element for specifying the default Object Lock retention settings // for new objects placed in the specified bucket. +// +// - The DefaultRetention settings require both a mode and a period. +// +// - The DefaultRetention period can be either Days or Years but you must +// select one. You cannot specify Days and Years at the same time. type DefaultRetention struct { _ struct{} `type:"structure"` // The number of days that you want to specify for the default retention period. + // Must be used with Mode. Days *int64 `type:"integer"` // The default Object Lock retention mode you want to apply to new objects placed - // in the specified bucket. + // in the specified bucket. Must be used with either Days or Years. Mode *string `type:"string" enum:"ObjectLockRetentionMode"` // The number of years that you want to specify for the default retention period. + // Must be used with Mode. Years *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DefaultRetention) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DefaultRetention) GoString() string { return s.String() } @@ -13932,7 +17033,12 @@ func (s *DefaultRetention) SetYears(v int64) *DefaultRetention { type Delete struct { _ struct{} `type:"structure"` - // The objects to delete. + // The object to delete. + // + // Directory buckets - For directory buckets, an object that's composed entirely + // of whitespace characters is not supported by the DeleteObjects API operation. + // The request will receive a 400 Bad Request error and none of the objects + // in the request will be deleted. // // Objects is a required field Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"` @@ -13942,12 +17048,20 @@ type Delete struct { Quiet *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Delete) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Delete) GoString() string { return s.String() } @@ -13995,9 +17109,9 @@ type DeleteBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -14006,12 +17120,20 @@ type DeleteBucketAnalyticsConfigurationInput struct { Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketAnalyticsConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketAnalyticsConfigurationInput) GoString() string { return s.String() } @@ -14091,12 +17213,20 @@ type DeleteBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketAnalyticsConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketAnalyticsConfigurationOutput) GoString() string { return s.String() } @@ -14109,18 +17239,26 @@ type DeleteBucketCorsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketCorsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketCorsInput) GoString() string { return s.String() } @@ -14191,12 +17329,20 @@ type DeleteBucketCorsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketCorsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketCorsOutput) GoString() string { return s.String() } @@ -14210,18 +17356,26 @@ type DeleteBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketEncryptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketEncryptionInput) GoString() string { return s.String() } @@ -14292,12 +17446,20 @@ type DeleteBucketEncryptionOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketEncryptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketEncryptionOutput) GoString() string { return s.String() } @@ -14307,21 +17469,42 @@ type DeleteBucketInput struct { // Specifies the bucket being deleted. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketInput) GoString() string { return s.String() } @@ -14403,12 +17586,20 @@ type DeleteBucketIntelligentTieringConfigurationInput struct { Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketIntelligentTieringConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketIntelligentTieringConfigurationInput) GoString() string { return s.String() } @@ -14482,12 +17673,20 @@ type DeleteBucketIntelligentTieringConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketIntelligentTieringConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketIntelligentTieringConfigurationOutput) GoString() string { return s.String() } @@ -14500,9 +17699,9 @@ type DeleteBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -14511,12 +17710,20 @@ type DeleteBucketInventoryConfigurationInput struct { Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketInventoryConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketInventoryConfigurationInput) GoString() string { return s.String() } @@ -14596,12 +17803,20 @@ type DeleteBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketInventoryConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketInventoryConfigurationOutput) GoString() string { return s.String() } @@ -14614,18 +17829,26 @@ type DeleteBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketLifecycleInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketLifecycleInput) GoString() string { return s.String() } @@ -14696,12 +17919,20 @@ type DeleteBucketLifecycleOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketLifecycleOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketLifecycleOutput) GoString() string { return s.String() } @@ -14714,23 +17945,32 @@ type DeleteBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketMetricsConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketMetricsConfigurationInput) GoString() string { return s.String() } @@ -14810,12 +18050,20 @@ type DeleteBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketMetricsConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketMetricsConfigurationOutput) GoString() string { return s.String() } @@ -14824,12 +18072,20 @@ type DeleteBucketOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketOutput) GoString() string { return s.String() } @@ -14842,18 +18098,26 @@ type DeleteBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketOwnershipControlsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketOwnershipControlsInput) GoString() string { return s.String() } @@ -14924,12 +18188,20 @@ type DeleteBucketOwnershipControlsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketOwnershipControlsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketOwnershipControlsOutput) GoString() string { return s.String() } @@ -14939,21 +18211,42 @@ type DeleteBucketPolicyInput struct { // The bucket name. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketPolicyInput) GoString() string { return s.String() } @@ -15024,12 +18317,20 @@ type DeleteBucketPolicyOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketPolicyOutput) GoString() string { return s.String() } @@ -15042,18 +18343,26 @@ type DeleteBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketReplicationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketReplicationInput) GoString() string { return s.String() } @@ -15124,12 +18433,20 @@ type DeleteBucketReplicationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketReplicationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketReplicationOutput) GoString() string { return s.String() } @@ -15142,18 +18459,26 @@ type DeleteBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketTaggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketTaggingInput) GoString() string { return s.String() } @@ -15224,12 +18549,20 @@ type DeleteBucketTaggingOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketTaggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketTaggingOutput) GoString() string { return s.String() } @@ -15242,18 +18575,26 @@ type DeleteBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketWebsiteInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketWebsiteInput) GoString() string { return s.String() } @@ -15324,12 +18665,20 @@ type DeleteBucketWebsiteOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketWebsiteOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteBucketWebsiteOutput) GoString() string { return s.String() } @@ -15345,7 +18694,7 @@ type DeleteMarkerEntry struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // The account that created the delete marker.> @@ -15355,12 +18704,20 @@ type DeleteMarkerEntry struct { VersionId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteMarkerEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteMarkerEntry) GoString() string { return s.String() } @@ -15417,12 +18774,20 @@ type DeleteMarkerReplication struct { Status *string `type:"string" enum:"DeleteMarkerReplicationStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteMarkerReplication) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteMarkerReplication) GoString() string { return s.String() } @@ -15438,31 +18803,48 @@ type DeleteObjectInput struct { // The bucket name of the bucket containing the object. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Indicates whether S3 Object Lock should bypass Governance-mode restrictions - // to process this operation. + // to process this operation. To use this header, you must have the s3:BypassGovernanceRetention + // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key name of the object to delete. @@ -15474,25 +18856,42 @@ type DeleteObjectInput struct { // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectInput) GoString() string { return s.String() } @@ -15598,25 +18997,41 @@ func (s DeleteObjectInput) updateArnableField(v string) (interface{}, error) { type DeleteObjectOutput struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Returns the version ID of the delete marker created as a result of the DELETE // operation. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectOutput) GoString() string { return s.String() } @@ -15644,30 +19059,34 @@ type DeleteObjectTaggingInput struct { // The bucket name containing the objects from which to remove the tags. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Name of the object key. + // The key that identifies the object in the bucket from which to remove all + // tags. // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` @@ -15676,12 +19095,20 @@ type DeleteObjectTaggingInput struct { VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectTaggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectTaggingInput) GoString() string { return s.String() } @@ -15773,12 +19200,20 @@ type DeleteObjectTaggingOutput struct { VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectTaggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectTaggingOutput) GoString() string { return s.String() } @@ -15794,59 +19229,136 @@ type DeleteObjectsInput struct { // The bucket name containing the objects to delete. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether you want to delete this object even if it has a Governance-type - // Object Lock in place. You must have sufficient permissions to perform this - // operation. + // Object Lock in place. To use this header, you must have the s3:BypassGovernanceRetention + // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + // Container for the request. // // Delete is a required field Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // When performing the DeleteObjects operation on an MFA delete enabled bucket, + // which attempts to delete the specified versioned objects, you must include + // an MFA token. If you don't provide an MFA token, the entire request will + // fail, even if there are non-versioned objects that you are trying to delete. + // If you provide an invalid token, whether there are versioned object keys + // in the request or not, the entire Multi-Object Delete request will fail. + // For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectsInput) GoString() string { return s.String() } @@ -15894,6 +19406,12 @@ func (s *DeleteObjectsInput) SetBypassGovernanceRetention(v bool) *DeleteObjects return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *DeleteObjectsInput) SetChecksumAlgorithm(v string) *DeleteObjectsInput { + s.ChecksumAlgorithm = &v + return s +} + // SetDelete sets the Delete field's value. func (s *DeleteObjectsInput) SetDelete(v *Delete) *DeleteObjectsInput { s.Delete = v @@ -15952,21 +19470,31 @@ type DeleteObjectsOutput struct { // was successfully deleted. Deleted []*DeletedObject `type:"list" flattened:"true"` - // Container for a failed delete operation that describes the object that Amazon + // Container for a failed delete action that describes the object that Amazon // S3 attempted to delete and the error it encountered. Errors []*Error `locationName:"Error" type:"list" flattened:"true"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeleteObjectsOutput) GoString() string { return s.String() } @@ -15997,18 +19525,26 @@ type DeletePublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeletePublicAccessBlockInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeletePublicAccessBlockInput) GoString() string { return s.String() } @@ -16079,12 +19615,20 @@ type DeletePublicAccessBlockOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeletePublicAccessBlockOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeletePublicAccessBlockOutput) GoString() string { return s.String() } @@ -16093,29 +19637,44 @@ func (s DeletePublicAccessBlockOutput) GoString() string { type DeletedObject struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. In a simple DELETE, this header indicates - // whether (true) or not (false) a delete marker was created. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `type:"boolean"` // The version ID of the delete marker created as a result of the DELETE operation. // If you delete a specific object version, the value returned by this header // is the version ID of the object version deleted. + // + // This functionality is not supported for directory buckets. DeleteMarkerVersionId *string `type:"string"` // The name of the deleted object. Key *string `min:"1" type:"string"` // The version ID of the deleted object. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeletedObject) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DeletedObject) GoString() string { return s.String() } @@ -16151,17 +19710,18 @@ type Destination struct { // Specify this only in a cross-account scenario (where source and destination // bucket owners are not the same), and you want to change replica ownership - // to the AWS account that owns the destination bucket. If this is not specified - // in the replication configuration, the replicas are owned by same AWS account - // that owns the source object. + // to the Amazon Web Services account that owns the destination bucket. If this + // is not specified in the replication configuration, the replicas are owned + // by same Amazon Web Services account that owns the source object. AccessControlTranslation *AccessControlTranslation `type:"structure"` // Destination bucket owner account ID. In a cross-account scenario, if you - // direct Amazon S3 to change replica ownership to the AWS account that owns - // the destination bucket by specifying the AccessControlTranslation property, - // this is the account ID of the destination bucket owner. For more information, - // see Replication Additional Configuration: Changing the Replica Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html) - // in the Amazon Simple Storage Service Developer Guide. + // direct Amazon S3 to change replica ownership to the Amazon Web Services account + // that owns the destination bucket by specifying the AccessControlTranslation + // property, this is the account ID of the destination bucket owner. For more + // information, see Replication Additional Configuration: Changing the Replica + // Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html) + // in the Amazon S3 User Guide. Account *string `type:"string"` // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to @@ -16189,16 +19749,24 @@ type Destination struct { // // For valid values, see the StorageClass element of the PUT Bucket replication // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) - // action in the Amazon Simple Storage Service API Reference. + // action in the Amazon S3 API Reference. StorageClass *string `type:"string" enum:"StorageClass"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Destination) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Destination) GoString() string { return s.String() } @@ -16295,19 +19863,31 @@ type Encryption struct { KMSContext *string `type:"string"` // If the encryption type is aws:kms, this optional value specifies the ID of - // the symmetric customer managed AWS KMS CMK to use for encryption of job results. - // Amazon S3 only supports symmetric CMKs. For more information, see Using Symmetric - // and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) - // in the AWS Key Management Service Developer Guide. + // the symmetric encryption customer managed key to use for encryption of job + // results. Amazon S3 only supports symmetric encryption KMS keys. For more + // information, see Asymmetric keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // in the Amazon Web Services Key Management Service Developer Guide. + // + // KMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Encryption's + // String and GoString methods. KMSKeyId *string `type:"string" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Encryption) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Encryption) GoString() string { return s.String() } @@ -16348,21 +19928,29 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption { type EncryptionConfiguration struct { _ struct{} `type:"structure"` - // Specifies the ID (Key ARN or Alias ARN) of the customer managed customer - // master key (CMK) stored in AWS Key Management Service (KMS) for the destination - // bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only - // supports symmetric customer managed CMKs. For more information, see Using - // Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) - // in the AWS Key Management Service Developer Guide. + // Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon Web + // Services KMS key stored in Amazon Web Services Key Management Service (KMS) + // for the destination bucket. Amazon S3 uses this key to encrypt replica objects. + // Amazon S3 only supports symmetric encryption KMS keys. For more information, + // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // in the Amazon Web Services Key Management Service Developer Guide. ReplicaKmsKeyID *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EncryptionConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EncryptionConfiguration) GoString() string { return s.String() } @@ -16380,12 +19968,20 @@ type EndEvent struct { _ struct{} `locationName:"EndEvent" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EndEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s EndEvent) GoString() string { return s.String() } @@ -16415,21 +20011,20 @@ type Error struct { // The error code is a string that uniquely identifies an error condition. It // is meant to be read and understood by programs that detect and handle errors - // by type. - // - // Amazon S3 error codes + // by type. The following is a list of Amazon S3 error codes. For more information, + // see Error responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // // * Code: AccessDenied Description: Access Denied HTTP Status Code: 403 // Forbidden SOAP Fault Code Prefix: Client // - // * Code: AccountProblem Description: There is a problem with your AWS account - // that prevents the operation from completing successfully. Contact AWS - // Support for further assistance. HTTP Status Code: 403 Forbidden SOAP Fault - // Code Prefix: Client + // * Code: AccountProblem Description: There is a problem with your Amazon + // Web Services account that prevents the action from completing successfully. + // Contact Amazon Web Services Support for further assistance. HTTP Status + // Code: 403 Forbidden SOAP Fault Code Prefix: Client // // * Code: AllAccessDisabled Description: All access to this Amazon S3 resource - // has been disabled. Contact AWS Support for further assistance. HTTP Status - // Code: 403 Forbidden SOAP Fault Code Prefix: Client + // has been disabled. Contact Amazon Web Services Support for further assistance. + // HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client // // * Code: AmbiguousGrantByEmailAddress Description: The email address you // provided is associated with more than one account. HTTP Status Code: 400 @@ -16449,8 +20044,8 @@ type Error struct { // SOAP Fault Code Prefix: Client // // * Code: BucketAlreadyOwnedByYou Description: The bucket you tried to create - // already exists, and you own it. Amazon S3 returns this error in all AWS - // Regions except in the North Virginia Region. For legacy compatibility, + // already exists, and you own it. Amazon S3 returns this error in all Amazon + // Web Services Regions except in the North Virginia Region. For legacy compatibility, // if you re-create an existing bucket that you already own in the North // Virginia Region, Amazon S3 returns 200 OK and resets the bucket access // control lists (ACLs). Code: 409 Conflict (in all Regions except the North @@ -16499,9 +20094,9 @@ type Error struct { // try again. HTTP Status Code: 500 Internal Server Error SOAP Fault Code // Prefix: Server // - // * Code: InvalidAccessKeyId Description: The AWS access key ID you provided - // does not exist in our records. HTTP Status Code: 403 Forbidden SOAP Fault - // Code Prefix: Client + // * Code: InvalidAccessKeyId Description: The Amazon Web Services access + // key ID you provided does not exist in our records. HTTP Status Code: 403 + // Forbidden SOAP Fault Code Prefix: Client // // * Code: InvalidAddressingHeader Description: You must specify the Anonymous // role. HTTP Status Code: N/A SOAP Fault Code Prefix: Client @@ -16528,9 +20123,9 @@ type Error struct { // Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro). // HTTP Status Code: 400 Bad Request SOAP Fault Code Prefix: Client // - // * Code: InvalidObjectState Description: The operation is not valid for - // the current state of the object. HTTP Status Code: 403 Forbidden SOAP - // Fault Code Prefix: Client + // * Code: InvalidObjectState Description: The action is not valid for the + // current state of the object. HTTP Status Code: 403 Forbidden SOAP Fault + // Code Prefix: Client // // * Code: InvalidPart Description: One or more of the specified parts could // not be found. The part might not have been uploaded, or the specified @@ -16542,8 +20137,8 @@ type Error struct { // Code: 400 Bad Request SOAP Fault Code Prefix: Client // // * Code: InvalidPayer Description: All access to this object has been disabled. - // Please contact AWS Support for further assistance. HTTP Status Code: 403 - // Forbidden SOAP Fault Code Prefix: Client + // Please contact Amazon Web Services Support for further assistance. HTTP + // Status Code: 403 Forbidden SOAP Fault Code Prefix: Client // // * Code: InvalidPolicyDocument Description: The content of the form does // not meet the conditions specified in the policy document. HTTP Status @@ -16579,12 +20174,12 @@ type Error struct { // on this bucket. HTTP Status Code: 400 Bad Request Code: N/A // // * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration is - // not supported on this bucket. Contact AWS Support for more information. - // HTTP Status Code: 400 Bad Request Code: N/A + // not supported on this bucket. Contact Amazon Web Services Support for + // more information. HTTP Status Code: 400 Bad Request Code: N/A // // * Code: InvalidRequest Description: Amazon S3 Transfer Acceleration cannot - // be enabled on this bucket. Contact AWS Support for more information. HTTP - // Status Code: 400 Bad Request Code: N/A + // be enabled on this bucket. Contact Amazon Web Services Support for more + // information. HTTP Status Code: 400 Bad Request Code: N/A // // * Code: InvalidSecurity Description: The provided security credentials // are not valid. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: @@ -16692,10 +20287,10 @@ type Error struct { // // * Code: NotSignedUp Description: Your account is not signed up for the // Amazon S3 service. You must sign up before you can use Amazon S3. You - // can sign up at the following URL: https://aws.amazon.com/s3 HTTP Status - // Code: 403 Forbidden SOAP Fault Code Prefix: Client + // can sign up at the following URL: Amazon S3 (http://aws.amazon.com/s3) + // HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client // - // * Code: OperationAborted Description: A conflicting conditional operation + // * Code: OperationAborted Description: A conflicting conditional action // is currently in progress against this resource. Try again. HTTP Status // Code: 409 Conflict SOAP Fault Code Prefix: Client // @@ -16731,14 +20326,14 @@ type Error struct { // Fault Code Prefix: Client // // * Code: SignatureDoesNotMatch Description: The request signature we calculated - // does not match the signature you provided. Check your AWS secret access - // key and signing method. For more information, see REST Authentication + // does not match the signature you provided. Check your Amazon Web Services + // secret access key and signing method. For more information, see REST Authentication // (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) // and SOAP Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/SOAPAuthentication.html) // for details. HTTP Status Code: 403 Forbidden SOAP Fault Code Prefix: Client // - // * Code: ServiceUnavailable Description: Reduce your request rate. HTTP - // Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server + // * Code: ServiceUnavailable Description: Service is unable to handle request. + // HTTP Status Code: 503 Service Unavailable SOAP Fault Code Prefix: Server // // * Code: SlowDown Description: Reduce your request rate. HTTP Status Code: // 503 Slow Down SOAP Fault Code Prefix: Server @@ -16778,15 +20373,25 @@ type Error struct { Message *string `type:"string"` // The version ID of the error. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Error) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Error) GoString() string { return s.String() } @@ -16821,16 +20426,28 @@ type ErrorDocument struct { // The object key name to use when a 4XX class error occurs. // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + // // Key is a required field Key *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ErrorDocument) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ErrorDocument) GoString() string { return s.String() } @@ -16857,22 +20474,55 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument { return s } +// A container for specifying the configuration for Amazon EventBridge. +type EventBridgeConfiguration struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EventBridgeConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EventBridgeConfiguration) GoString() string { + return s.String() +} + // Optional configuration to replicate existing source bucket objects. For more // information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. type ExistingObjectReplication struct { _ struct{} `type:"structure"` + // Specifies whether Amazon S3 replicates existing source bucket objects. + // // Status is a required field Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ExistingObjectReplication) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ExistingObjectReplication) GoString() string { return s.String() } @@ -16896,8 +20546,15 @@ func (s *ExistingObjectReplication) SetStatus(v string) *ExistingObjectReplicati return s } -// Specifies the Amazon S3 object key name to filter on and whether to filter -// on the suffix or prefix of the key name. +// Specifies the Amazon S3 object key name to filter on. An object key name +// is the name assigned to an object in your Amazon S3 bucket. You specify whether +// to filter on the suffix or prefix of the object key name. A prefix is a specific +// string of characters at the beginning of an object key name, which you can +// use to organize objects. For example, you can start the key names of related +// objects with a prefix, such as 2023- or engineering/. Then, you can use FilterRule +// to find objects in a bucket with key names that have the same prefix. A suffix +// is similar to a prefix, but it is at the end of the object key name instead +// of at the beginning. type FilterRule struct { _ struct{} `type:"structure"` @@ -16905,19 +20562,27 @@ type FilterRule struct { // the filtering rule applies. The maximum length is 1,024 characters. Overlapping // prefixes and suffixes are not supported. For more information, see Configuring // Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. Name *string `type:"string" enum:"FilterRuleName"` // The value that the filter searches for in object key names. Value *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FilterRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FilterRule) GoString() string { return s.String() } @@ -16942,18 +20607,37 @@ type GetBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` + + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAccelerateConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAccelerateConfigurationInput) GoString() string { return s.String() } @@ -16993,6 +20677,12 @@ func (s *GetBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *GetBucketAccelerateConfigurationInput) SetRequestPayer(v string) *GetBucketAccelerateConfigurationInput { + s.RequestPayer = &v + return s +} + func (s *GetBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) { if s.Bucket == nil { return nil, fmt.Errorf("member Bucket is nil") @@ -17023,20 +20713,40 @@ func (s GetBucketAccelerateConfigurationInput) updateArnableField(v string) (int type GetBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // The accelerate configuration of the bucket. Status *string `type:"string" enum:"BucketAccelerateStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAccelerateConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAccelerateConfigurationOutput) GoString() string { return s.String() } +// SetRequestCharged sets the RequestCharged field's value. +func (s *GetBucketAccelerateConfigurationOutput) SetRequestCharged(v string) *GetBucketAccelerateConfigurationOutput { + s.RequestCharged = &v + return s +} + // SetStatus sets the Status field's value. func (s *GetBucketAccelerateConfigurationOutput) SetStatus(v string) *GetBucketAccelerateConfigurationOutput { s.Status = &v @@ -17048,21 +20758,38 @@ type GetBucketAclInput struct { // Specifies the S3 bucket whose ACL is being requested. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAclInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAclInput) GoString() string { return s.String() } @@ -17139,12 +20866,20 @@ type GetBucketAclOutput struct { Owner *Owner `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAclOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAclOutput) GoString() string { return s.String() } @@ -17169,9 +20904,9 @@ type GetBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -17180,12 +20915,20 @@ type GetBucketAnalyticsConfigurationInput struct { Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAnalyticsConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAnalyticsConfigurationInput) GoString() string { return s.String() } @@ -17268,12 +21011,20 @@ type GetBucketAnalyticsConfigurationOutput struct { AnalyticsConfiguration *AnalyticsConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAnalyticsConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketAnalyticsConfigurationOutput) GoString() string { return s.String() } @@ -17289,21 +21040,38 @@ type GetBucketCorsInput struct { // The bucket name for which to get the cors configuration. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketCorsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketCorsInput) GoString() string { return s.String() } @@ -17378,12 +21146,20 @@ type GetBucketCorsOutput struct { CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketCorsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketCorsOutput) GoString() string { return s.String() } @@ -17403,18 +21179,26 @@ type GetBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketEncryptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketEncryptionInput) GoString() string { return s.String() } @@ -17488,12 +21272,20 @@ type GetBucketEncryptionOutput struct { ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketEncryptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketEncryptionOutput) GoString() string { return s.String() } @@ -17519,12 +21311,20 @@ type GetBucketIntelligentTieringConfigurationInput struct { Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketIntelligentTieringConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketIntelligentTieringConfigurationInput) GoString() string { return s.String() } @@ -17601,12 +21401,20 @@ type GetBucketIntelligentTieringConfigurationOutput struct { IntelligentTieringConfiguration *IntelligentTieringConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketIntelligentTieringConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketIntelligentTieringConfigurationOutput) GoString() string { return s.String() } @@ -17625,9 +21433,9 @@ type GetBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -17636,12 +21444,20 @@ type GetBucketInventoryConfigurationInput struct { Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketInventoryConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketInventoryConfigurationInput) GoString() string { return s.String() } @@ -17724,12 +21540,20 @@ type GetBucketInventoryConfigurationOutput struct { InventoryConfiguration *InventoryConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketInventoryConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketInventoryConfigurationOutput) GoString() string { return s.String() } @@ -17748,18 +21572,26 @@ type GetBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleConfigurationInput) GoString() string { return s.String() } @@ -17833,12 +21665,20 @@ type GetBucketLifecycleConfigurationOutput struct { Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleConfigurationOutput) GoString() string { return s.String() } @@ -17857,18 +21697,26 @@ type GetBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleInput) GoString() string { return s.String() } @@ -17942,12 +21790,20 @@ type GetBucketLifecycleOutput struct { Rules []*Rule `locationName:"Rule" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLifecycleOutput) GoString() string { return s.String() } @@ -17963,21 +21819,38 @@ type GetBucketLocationInput struct { // The name of the bucket for which to get the location. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLocationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLocationInput) GoString() string { return s.String() } @@ -18053,12 +21926,20 @@ type GetBucketLocationOutput struct { LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLocationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLocationOutput) GoString() string { return s.String() } @@ -18077,18 +21958,26 @@ type GetBucketLoggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLoggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLoggingInput) GoString() string { return s.String() } @@ -18161,16 +22050,24 @@ type GetBucketLoggingOutput struct { // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) - // in the Amazon Simple Storage Service API Reference. + // in the Amazon S3 API Reference. LoggingEnabled *LoggingEnabled `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLoggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketLoggingOutput) GoString() string { return s.String() } @@ -18189,23 +22086,32 @@ type GetBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketMetricsConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketMetricsConfigurationInput) GoString() string { return s.String() } @@ -18288,12 +22194,20 @@ type GetBucketMetricsConfigurationOutput struct { MetricsConfiguration *MetricsConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketMetricsConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketMetricsConfigurationOutput) GoString() string { return s.String() } @@ -18309,21 +22223,38 @@ type GetBucketNotificationConfigurationRequest struct { // The name of the bucket for which to get the notification configuration. // + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. + // + // When you use this API operation with an Object Lambda access point, provide + // the alias of the Object Lambda access point in place of the bucket name. + // If the Object Lambda access point alias in a request is not valid, the error + // code InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketNotificationConfigurationRequest) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketNotificationConfigurationRequest) GoString() string { return s.String() } @@ -18398,18 +22329,26 @@ type GetBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketOwnershipControlsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketOwnershipControlsInput) GoString() string { return s.String() } @@ -18479,17 +22418,25 @@ func (s GetBucketOwnershipControlsInput) updateArnableField(v string) (interface type GetBucketOwnershipControlsOutput struct { _ struct{} `type:"structure" payload:"OwnershipControls"` - // The OwnershipControls (BucketOwnerPreferred or ObjectWriter) currently in - // effect for this Amazon S3 bucket. + // The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) + // currently in effect for this Amazon S3 bucket. OwnershipControls *OwnershipControls `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketOwnershipControlsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketOwnershipControlsOutput) GoString() string { return s.String() } @@ -18503,23 +22450,57 @@ func (s *GetBucketOwnershipControlsOutput) SetOwnershipControls(v *OwnershipCont type GetBucketPolicyInput struct { _ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"` - // The bucket name for which to get the bucket policy. + // The bucket name to get the bucket policy for. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // + // Access points - When you use this API operation with an access point, provide + // the alias of the access point in place of the bucket name. + // + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // Access points and Object Lambda access points are not supported by directory + // buckets. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyInput) GoString() string { return s.String() } @@ -18593,12 +22574,20 @@ type GetBucketPolicyOutput struct { Policy *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyOutput) GoString() string { return s.String() } @@ -18617,18 +22606,26 @@ type GetBucketPolicyStatusInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyStatusInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyStatusInput) GoString() string { return s.String() } @@ -18702,12 +22699,20 @@ type GetBucketPolicyStatusOutput struct { PolicyStatus *PolicyStatus `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyStatusOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketPolicyStatusOutput) GoString() string { return s.String() } @@ -18726,18 +22731,26 @@ type GetBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketReplicationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketReplicationInput) GoString() string { return s.String() } @@ -18812,12 +22825,20 @@ type GetBucketReplicationOutput struct { ReplicationConfiguration *ReplicationConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketReplicationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketReplicationOutput) GoString() string { return s.String() } @@ -18836,18 +22857,26 @@ type GetBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketRequestPaymentInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketRequestPaymentInput) GoString() string { return s.String() } @@ -18921,12 +22950,20 @@ type GetBucketRequestPaymentOutput struct { Payer *string `type:"string" enum:"Payer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketRequestPaymentOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketRequestPaymentOutput) GoString() string { return s.String() } @@ -18945,18 +22982,26 @@ type GetBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketTaggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketTaggingInput) GoString() string { return s.String() } @@ -19032,12 +23077,20 @@ type GetBucketTaggingOutput struct { TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketTaggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketTaggingOutput) GoString() string { return s.String() } @@ -19056,18 +23109,26 @@ type GetBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketVersioningInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketVersioningInput) GoString() string { return s.String() } @@ -19146,12 +23207,20 @@ type GetBucketVersioningOutput struct { Status *string `type:"string" enum:"BucketVersioningStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketVersioningOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketVersioningOutput) GoString() string { return s.String() } @@ -19176,18 +23245,26 @@ type GetBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketWebsiteInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketWebsiteInput) GoString() string { return s.String() } @@ -19271,12 +23348,20 @@ type GetBucketWebsiteOutput struct { RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketWebsiteOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetBucketWebsiteOutput) GoString() string { return s.String() } @@ -19310,19 +23395,21 @@ type GetObjectAclInput struct { // The bucket name that contains the object for which to get the ACL information. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key of the object for which to get the ACL information. @@ -19331,22 +23418,36 @@ type GetObjectAclInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectAclInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectAclInput) GoString() string { return s.String() } @@ -19448,15 +23549,25 @@ type GetObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectAclOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectAclOutput) GoString() string { return s.String() } @@ -19479,48 +23590,561 @@ func (s *GetObjectAclOutput) SetRequestCharged(v string) *GetObjectAclOutput { return s } +type GetObjectAttributesInput struct { + _ struct{} `locationName:"GetObjectAttributesRequest" type:"structure"` + + // The name of the bucket that contains the object. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. + // + // Bucket is a required field + Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` + + // The object key. + // + // Key is a required field + Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` + + // Sets the maximum number of parts to return. + MaxParts *int64 `location:"header" locationName:"x-amz-max-parts" type:"integer"` + + // Specifies the fields at the root level that you want returned in the response. + // Fields that you do not specify are not returned. + // + // ObjectAttributes is a required field + ObjectAttributes []*string `location:"header" locationName:"x-amz-object-attributes" type:"list" required:"true" enum:"ObjectAttributes"` + + // Specifies the part after which listing should begin. Only parts with higher + // part numbers will be listed. + PartNumberMarker *int64 `location:"header" locationName:"x-amz-part-number-marker" type:"integer"` + + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. + SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` + + // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting + // data. This value is used to store the object and then it is discarded; Amazon + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm + // header. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetObjectAttributesInput's + // String and GoString methods. + SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` + + // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. + SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + + // The version ID used to reference a specific version of the object. + // + // S3 Versioning isn't enabled and supported for directory buckets. For this + // API operation, only the null value of the version ID is supported by directory + // buckets. You can only specify null to the versionId query parameter in the + // request. + VersionId *string `location:"querystring" locationName:"versionId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetObjectAttributesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetObjectAttributesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetObjectAttributesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetObjectAttributesInput"} + if s.Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("Bucket")) + } + if s.Bucket != nil && len(*s.Bucket) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Bucket", 1)) + } + if s.Key == nil { + invalidParams.Add(request.NewErrParamRequired("Key")) + } + if s.Key != nil && len(*s.Key) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Key", 1)) + } + if s.ObjectAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("ObjectAttributes")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBucket sets the Bucket field's value. +func (s *GetObjectAttributesInput) SetBucket(v string) *GetObjectAttributesInput { + s.Bucket = &v + return s +} + +func (s *GetObjectAttributesInput) getBucket() (v string) { + if s.Bucket == nil { + return v + } + return *s.Bucket +} + +// SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. +func (s *GetObjectAttributesInput) SetExpectedBucketOwner(v string) *GetObjectAttributesInput { + s.ExpectedBucketOwner = &v + return s +} + +// SetKey sets the Key field's value. +func (s *GetObjectAttributesInput) SetKey(v string) *GetObjectAttributesInput { + s.Key = &v + return s +} + +// SetMaxParts sets the MaxParts field's value. +func (s *GetObjectAttributesInput) SetMaxParts(v int64) *GetObjectAttributesInput { + s.MaxParts = &v + return s +} + +// SetObjectAttributes sets the ObjectAttributes field's value. +func (s *GetObjectAttributesInput) SetObjectAttributes(v []*string) *GetObjectAttributesInput { + s.ObjectAttributes = v + return s +} + +// SetPartNumberMarker sets the PartNumberMarker field's value. +func (s *GetObjectAttributesInput) SetPartNumberMarker(v int64) *GetObjectAttributesInput { + s.PartNumberMarker = &v + return s +} + +// SetRequestPayer sets the RequestPayer field's value. +func (s *GetObjectAttributesInput) SetRequestPayer(v string) *GetObjectAttributesInput { + s.RequestPayer = &v + return s +} + +// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value. +func (s *GetObjectAttributesInput) SetSSECustomerAlgorithm(v string) *GetObjectAttributesInput { + s.SSECustomerAlgorithm = &v + return s +} + +// SetSSECustomerKey sets the SSECustomerKey field's value. +func (s *GetObjectAttributesInput) SetSSECustomerKey(v string) *GetObjectAttributesInput { + s.SSECustomerKey = &v + return s +} + +func (s *GetObjectAttributesInput) getSSECustomerKey() (v string) { + if s.SSECustomerKey == nil { + return v + } + return *s.SSECustomerKey +} + +// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value. +func (s *GetObjectAttributesInput) SetSSECustomerKeyMD5(v string) *GetObjectAttributesInput { + s.SSECustomerKeyMD5 = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *GetObjectAttributesInput) SetVersionId(v string) *GetObjectAttributesInput { + s.VersionId = &v + return s +} + +func (s *GetObjectAttributesInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectAttributesInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + +// updateArnableField updates the value of the input field that +// takes an ARN as an input. This method is useful to backfill +// the parsed resource name from ARN into the input member. +// It returns a pointer to a modified copy of input and an error. +// Note that original input is not modified. +func (s GetObjectAttributesInput) updateArnableField(v string) (interface{}, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + s.Bucket = aws.String(v) + return &s, nil +} + +type GetObjectAttributesOutput struct { + _ struct{} `type:"structure"` + + // The checksum or digest of the object. + Checksum *Checksum `type:"structure"` + + // Specifies whether the object retrieved was (true) or was not (false) a delete + // marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. + DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` + + // An ETag is an opaque identifier assigned by a web server to a specific version + // of a resource found at a URL. + ETag *string `type:"string"` + + // The creation date of the object. + LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` + + // A collection of parts associated with a multipart upload. + ObjectParts *GetObjectAttributesParts `type:"structure"` + + // The size of the object in bytes. + ObjectSize *int64 `type:"long"` + + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + + // Provides the storage class information of the object. Amazon S3 returns this + // header for all objects except for S3 Standard storage class objects. + // + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. + StorageClass *string `type:"string" enum:"StorageClass"` + + // The version ID of the object. + // + // This functionality is not supported for directory buckets. + VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetObjectAttributesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetObjectAttributesOutput) GoString() string { + return s.String() +} + +// SetChecksum sets the Checksum field's value. +func (s *GetObjectAttributesOutput) SetChecksum(v *Checksum) *GetObjectAttributesOutput { + s.Checksum = v + return s +} + +// SetDeleteMarker sets the DeleteMarker field's value. +func (s *GetObjectAttributesOutput) SetDeleteMarker(v bool) *GetObjectAttributesOutput { + s.DeleteMarker = &v + return s +} + +// SetETag sets the ETag field's value. +func (s *GetObjectAttributesOutput) SetETag(v string) *GetObjectAttributesOutput { + s.ETag = &v + return s +} + +// SetLastModified sets the LastModified field's value. +func (s *GetObjectAttributesOutput) SetLastModified(v time.Time) *GetObjectAttributesOutput { + s.LastModified = &v + return s +} + +// SetObjectParts sets the ObjectParts field's value. +func (s *GetObjectAttributesOutput) SetObjectParts(v *GetObjectAttributesParts) *GetObjectAttributesOutput { + s.ObjectParts = v + return s +} + +// SetObjectSize sets the ObjectSize field's value. +func (s *GetObjectAttributesOutput) SetObjectSize(v int64) *GetObjectAttributesOutput { + s.ObjectSize = &v + return s +} + +// SetRequestCharged sets the RequestCharged field's value. +func (s *GetObjectAttributesOutput) SetRequestCharged(v string) *GetObjectAttributesOutput { + s.RequestCharged = &v + return s +} + +// SetStorageClass sets the StorageClass field's value. +func (s *GetObjectAttributesOutput) SetStorageClass(v string) *GetObjectAttributesOutput { + s.StorageClass = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *GetObjectAttributesOutput) SetVersionId(v string) *GetObjectAttributesOutput { + s.VersionId = &v + return s +} + +// A collection of parts associated with a multipart upload. +type GetObjectAttributesParts struct { + _ struct{} `type:"structure"` + + // Indicates whether the returned list of parts is truncated. A value of true + // indicates that the list was truncated. A list can be truncated if the number + // of parts exceeds the limit returned in the MaxParts element. + IsTruncated *bool `type:"boolean"` + + // The maximum number of parts allowed in the response. + MaxParts *int64 `type:"integer"` + + // When a list is truncated, this element specifies the last part in the list, + // as well as the value to use for the PartNumberMarker request parameter in + // a subsequent request. + NextPartNumberMarker *int64 `type:"integer"` + + // The marker for the current part. + PartNumberMarker *int64 `type:"integer"` + + // A container for elements related to a particular part. A response can contain + // zero or more Parts elements. + // + // * General purpose buckets - For GetObjectAttributes, if a additional checksum + // (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) isn't applied to the object specified in the + // request, the response doesn't return Part. + // + // * Directory buckets - For GetObjectAttributes, no matter whether a additional + // checksum is applied to the object specified in the request, the response + // returns Part. + Parts []*ObjectPart `locationName:"Part" type:"list" flattened:"true"` + + // The total number of parts. + TotalPartsCount *int64 `locationName:"PartsCount" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetObjectAttributesParts) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetObjectAttributesParts) GoString() string { + return s.String() +} + +// SetIsTruncated sets the IsTruncated field's value. +func (s *GetObjectAttributesParts) SetIsTruncated(v bool) *GetObjectAttributesParts { + s.IsTruncated = &v + return s +} + +// SetMaxParts sets the MaxParts field's value. +func (s *GetObjectAttributesParts) SetMaxParts(v int64) *GetObjectAttributesParts { + s.MaxParts = &v + return s +} + +// SetNextPartNumberMarker sets the NextPartNumberMarker field's value. +func (s *GetObjectAttributesParts) SetNextPartNumberMarker(v int64) *GetObjectAttributesParts { + s.NextPartNumberMarker = &v + return s +} + +// SetPartNumberMarker sets the PartNumberMarker field's value. +func (s *GetObjectAttributesParts) SetPartNumberMarker(v int64) *GetObjectAttributesParts { + s.PartNumberMarker = &v + return s +} + +// SetParts sets the Parts field's value. +func (s *GetObjectAttributesParts) SetParts(v []*ObjectPart) *GetObjectAttributesParts { + s.Parts = v + return s +} + +// SetTotalPartsCount sets the TotalPartsCount field's value. +func (s *GetObjectAttributesParts) SetTotalPartsCount(v int64) *GetObjectAttributesParts { + s.TotalPartsCount = &v + return s +} + type GetObjectInput struct { _ struct{} `locationName:"GetObjectRequest" type:"structure"` // The bucket name containing the object. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Object Lambda access points - When you use this action with an Object Lambda + // access point, you must direct requests to the Object Lambda access point + // hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // To retrieve the checksum, this mode must be enabled. + // + // The AWS SDK for Go v1 does not support automatic response payload checksum + // validation. This feature is available in the AWS SDK for Go v2. + ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Return the object only if its entity tag (ETag) is the same as the one specified, - // otherwise return a 412 (precondition failed). + // Return the object only if its entity tag (ETag) is the same as the one specified + // in this header; otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` - // Return the object only if it has been modified since the specified time, - // otherwise return a 304 (not modified). + // Return the object only if it has been modified since the specified time; + // otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified status code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one - // specified, otherwise return a 304 (not modified). + // specified in this header; otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified HTTP status + // code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` - // Return the object only if it has not been modified since the specified time, - // otherwise return a 412 (precondition failed). + // Return the object only if it has not been modified since the specified time; + // otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // Key of the object to get. @@ -19533,24 +24157,28 @@ type GetObjectInput struct { // Useful for downloading just a part of an object. PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` - // Downloads the specified range bytes of an object. For more information about - // the HTTP Range header, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35 - // (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35). + // Downloads the specified byte range of an object. For more information about + // the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range + // (https://www.rfc-editor.org/rfc/rfc9110.html#name-range). // // Amazon S3 doesn't support retrieving multiple ranges of data per GET request. Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Sets the Cache-Control header of the response. ResponseCacheControl *string `location:"querystring" locationName:"response-cache-control" type:"string"` - // Sets the Content-Disposition header of the response + // Sets the Content-Disposition header of the response. ResponseContentDisposition *string `location:"querystring" locationName:"response-content-disposition" type:"string"` // Sets the Content-Encoding header of the response. @@ -19563,34 +24191,111 @@ type GetObjectInput struct { ResponseContentType *string `location:"querystring" locationName:"response-content-type" type:"string"` // Sets the Expires header of the response. - ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp"` + ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when decrypting the object (for example, AES256). + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` - // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting - // data. This value is used to store the object and then it is discarded; Amazon - // S3 does not store the encryption key. The key must be appropriate for use - // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - // header. + // Specifies the customer-provided encryption key that you originally provided + // for Amazon S3 to encrypt the data before storing it. This value is used to + // decrypt the object when recovering it and must match the one used when storing + // the data. The key must be appropriate for use with the algorithm specified + // in the x-amz-server-side-encryption-customer-algorithm header. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetObjectInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // By default, the GetObject operation returns the current version of an object. + // To return a different version, use the versionId subresource. + // + // * If you include a versionId in your request header, you must have the + // s3:GetObjectVersion permission to access a specific version of an object. + // The s3:GetObject permission is not required in this scenario. + // + // * If you request the current version of an object without a specific versionId + // in the request header, only the s3:GetObject permission is required. The + // s3:GetObjectVersion permission is not required in this scenario. + // + // * Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. For this API operation, only the null value of the version ID + // is supported by directory buckets. You can only specify null to the versionId + // query parameter in the request. + // + // For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectInput) GoString() string { return s.String() } @@ -19630,6 +24335,12 @@ func (s *GetObjectInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumMode sets the ChecksumMode field's value. +func (s *GetObjectInput) SetChecksumMode(v string) *GetObjectInput { + s.ChecksumMode = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *GetObjectInput) SetExpectedBucketOwner(v string) *GetObjectInput { s.ExpectedBucketOwner = &v @@ -19781,46 +24492,60 @@ func (s GetObjectInput) updateArnableField(v string) (interface{}, error) { type GetObjectLegalHoldInput struct { _ struct{} `locationName:"GetObjectLegalHoldRequest" type:"structure"` - // The bucket name containing the object whose Legal Hold status you want to + // The bucket name containing the object whose legal hold status you want to // retrieve. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The key name for the object whose Legal Hold status you want to retrieve. + // The key name for the object whose legal hold status you want to retrieve. // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // The version ID of the object whose Legal Hold status you want to retrieve. + // The version ID of the object whose legal hold status you want to retrieve. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLegalHoldInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLegalHoldInput) GoString() string { return s.String() } @@ -19914,16 +24639,24 @@ func (s GetObjectLegalHoldInput) updateArnableField(v string) (interface{}, erro type GetObjectLegalHoldOutput struct { _ struct{} `type:"structure" payload:"LegalHold"` - // The current Legal Hold status for the specified object. - LegalHold *ObjectLockLegalHold `type:"structure"` + // The current legal hold status for the specified object. + LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLegalHoldOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLegalHoldOutput) GoString() string { return s.String() } @@ -19939,28 +24672,38 @@ type GetObjectLockConfigurationInput struct { // The bucket whose Object Lock configuration you want to retrieve. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLockConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLockConfigurationInput) GoString() string { return s.String() } @@ -20034,12 +24777,20 @@ type GetObjectLockConfigurationOutput struct { ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLockConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectLockConfigurationOutput) GoString() string { return s.String() } @@ -20053,23 +24804,49 @@ func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectL type GetObjectOutput struct { _ struct{} `type:"structure" payload:"Body"` - // Indicates that a range of bytes was specified. + // Indicates that a range of bytes was specified in the request. AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // Object data. Body io.ReadCloser `type:"blob"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with AWS KMS (SSE-KMS). + // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` + // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -20086,24 +24863,40 @@ type GetObjectOutput struct { // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies whether the object retrieved was (true) or was not (false) a Delete + // Indicates whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // * If the current version of the object is a delete marker, Amazon S3 behaves + // as if the object was deleted and includes x-amz-delete-marker: true in + // the response. + // + // * If the specified version in the request is a delete marker, the response + // returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` - // An ETag is an opaque identifier assigned by a web server to a specific version - // of a resource found at a URL. + // An entity tag (ETag) is an opaque identifier assigned by a web server to + // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL - // encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Last modified date of the object + // Date and time when the object was last modified. + // + // General purpose buckets - When you specify a versionId of the object in your + // request, if the specified version in the request is a delete marker, the + // response returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -20113,78 +24906,128 @@ type GetObjectOutput struct { // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase. Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` - // This is set to the number of metadata entries not returned in x-amz-meta - // headers. This can happen if you create metadata using an API like SOAP that - // supports more flexible metadata than the REST API. For example, using SOAP, - // you can create metadata whose values are not legal HTTP headers. + // This is set to the number of metadata entries not returned in the headers + // that are prefixed with x-amz-meta-. This can happen if you create metadata + // using an API like SOAP that supports more flexible metadata than the REST + // API. For example, using SOAP, you can create metadata whose values are not + // legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Indicates whether this object has an active legal hold. This field is only // returned if you have permission to view an object's legal hold status. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode currently in place for this object. + // The Object Lock mode that's currently in place for this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when this object's Object Lock will expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` - // The count of parts this object has. + // The count of parts this object has. This value is only returned if you specify + // partNumber in your request and the object was uploaded as a multipart upload. PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"` // Amazon S3 can return this if your request involves a bucket that is either // a source or destination in a replication rule. + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // Provides information about object restoration operation and expiration time + // Provides information about object restoration action and expiration time // of the restored object copy. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) that was used for the - // object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetObjectOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The number of tags, if any, on the object. + // The number of tags, if any, on the object, when you have the relevant permission + // to read object tags. + // + // You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) + // to retrieve the tag set associated with an object. + // + // This functionality is not supported for directory buckets. TagCount *int64 `location:"header" locationName:"x-amz-tagging-count" type:"integer"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectOutput) GoString() string { return s.String() } @@ -20213,6 +25056,30 @@ func (s *GetObjectOutput) SetCacheControl(v string) *GetObjectOutput { return s } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *GetObjectOutput) SetChecksumCRC32(v string) *GetObjectOutput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *GetObjectOutput) SetChecksumCRC32C(v string) *GetObjectOutput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *GetObjectOutput) SetChecksumSHA1(v string) *GetObjectOutput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *GetObjectOutput) SetChecksumSHA256(v string) *GetObjectOutput { + s.ChecksumSHA256 = &v + return s +} + // SetContentDisposition sets the ContentDisposition field's value. func (s *GetObjectOutput) SetContentDisposition(v string) *GetObjectOutput { s.ContentDisposition = &v @@ -20387,19 +25254,21 @@ type GetObjectRetentionInput struct { // The bucket name containing the object whose retention settings you want to // retrieve. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object whose retention settings you want to retrieve. @@ -20408,22 +25277,34 @@ type GetObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID for the object whose retention settings you want to retrieve. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectRetentionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectRetentionInput) GoString() string { return s.String() } @@ -20518,15 +25399,23 @@ type GetObjectRetentionOutput struct { _ struct{} `type:"structure" payload:"Retention"` // The container element for an object's retention settings. - Retention *ObjectLockRetention `type:"structure"` + Retention *ObjectLockRetention `locationName:"Retention" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectRetentionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectRetentionOutput) GoString() string { return s.String() } @@ -20542,27 +25431,30 @@ type GetObjectTaggingInput struct { // The bucket name containing the object for which to get the tagging information. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which to get the tagging information. @@ -20570,16 +25462,35 @@ type GetObjectTaggingInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // The versionId of the object for which to get the tagging information. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTaggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTaggingInput) GoString() string { return s.String() } @@ -20631,6 +25542,12 @@ func (s *GetObjectTaggingInput) SetKey(v string) *GetObjectTaggingInput { return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *GetObjectTaggingInput) SetRequestPayer(v string) *GetObjectTaggingInput { + s.RequestPayer = &v + return s +} + // SetVersionId sets the VersionId field's value. func (s *GetObjectTaggingInput) SetVersionId(v string) *GetObjectTaggingInput { s.VersionId = &v @@ -20676,12 +25593,20 @@ type GetObjectTaggingOutput struct { VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTaggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTaggingOutput) GoString() string { return s.String() } @@ -20707,9 +25632,9 @@ type GetObjectTorrentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The object key for which to get the information. @@ -20718,19 +25643,31 @@ type GetObjectTorrentInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTorrentInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTorrentInput) GoString() string { return s.String() } @@ -20823,15 +25760,25 @@ type GetObjectTorrentOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTorrentOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetObjectTorrentOutput) GoString() string { return s.String() } @@ -20857,18 +25804,26 @@ type GetPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicAccessBlockInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicAccessBlockInput) GoString() string { return s.String() } @@ -20943,12 +25898,20 @@ type GetPublicAccessBlockOutput struct { PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicAccessBlockOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetPublicAccessBlockOutput) GoString() string { return s.String() } @@ -20969,12 +25932,20 @@ type GlacierJobParameters struct { Tier *string `type:"string" required:"true" enum:"Tier"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GlacierJobParameters) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GlacierJobParameters) GoString() string { return s.String() } @@ -21009,12 +25980,20 @@ type Grant struct { Permission *string `type:"string" enum:"Permission"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Grant) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Grant) GoString() string { return s.String() } @@ -21056,7 +26035,7 @@ type Grantee struct { // Email address of the grantee. // // Using email addresses to specify a grantee is only supported in the following - // AWS Regions: + // Amazon Web Services Regions: // // * US East (N. Virginia) // @@ -21076,7 +26055,7 @@ type Grantee struct { // // For a list of all the Amazon S3 supported Regions and endpoints, see Regions // and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. EmailAddress *string `type:"string"` // The canonical user ID of the grantee. @@ -21091,12 +26070,20 @@ type Grantee struct { URI *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Grantee) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Grantee) GoString() string { return s.String() } @@ -21149,36 +26136,65 @@ type HeadBucketInput struct { // The bucket name. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadBucketInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadBucketInput) GoString() string { return s.String() } @@ -21247,60 +26263,181 @@ func (s HeadBucketInput) updateArnableField(v string) (interface{}, error) { type HeadBucketOutput struct { _ struct{} `type:"structure"` + + // Indicates whether the bucket name used in the request is an access point + // alias. + // + // This functionality is not supported for directory buckets. + AccessPointAlias *bool `location:"header" locationName:"x-amz-access-point-alias" type:"boolean"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the AZ ID of the Availability Zone where the bucket + // is created. An example AZ ID value is usw2-az1. + // + // This functionality is only supported by directory buckets. + BucketLocationName *string `location:"header" locationName:"x-amz-bucket-location-name" type:"string"` + + // The type of location where the bucket is created. + // + // This functionality is only supported by directory buckets. + BucketLocationType *string `location:"header" locationName:"x-amz-bucket-location-type" type:"string" enum:"LocationType"` + + // The Region that the bucket is located. + // + // This functionality is not supported for directory buckets. + BucketRegion *string `location:"header" locationName:"x-amz-bucket-region" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadBucketOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadBucketOutput) GoString() string { return s.String() } +// SetAccessPointAlias sets the AccessPointAlias field's value. +func (s *HeadBucketOutput) SetAccessPointAlias(v bool) *HeadBucketOutput { + s.AccessPointAlias = &v + return s +} + +// SetBucketLocationName sets the BucketLocationName field's value. +func (s *HeadBucketOutput) SetBucketLocationName(v string) *HeadBucketOutput { + s.BucketLocationName = &v + return s +} + +// SetBucketLocationType sets the BucketLocationType field's value. +func (s *HeadBucketOutput) SetBucketLocationType(v string) *HeadBucketOutput { + s.BucketLocationType = &v + return s +} + +// SetBucketRegion sets the BucketRegion field's value. +func (s *HeadBucketOutput) SetBucketRegion(v string) *HeadBucketOutput { + s.BucketRegion = &v + return s +} + type HeadObjectInput struct { _ struct{} `locationName:"HeadObjectRequest" type:"structure"` - // The name of the bucket containing the object. - // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // The name of the bucket that contains the object. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // To retrieve the checksum, this parameter must be enabled. + // + // In addition, if you enable ChecksumMode and the object is encrypted with + // Amazon Web Services Key Management Service (Amazon Web Services KMS), you + // must have permission to use the kms:Decrypt action for the request to succeed. + ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Return the object only if its entity tag (ETag) is the same as the one specified, - // otherwise return a 412 (precondition failed). + // Return the object only if its entity tag (ETag) is the same as the one specified; + // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` - // Return the object only if it has been modified since the specified time, - // otherwise return a 304 (not modified). + // Return the object only if it has been modified since the specified time; + // otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one - // specified, otherwise return a 304 (not modified). + // specified; otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` - // Return the object only if it has not been modified since the specified time, - // otherwise return a 412 (precondition failed). + // Return the object only if it has not been modified since the specified time; + // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // The object key. @@ -21314,22 +26451,43 @@ type HeadObjectInput struct { // object. PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` - // Downloads the specified range bytes of an object. For more information about - // the HTTP Range header, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35). - // - // Amazon S3 doesn't support retrieving multiple ranges of data per GET request. + // HeadObject returns only the metadata for an object. If the Range is satisfiable, + // only the ContentLength is affected in the response. If the Range is not satisfiable, + // S3 returns a 416 - Requested Range Not Satisfiable error. Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Sets the Cache-Control header of the response. + ResponseCacheControl *string `location:"querystring" locationName:"response-cache-control" type:"string"` + + // Sets the Content-Disposition header of the response. + ResponseContentDisposition *string `location:"querystring" locationName:"response-content-disposition" type:"string"` + + // Sets the Content-Encoding header of the response. + ResponseContentEncoding *string `location:"querystring" locationName:"response-content-encoding" type:"string"` + + // Sets the Content-Language header of the response. + ResponseContentLanguage *string `location:"querystring" locationName:"response-content-language" type:"string"` + + // Sets the Content-Type header of the response. + ResponseContentType *string `location:"querystring" locationName:"response-content-type" type:"string"` + + // Sets the Expires header of the response. + ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"` + + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -21337,23 +26495,42 @@ type HeadObjectInput struct { // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by HeadObjectInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadObjectInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadObjectInput) GoString() string { return s.String() } @@ -21393,6 +26570,12 @@ func (s *HeadObjectInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumMode sets the ChecksumMode field's value. +func (s *HeadObjectInput) SetChecksumMode(v string) *HeadObjectInput { + s.ChecksumMode = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *HeadObjectInput) SetExpectedBucketOwner(v string) *HeadObjectInput { s.ExpectedBucketOwner = &v @@ -21447,6 +26630,42 @@ func (s *HeadObjectInput) SetRequestPayer(v string) *HeadObjectInput { return s } +// SetResponseCacheControl sets the ResponseCacheControl field's value. +func (s *HeadObjectInput) SetResponseCacheControl(v string) *HeadObjectInput { + s.ResponseCacheControl = &v + return s +} + +// SetResponseContentDisposition sets the ResponseContentDisposition field's value. +func (s *HeadObjectInput) SetResponseContentDisposition(v string) *HeadObjectInput { + s.ResponseContentDisposition = &v + return s +} + +// SetResponseContentEncoding sets the ResponseContentEncoding field's value. +func (s *HeadObjectInput) SetResponseContentEncoding(v string) *HeadObjectInput { + s.ResponseContentEncoding = &v + return s +} + +// SetResponseContentLanguage sets the ResponseContentLanguage field's value. +func (s *HeadObjectInput) SetResponseContentLanguage(v string) *HeadObjectInput { + s.ResponseContentLanguage = &v + return s +} + +// SetResponseContentType sets the ResponseContentType field's value. +func (s *HeadObjectInput) SetResponseContentType(v string) *HeadObjectInput { + s.ResponseContentType = &v + return s +} + +// SetResponseExpires sets the ResponseExpires field's value. +func (s *HeadObjectInput) SetResponseExpires(v time.Time) *HeadObjectInput { + s.ResponseExpires = &v + return s +} + // SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value. func (s *HeadObjectInput) SetSSECustomerAlgorithm(v string) *HeadObjectInput { s.SSECustomerAlgorithm = &v @@ -21512,19 +26731,63 @@ type HeadObjectOutput struct { AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // The archive state of the head object. + // + // This functionality is not supported for directory buckets. ArchiveStatus *string `location:"header" locationName:"x-amz-archive-status" type:"string" enum:"ArchiveStatus"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with AWS KMS (SSE-KMS). + // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` + // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -21540,22 +26803,27 @@ type HeadObjectOutput struct { // Specifies whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` - // An ETag is an opaque identifier assigned by a web server to a specific version - // of a resource found at a URL. + // An entity tag (ETag) is an opaque identifier assigned by a web server to + // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL - // encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Last modified date of the object + // Date and time when the object was last modified. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -21569,6 +26837,8 @@ type HeadObjectOutput struct { // headers. This can happen if you create metadata using an API like SOAP that // supports more flexible metadata than the REST API. For example, using SOAP, // you can create metadata whose values are not legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Specifies whether a legal hold is in effect for this object. This header @@ -21576,18 +26846,25 @@ type HeadObjectOutput struct { // This header is not returned if the specified version of this object has never // had a legal hold applied. For more information about S3 Object Lock, see // Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode, if any, that's in effect for this object. This header // is only returned if the requester has the s3:GetObjectRetention permission. // For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when the Object Lock retention period expires. This header // is only returned if the requester has the s3:GetObjectRetention permission. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` - // The count of parts this object has. + // The count of parts this object has. This value is only returned if you specify + // partNumber in your request and the object was uploaded as a multipart upload. PartsCount *int64 `location:"header" locationName:"x-amz-mp-parts-count" type:"integer"` // Amazon S3 can return this header if your request involves a bucket that is @@ -21599,7 +26876,7 @@ type HeadObjectOutput struct { // these buckets, Amazon S3 will return the x-amz-replication-status header // in the response as follows: // - // * If requesting an object from the source bucket — Amazon S3 will return + // * If requesting an object from the source bucket, Amazon S3 will return // the x-amz-replication-status header if the object in your request is eligible // for replication. For example, suppose that in your replication configuration, // you specify object prefix TaxDocs requesting Amazon S3 to replicate objects @@ -21609,12 +26886,12 @@ type HeadObjectOutput struct { // header with value PENDING, COMPLETED or FAILED indicating object replication // status. // - // * If requesting an object from a destination bucket — Amazon S3 will - // return the x-amz-replication-status header with value REPLICA if the object - // in your request is a replica that Amazon S3 created and there is no replica + // * If requesting an object from a destination bucket, Amazon S3 will return + // the x-amz-replication-status header with value REPLICA if the object in + // your request is a replica that Amazon S3 created and there is no replica // modification replication in progress. // - // * When replicating objects to multiple destination buckets the x-amz-replication-status + // * When replicating objects to multiple destination buckets, the x-amz-replication-status // header acts differently. The header of the source object will only return // a value of COMPLETED when replication is successful to all destinations. // The header will remain at value PENDING until replication has completed @@ -21622,10 +26899,14 @@ type HeadObjectOutput struct { // header will return FAILED. // // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If the object is an archived object (an object whose storage class is GLACIER), @@ -21636,57 +26917,85 @@ type HeadObjectOutput struct { // If an archive copy is already restored, the header value indicates when Amazon // S3 is scheduled to delete the object copy. For example: // - // x-amz-restore: ongoing-request="false", expiry-date="Fri, 23 Dec 2012 00:00:00 + // x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec 2012 00:00:00 // GMT" // // If the object restoration is in progress, the header returns the value ongoing-request="true". // // For more information about archiving objects, see Transitioning Objects: // General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) that was used for the - // object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by HeadObjectOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If the object is stored using server-side encryption either with an AWS KMS - // customer master key (CMK) or an Amazon S3-managed encryption key, the response - // includes this header with the value of the server-side encryption algorithm - // used when storing this object in Amazon S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. // // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadObjectOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s HeadObjectOutput) GoString() string { return s.String() } @@ -21715,6 +27024,30 @@ func (s *HeadObjectOutput) SetCacheControl(v string) *HeadObjectOutput { return s } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *HeadObjectOutput) SetChecksumCRC32(v string) *HeadObjectOutput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *HeadObjectOutput) SetChecksumCRC32C(v string) *HeadObjectOutput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *HeadObjectOutput) SetChecksumSHA1(v string) *HeadObjectOutput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *HeadObjectOutput) SetChecksumSHA256(v string) *HeadObjectOutput { + s.ChecksumSHA256 = &v + return s +} + // SetContentDisposition sets the ContentDisposition field's value. func (s *HeadObjectOutput) SetContentDisposition(v string) *HeadObjectOutput { s.ContentDisposition = &v @@ -21876,21 +27209,33 @@ type IndexDocument struct { _ struct{} `type:"structure"` // A suffix that is appended to a request that is for a directory on the website - // endpoint (for example,if the suffix is index.html and you make a request - // to samplebucket/images/ the data that is returned will be for the object - // with the key name images/index.html) The suffix must not be empty and must + // endpoint. (For example, if the suffix is index.html and you make a request + // to samplebucket/images/, the data that is returned will be for the object + // with the key name images/index.html.) The suffix must not be empty and must // not include a slash character. // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + // // Suffix is a required field Suffix *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IndexDocument) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IndexDocument) GoString() string { return s.String() } @@ -21919,19 +27264,33 @@ type Initiator struct { _ struct{} `type:"structure"` // Name of the Principal. + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` - // If the principal is an AWS account, it provides the Canonical User ID. If - // the principal is an IAM User, it provides a user ARN value. + // If the principal is an Amazon Web Services account, it provides the Canonical + // User ID. If the principal is an IAM User, it provides a user ARN value. + // + // Directory buckets - If the principal is an Amazon Web Services account, it + // provides the Amazon Web Services account ID. If the principal is an IAM User, + // it provides a user ARN value. ID *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Initiator) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Initiator) GoString() string { return s.String() } @@ -21966,12 +27325,20 @@ type InputSerialization struct { Parquet *ParquetInput `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InputSerialization) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InputSerialization) GoString() string { return s.String() } @@ -22014,12 +27381,20 @@ type IntelligentTieringAndOperator struct { Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IntelligentTieringAndOperator) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IntelligentTieringAndOperator) GoString() string { return s.String() } @@ -22084,12 +27459,20 @@ type IntelligentTieringConfiguration struct { Tierings []*Tiering `locationName:"Tiering" type:"list" flattened:"true" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IntelligentTieringConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IntelligentTieringConfiguration) GoString() string { return s.String() } @@ -22164,18 +27547,30 @@ type IntelligentTieringFilter struct { // An object key name prefix that identifies the subset of objects to which // the rule applies. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). Prefix *string `type:"string"` // A container of a key value name pair. Tag *Tag `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IntelligentTieringFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s IntelligentTieringFilter) GoString() string { return s.String() } @@ -22220,7 +27615,7 @@ func (s *IntelligentTieringFilter) SetTag(v *Tag) *IntelligentTieringFilter { // Specifies the inventory configuration for an Amazon S3 bucket. For more information, // see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type InventoryConfiguration struct { _ struct{} `type:"structure"` @@ -22253,7 +27648,7 @@ type InventoryConfiguration struct { IsEnabled *bool `type:"boolean" required:"true"` // Contains the optional fields that are included in the inventory results. - OptionalFields []*string `locationNameList:"Field" type:"list"` + OptionalFields []*string `locationNameList:"Field" type:"list" enum:"InventoryOptionalField"` // Specifies the schedule for generating inventory results. // @@ -22261,12 +27656,20 @@ type InventoryConfiguration struct { Schedule *InventorySchedule `type:"structure" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryConfiguration) GoString() string { return s.String() } @@ -22364,12 +27767,20 @@ type InventoryDestination struct { S3BucketDestination *InventoryS3BucketDestination `type:"structure" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryDestination) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryDestination) GoString() string { return s.String() } @@ -22410,12 +27821,20 @@ type InventoryEncryption struct { SSES3 *SSES3 `locationName:"SSE-S3" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryEncryption) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryEncryption) GoString() string { return s.String() } @@ -22458,12 +27877,20 @@ type InventoryFilter struct { Prefix *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryFilter) GoString() string { return s.String() } @@ -22518,12 +27945,20 @@ type InventoryS3BucketDestination struct { Prefix *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryS3BucketDestination) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventoryS3BucketDestination) GoString() string { return s.String() } @@ -22596,12 +28031,20 @@ type InventorySchedule struct { Frequency *string `type:"string" required:"true" enum:"InventoryFrequency"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventorySchedule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s InventorySchedule) GoString() string { return s.String() } @@ -22633,12 +28076,20 @@ type JSONInput struct { Type *string `type:"string" enum:"JSONType"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s JSONInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s JSONInput) GoString() string { return s.String() } @@ -22658,12 +28109,20 @@ type JSONOutput struct { RecordDelimiter *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s JSONOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s JSONOutput) GoString() string { return s.String() } @@ -22683,12 +28142,20 @@ type KeyFilter struct { FilterRules []*FilterRule `locationName:"FilterRule" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s KeyFilter) GoString() string { return s.String() } @@ -22699,39 +28166,48 @@ func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter { return s } -// A container for specifying the configuration for AWS Lambda notifications. +// A container for specifying the configuration for Lambda notifications. type LambdaFunctionConfiguration struct { _ struct{} `type:"structure"` - // The Amazon S3 bucket event for which to invoke the AWS Lambda function. For - // more information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) - // in the Amazon Simple Storage Service Developer Guide. + // The Amazon S3 bucket event for which to invoke the Lambda function. For more + // information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // in the Amazon S3 User Guide. // // Events is a required field - Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` + Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) - // in the Amazon Simple Storage Service Developer Guide. + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) + // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` // An optional unique identifier for configurations in a notification configuration. // If you don't provide one, Amazon S3 will assign an ID. Id *string `type:"string"` - // The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3 - // invokes when the specified event type occurs. + // The Amazon Resource Name (ARN) of the Lambda function that Amazon S3 invokes + // when the specified event type occurs. // // LambdaFunctionArn is a required field LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LambdaFunctionConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LambdaFunctionConfiguration) GoString() string { return s.String() } @@ -22777,6 +28253,9 @@ func (s *LambdaFunctionConfiguration) SetLambdaFunctionArn(v string) *LambdaFunc } // Container for lifecycle rules. You can add as many as 1000 rules. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleConfiguration struct { _ struct{} `type:"structure"` @@ -22786,12 +28265,20 @@ type LifecycleConfiguration struct { Rules []*Rule `locationName:"Rule" type:"list" flattened:"true" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleConfiguration) GoString() string { return s.String() } @@ -22826,11 +28313,14 @@ func (s *LifecycleConfiguration) SetRules(v []*Rule) *LifecycleConfiguration { } // Container for the expiration for the lifecycle of the object. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleExpiration struct { _ struct{} `type:"structure"` - // Indicates at what date the object is to be moved or deleted. Should be in - // GMT ISO 8601 Format. + // Indicates at what date the object is to be moved or deleted. The date value + // must conform to the ISO 8601 format. The time is always midnight UTC. Date *time.Time `type:"timestamp" timestampFormat:"iso8601"` // Indicates the lifetime, in days, of the objects that are subject to the rule. @@ -22844,12 +28334,20 @@ type LifecycleExpiration struct { ExpiredObjectDeleteMarker *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleExpiration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleExpiration) GoString() string { return s.String() } @@ -22873,14 +28371,17 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp } // A lifecycle rule for individual objects in an Amazon S3 bucket. +// +// For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// in the Amazon S3 User Guide. type LifecycleRule struct { _ struct{} `type:"structure"` // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) - // in the Amazon Simple Storage Service Developer Guide. + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon S3 User Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` // Specifies the expiration for the lifecycle of the object in the form of date, @@ -22888,7 +28389,8 @@ type LifecycleRule struct { Expiration *LifecycleExpiration `type:"structure"` // The Filter is used to identify objects that a Lifecycle Rule applies to. - // A Filter must have exactly one of Prefix, Tag, or And specified. + // A Filter must have exactly one of Prefix, Tag, or And specified. Filter is + // required if the LifecycleRule does not contain a Prefix element. Filter *LifecycleRuleFilter `type:"structure"` // Unique identifier for the rule. The value cannot be longer than 255 characters. @@ -22909,7 +28411,11 @@ type LifecycleRule struct { NoncurrentVersionTransitions []*NoncurrentVersionTransition `locationName:"NoncurrentVersionTransition" type:"list" flattened:"true"` // Prefix identifying one or more objects to which the rule applies. This is - // No longer used; use Filter instead. + // no longer used; use Filter instead. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). // // Deprecated: Prefix has been deprecated Prefix *string `deprecated:"true" type:"string"` @@ -22924,12 +28430,20 @@ type LifecycleRule struct { Transitions []*Transition `locationName:"Transition" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleRule) GoString() string { return s.String() } @@ -23012,6 +28526,12 @@ func (s *LifecycleRule) SetTransitions(v []*Transition) *LifecycleRule { type LifecycleRuleAndOperator struct { _ struct{} `type:"structure"` + // Minimum object size to which the rule applies. + ObjectSizeGreaterThan *int64 `type:"long"` + + // Maximum object size to which the rule applies. + ObjectSizeLessThan *int64 `type:"long"` + // Prefix identifying one or more objects to which the rule applies. Prefix *string `type:"string"` @@ -23020,12 +28540,20 @@ type LifecycleRuleAndOperator struct { Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleRuleAndOperator) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleRuleAndOperator) GoString() string { return s.String() } @@ -23050,6 +28578,18 @@ func (s *LifecycleRuleAndOperator) Validate() error { return nil } +// SetObjectSizeGreaterThan sets the ObjectSizeGreaterThan field's value. +func (s *LifecycleRuleAndOperator) SetObjectSizeGreaterThan(v int64) *LifecycleRuleAndOperator { + s.ObjectSizeGreaterThan = &v + return s +} + +// SetObjectSizeLessThan sets the ObjectSizeLessThan field's value. +func (s *LifecycleRuleAndOperator) SetObjectSizeLessThan(v int64) *LifecycleRuleAndOperator { + s.ObjectSizeLessThan = &v + return s +} + // SetPrefix sets the Prefix field's value. func (s *LifecycleRuleAndOperator) SetPrefix(v string) *LifecycleRuleAndOperator { s.Prefix = &v @@ -23063,7 +28603,9 @@ func (s *LifecycleRuleAndOperator) SetTags(v []*Tag) *LifecycleRuleAndOperator { } // The Filter is used to identify objects that a Lifecycle Rule applies to. -// A Filter must have exactly one of Prefix, Tag, or And specified. +// A Filter can have exactly one of Prefix, Tag, ObjectSizeGreaterThan, ObjectSizeLessThan, +// or And specified. If the Filter element is left empty, the Lifecycle Rule +// applies to all objects in the bucket. type LifecycleRuleFilter struct { _ struct{} `type:"structure"` @@ -23072,19 +28614,37 @@ type LifecycleRuleFilter struct { // of the predicates configured inside the And operator. And *LifecycleRuleAndOperator `type:"structure"` + // Minimum object size to which the rule applies. + ObjectSizeGreaterThan *int64 `type:"long"` + + // Maximum object size to which the rule applies. + ObjectSizeLessThan *int64 `type:"long"` + // Prefix identifying one or more objects to which the rule applies. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). Prefix *string `type:"string"` // This tag must exist in the object's tag set in order for the rule to apply. Tag *Tag `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleRuleFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LifecycleRuleFilter) GoString() string { return s.String() } @@ -23115,6 +28675,18 @@ func (s *LifecycleRuleFilter) SetAnd(v *LifecycleRuleAndOperator) *LifecycleRule return s } +// SetObjectSizeGreaterThan sets the ObjectSizeGreaterThan field's value. +func (s *LifecycleRuleFilter) SetObjectSizeGreaterThan(v int64) *LifecycleRuleFilter { + s.ObjectSizeGreaterThan = &v + return s +} + +// SetObjectSizeLessThan sets the ObjectSizeLessThan field's value. +func (s *LifecycleRuleFilter) SetObjectSizeLessThan(v int64) *LifecycleRuleFilter { + s.ObjectSizeLessThan = &v + return s +} + // SetPrefix sets the Prefix field's value. func (s *LifecycleRuleFilter) SetPrefix(v string) *LifecycleRuleFilter { s.Prefix = &v @@ -23139,18 +28711,26 @@ type ListBucketAnalyticsConfigurationsInput struct { // should begin. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketAnalyticsConfigurationsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketAnalyticsConfigurationsInput) GoString() string { return s.String() } @@ -23244,12 +28824,20 @@ type ListBucketAnalyticsConfigurationsOutput struct { NextContinuationToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketAnalyticsConfigurationsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketAnalyticsConfigurationsOutput) GoString() string { return s.String() } @@ -23292,12 +28880,20 @@ type ListBucketIntelligentTieringConfigurationsInput struct { ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketIntelligentTieringConfigurationsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketIntelligentTieringConfigurationsInput) GoString() string { return s.String() } @@ -23385,12 +28981,20 @@ type ListBucketIntelligentTieringConfigurationsOutput struct { NextContinuationToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketIntelligentTieringConfigurationsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketIntelligentTieringConfigurationsOutput) GoString() string { return s.String() } @@ -23433,18 +29037,26 @@ type ListBucketInventoryConfigurationsInput struct { // that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketInventoryConfigurationsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketInventoryConfigurationsInput) GoString() string { return s.String() } @@ -23538,12 +29150,20 @@ type ListBucketInventoryConfigurationsOutput struct { NextContinuationToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketInventoryConfigurationsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketInventoryConfigurationsOutput) GoString() string { return s.String() } @@ -23586,18 +29206,26 @@ type ListBucketMetricsConfigurationsInput struct { // value that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketMetricsConfigurationsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketMetricsConfigurationsInput) GoString() string { return s.String() } @@ -23692,12 +29320,20 @@ type ListBucketMetricsConfigurationsOutput struct { NextContinuationToken *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketMetricsConfigurationsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketMetricsConfigurationsOutput) GoString() string { return s.String() } @@ -23730,12 +29366,20 @@ type ListBucketsInput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketsInput) GoString() string { return s.String() } @@ -23743,19 +29387,27 @@ func (s ListBucketsInput) GoString() string { type ListBucketsOutput struct { _ struct{} `type:"structure"` - // The list of buckets owned by the requestor. + // The list of buckets owned by the requester. Buckets []*Bucket `locationNameList:"Bucket" type:"list"` // The owner of the buckets listed. Owner *Owner `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListBucketsOutput) GoString() string { return s.String() } @@ -23772,25 +29424,124 @@ func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput { return s } +type ListDirectoryBucketsInput struct { + _ struct{} `locationName:"ListDirectoryBucketsRequest" type:"structure"` + + // ContinuationToken indicates to Amazon S3 that the list is being continued + // on this bucket with a token. ContinuationToken is obfuscated and is not a + // real key. You can use this ContinuationToken for pagination of the list results. + ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` + + // Maximum number of buckets to be returned in response. When the number is + // more than the count of buckets that are owned by an Amazon Web Services account, + // return all the buckets in response. + MaxDirectoryBuckets *int64 `location:"querystring" locationName:"max-directory-buckets" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) GoString() string { + return s.String() +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsInput) SetContinuationToken(v string) *ListDirectoryBucketsInput { + s.ContinuationToken = &v + return s +} + +// SetMaxDirectoryBuckets sets the MaxDirectoryBuckets field's value. +func (s *ListDirectoryBucketsInput) SetMaxDirectoryBuckets(v int64) *ListDirectoryBucketsInput { + s.MaxDirectoryBuckets = &v + return s +} + +type ListDirectoryBucketsOutput struct { + _ struct{} `type:"structure"` + + // The list of buckets owned by the requester. + Buckets []*Bucket `locationNameList:"Bucket" type:"list"` + + // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + ContinuationToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) GoString() string { + return s.String() +} + +// SetBuckets sets the Buckets field's value. +func (s *ListDirectoryBucketsOutput) SetBuckets(v []*Bucket) *ListDirectoryBucketsOutput { + s.Buckets = v + return s +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsOutput) SetContinuationToken(v string) *ListDirectoryBucketsOutput { + s.ContinuationToken = &v + return s +} + type ListMultipartUploadsInput struct { _ struct{} `locationName:"ListMultipartUploadsRequest" type:"structure"` // The name of the bucket to which the multipart upload was initiated. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -23803,30 +29554,40 @@ type ListMultipartUploadsInput struct { // parameter, then the substring starts at the beginning of the key. The keys // that are grouped under CommonPrefixes result element are not returned elsewhere // in the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies - // the encoding method to use. An object key may contain any Unicode character; - // however, XML 1.0 parser cannot parse some characters, such as characters + // the encoding method to use. An object key can contain any Unicode character; + // however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Together with upload-id-marker, this parameter specifies the multipart upload - // after which listing should begin. - // - // If upload-id-marker is not specified, only the keys lexicographically greater - // than the specified key-marker will be included in the list. - // - // If upload-id-marker is specified, any multipart uploads for a key equal to - // the key-marker might also be included, provided those multipart uploads have - // upload IDs lexicographically greater than the specified upload-id-marker. + // Specifies the multipart upload after which listing should begin. + // + // * General purpose buckets - For general purpose buckets, key-marker is + // an object key. Together with upload-id-marker, this parameter specifies + // the multipart upload after which listing should begin. If upload-id-marker + // is not specified, only the keys lexicographically greater than the specified + // key-marker will be included in the list. If upload-id-marker is specified, + // any multipart uploads for a key equal to the key-marker might also be + // included, provided those multipart uploads have upload IDs lexicographically + // greater than the specified upload-id-marker. + // + // * Directory buckets - For directory buckets, key-marker is obfuscated + // and isn't a real object key. The upload-id-marker parameter isn't supported + // by directory buckets. To list the additional multipart uploads, you only + // need to set the value of key-marker to the NextKeyMarker value from the + // previous response. In the ListMultipartUploads response, the multipart + // uploads aren't sorted lexicographically based on the object keys. KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"` // Sets the maximum number of multipart uploads, from 1 to 1,000, to return @@ -23836,24 +29597,48 @@ type ListMultipartUploadsInput struct { // Lists in-progress uploads only for those keys that begin with the specified // prefix. You can use prefixes to separate a bucket into different grouping - // of keys. (You can think of using prefix to make groups in the same way you'd - // use a folder in a file system.) + // of keys. (You can think of using prefix to make groups in the same way that + // you'd use a folder in a file system.) + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Together with key-marker, specifies the multipart upload after which listing // should begin. If key-marker is not specified, the upload-id-marker parameter // is ignored. Otherwise, any multipart uploads for a key equal to the key-marker // might be included in the list only if they have an upload ID lexicographically // greater than the specified upload-id-marker. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `location:"querystring" locationName:"upload-id-marker" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListMultipartUploadsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListMultipartUploadsInput) GoString() string { return s.String() } @@ -23923,6 +29708,12 @@ func (s *ListMultipartUploadsInput) SetPrefix(v string) *ListMultipartUploadsInp return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *ListMultipartUploadsInput) SetRequestPayer(v string) *ListMultipartUploadsInput { + s.RequestPayer = &v + return s +} + // SetUploadIdMarker sets the UploadIdMarker field's value. func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUploadsInput { s.UploadIdMarker = &v @@ -23959,23 +29750,29 @@ func (s ListMultipartUploadsInput) updateArnableField(v string) (interface{}, er type ListMultipartUploadsOutput struct { _ struct{} `type:"structure"` - // The name of the bucket to which the multipart upload was initiated. + // The name of the bucket to which the multipart upload was initiated. Does + // not return the access point ARN or access point alias if used. Bucket *string `type:"string"` // If you specify a delimiter in the request, then the result returns each distinct // key prefix containing the delimiter in a CommonPrefixes element. The distinct // key prefixes are returned in the Prefix child element. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Contains the delimiter you specified in the request. If you don't specify // a delimiter in your request, this element is absent from the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object keys in the response. // - // If you specify encoding-type request parameter, Amazon S3 includes this element - // in the response, and returns encoded key name values in the following response - // elements: + // If you specify the encoding-type request parameter, Amazon S3 includes this + // element in the response, and returns encoded key name values in the following + // response elements: // // Delimiter, KeyMarker, Prefix, NextKeyMarker, Key. EncodingType *string `type:"string" enum:"EncodingType"` @@ -23999,13 +29796,30 @@ type ListMultipartUploadsOutput struct { // When a list is truncated, this element specifies the value that should be // used for the upload-id-marker request parameter in a subsequent request. + // + // This functionality is not supported for directory buckets. NextUploadIdMarker *string `type:"string"` // When a prefix is provided in the request, this field contains the specified // prefix. The result contains only keys starting with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` - // Upload ID after which listing began. + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + + // Together with key-marker, specifies the multipart upload after which listing + // should begin. If key-marker is not specified, the upload-id-marker parameter + // is ignored. Otherwise, any multipart uploads for a key equal to the key-marker + // might be included in the list only if they have an upload ID lexicographically + // greater than the specified upload-id-marker. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `type:"string"` // Container for elements related to a particular multipart upload. A response @@ -24013,12 +29827,20 @@ type ListMultipartUploadsOutput struct { Uploads []*MultipartUpload `locationName:"Upload" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListMultipartUploadsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListMultipartUploadsOutput) GoString() string { return s.String() } @@ -24090,6 +29912,12 @@ func (s *ListMultipartUploadsOutput) SetPrefix(v string) *ListMultipartUploadsOu return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListMultipartUploadsOutput) SetRequestCharged(v string) *ListMultipartUploadsOutput { + s.RequestCharged = &v + return s +} + // SetUploadIdMarker sets the UploadIdMarker field's value. func (s *ListMultipartUploadsOutput) SetUploadIdMarker(v string) *ListMultipartUploadsOutput { s.UploadIdMarker = &v @@ -24118,46 +29946,69 @@ type ListObjectVersionsInput struct { Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies - // the encoding method to use. An object key may contain any Unicode character; - // however, XML 1.0 parser cannot parse some characters, such as characters + // the encoding method to use. An object key can contain any Unicode character; + // however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the key to start with when listing objects in a bucket. KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"` - // Sets the maximum number of keys returned in the response. By default the - // API returns up to 1,000 key names. The response might contain fewer keys + // Sets the maximum number of keys returned in the response. By default, the + // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. If additional keys satisfy the search criteria, // but were not returned because max-keys was exceeded, the response contains // true. To return the additional keys, see key-marker // and version-id-marker. MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"` + // Specifies the optional fields that you want returned in the response. Fields + // that you do not specify are not returned. + OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` + // Use this parameter to select only those keys that begin with the specified // prefix. You can use prefixes to separate a bucket into different groupings - // of keys. (You can think of using prefix to make groups in the same way you'd - // use a folder in a file system.) You can use prefix with delimiter to roll - // up numerous objects into a single result under CommonPrefixes. + // of keys. (You can think of using prefix to make groups in the same way that + // you'd use a folder in a file system.) You can use prefix with delimiter to + // roll up numerous objects into a single result under CommonPrefixes. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Specifies the object version you want to start listing from. VersionIdMarker *string `location:"querystring" locationName:"version-id-marker" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectVersionsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectVersionsInput) GoString() string { return s.String() } @@ -24221,12 +30072,24 @@ func (s *ListObjectVersionsInput) SetMaxKeys(v int64) *ListObjectVersionsInput { return s } +// SetOptionalObjectAttributes sets the OptionalObjectAttributes field's value. +func (s *ListObjectVersionsInput) SetOptionalObjectAttributes(v []*string) *ListObjectVersionsInput { + s.OptionalObjectAttributes = v + return s +} + // SetPrefix sets the Prefix field's value. func (s *ListObjectVersionsInput) SetPrefix(v string) *ListObjectVersionsInput { s.Prefix = &v return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *ListObjectVersionsInput) SetRequestPayer(v string) *ListObjectVersionsInput { + s.RequestPayer = &v + return s +} + // SetVersionIdMarker sets the VersionIdMarker field's value. func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersionsInput { s.VersionIdMarker = &v @@ -24280,16 +30143,16 @@ type ListObjectVersionsOutput struct { // Encoding type used by Amazon S3 to encode object key names in the XML response. // - // If you specify encoding-type request parameter, Amazon S3 includes this element - // in the response, and returns encoded key name values in the following response - // elements: + // If you specify the encoding-type request parameter, Amazon S3 includes this + // element in the response, and returns encoded key name values in the following + // response elements: // // KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter. EncodingType *string `type:"string" enum:"EncodingType"` // A flag that indicates whether Amazon S3 returned all of the results that // satisfied the search criteria. If your results were truncated, you can make - // a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker + // a follow-up paginated request by using the NextKeyMarker and NextVersionIdMarker // response parameters as a starting place in another request to return the // rest of the results. IsTruncated *bool `type:"boolean"` @@ -24317,6 +30180,12 @@ type ListObjectVersionsOutput struct { // Selects objects that start with the value supplied by this parameter. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // Marks the last version of the key returned in a truncated response. VersionIdMarker *string `type:"string"` @@ -24324,12 +30193,20 @@ type ListObjectVersionsOutput struct { Versions []*ObjectVersion `locationName:"Version" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectVersionsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectVersionsOutput) GoString() string { return s.String() } @@ -24400,6 +30277,12 @@ func (s *ListObjectVersionsOutput) SetPrefix(v string) *ListObjectVersionsOutput return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectVersionsOutput) SetRequestCharged(v string) *ListObjectVersionsOutput { + s.RequestCharged = &v + return s +} + // SetVersionIdMarker sets the VersionIdMarker field's value. func (s *ListObjectVersionsOutput) SetVersionIdMarker(v string) *ListObjectVersionsOutput { s.VersionIdMarker = &v @@ -24417,48 +30300,67 @@ type ListObjectsInput struct { // The name of the bucket containing the objects. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // A delimiter is a character you use to group keys. + // A delimiter is a character that you use to group keys. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies - // the encoding method to use. An object key may contain any Unicode character; - // however, XML 1.0 parser cannot parse some characters, such as characters + // the encoding method to use. An object key can contain any Unicode character; + // however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Specifies the key to start with when listing objects in a bucket. + // Marker is where you want Amazon S3 to start listing from. Amazon S3 starts + // listing after this specified key. Marker can be any key in the bucket. Marker *string `location:"querystring" locationName:"marker" type:"string"` - // Sets the maximum number of keys returned in the response. By default the - // API returns up to 1,000 key names. The response might contain fewer keys + // Sets the maximum number of keys returned in the response. By default, the + // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"` + // Specifies the optional fields that you want returned in the response. Fields + // that you do not specify are not returned. + OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` + // Limits the response to keys that begin with the specified prefix. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` @@ -24468,12 +30370,20 @@ type ListObjectsInput struct { RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsInput) GoString() string { return s.String() } @@ -24537,6 +30447,12 @@ func (s *ListObjectsInput) SetMaxKeys(v int64) *ListObjectsInput { return s } +// SetOptionalObjectAttributes sets the OptionalObjectAttributes field's value. +func (s *ListObjectsInput) SetOptionalObjectAttributes(v []*string) *ListObjectsInput { + s.OptionalObjectAttributes = v + return s +} + // SetPrefix sets the Prefix field's value. func (s *ListObjectsInput) SetPrefix(v string) *ListObjectsInput { s.Prefix = &v @@ -24579,8 +30495,8 @@ func (s ListObjectsInput) updateArnableField(v string) (interface{}, error) { type ListObjectsOutput struct { _ struct{} `type:"structure"` - // All of the keys rolled up in a common prefix count as a single return when - // calculating the number of returns. + // All of the keys (up to 1,000) rolled up in a common prefix count as a single + // return when calculating the number of returns. // // A response can contain CommonPrefixes only if you specify a delimiter. // @@ -24590,7 +30506,7 @@ type ListObjectsOutput struct { // CommonPrefixes lists keys that act like subdirectories in the directory specified // by Prefix. // - // For example, if the prefix is notes/ and the delimiter is a slash (/) as + // For example, if the prefix is notes/ and the delimiter is a slash (/), as // in notes/summer/july, the common prefix is notes/summer/. All of the keys // that roll up into a common prefix count as a single return when calculating // the number of returns. @@ -24606,7 +30522,9 @@ type ListObjectsOutput struct { // the MaxKeys value. Delimiter *string `type:"string"` - // Encoding type used by Amazon S3 to encode object keys in the response. + // Encoding type used by Amazon S3 to encode object keys in the response. If + // using url, non-ASCII characters used in an object's key name will be URL + // encoded. For example, the object test_file(3).png will appear as test_file%283%29.png. EncodingType *string `type:"string" enum:"EncodingType"` // A flag that indicates whether Amazon S3 returned all of the results that @@ -24623,25 +30541,42 @@ type ListObjectsOutput struct { // The bucket name. Name *string `type:"string"` - // When response is truncated (the IsTruncated element value in the response - // is true), you can use the key name in this field as marker in the subsequent - // request to get next set of objects. Amazon S3 lists objects in alphabetical - // order Note: This element is returned only if you have delimiter request parameter - // specified. If response does not include the NextMarker and it is truncated, - // you can use the value of the last Key in the response as the marker in the - // subsequent request to get the next set of object keys. + // When the response is truncated (the IsTruncated element value in the response + // is true), you can use the key name in this field as the marker parameter + // in the subsequent request to get the next set of objects. Amazon S3 lists + // objects in alphabetical order. + // + // This element is returned only if you have the delimiter request parameter + // specified. If the response does not include the NextMarker element and it + // is truncated, you can use the value of the last Key element in the response + // as the marker parameter in the subsequent request to get the next set of + // object keys. NextMarker *string `type:"string"` // Keys that begin with the indicated prefix. Prefix *string `type:"string"` + + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsOutput) GoString() string { return s.String() } @@ -24706,74 +30641,127 @@ func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput { return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectsOutput) SetRequestCharged(v string) *ListObjectsOutput { + s.RequestCharged = &v + return s +} + type ListObjectsV2Input struct { _ struct{} `locationName:"ListObjectsV2Request" type:"structure"` - // Bucket name to list. - // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // ContinuationToken indicates Amazon S3 that the list is being continued on - // this bucket with a token. ContinuationToken is obfuscated and is not a real - // key. + // ContinuationToken indicates to Amazon S3 that the list is being continued + // on this bucket with a token. ContinuationToken is obfuscated and is not a + // real key. You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // A delimiter is a character you use to group keys. + // A delimiter is a character that you use to group keys. + // + // * Directory buckets - For directory buckets, / is the only supported delimiter. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` - // Encoding type used by Amazon S3 to encode object keys in the response. + // Encoding type used by Amazon S3 to encode object keys in the response. If + // using url, non-ASCII characters used in an object's key name will be URL + // encoded. For example, the object test_file(3).png will appear as test_file%283%29.png. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The owner field is not present in listV2 by default, if you want to return - // owner field with each key in the result then set the fetch owner field to - // true. + // The owner field is not present in ListObjectsV2 by default. If you want to + // return the owner field with each key in the result, then set the FetchOwner + // field to true. + // + // Directory buckets - For directory buckets, the bucket owner is returned as + // the object owner for all objects. FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"` - // Sets the maximum number of keys returned in the response. By default the - // API returns up to 1,000 key names. The response might contain fewer keys + // Sets the maximum number of keys returned in the response. By default, the + // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. MaxKeys *int64 `location:"querystring" locationName:"max-keys" type:"integer"` + // Specifies the optional fields that you want returned in the response. Fields + // that you do not specify are not returned. + // + // This functionality is not supported for directory buckets. + OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` + // Limits the response to keys that begin with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that she or he will be charged for the // list objects request in V2 style. Bucket owners need not specify this parameter // in their requests. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts // listing after this specified key. StartAfter can be any key in the bucket. + // + // This functionality is not supported for directory buckets. StartAfter *string `location:"querystring" locationName:"start-after" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsV2Input) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsV2Input) GoString() string { return s.String() } @@ -24843,6 +30831,12 @@ func (s *ListObjectsV2Input) SetMaxKeys(v int64) *ListObjectsV2Input { return s } +// SetOptionalObjectAttributes sets the OptionalObjectAttributes field's value. +func (s *ListObjectsV2Input) SetOptionalObjectAttributes(v []*string) *ListObjectsV2Input { + s.OptionalObjectAttributes = v + return s +} + // SetPrefix sets the Prefix field's value. func (s *ListObjectsV2Input) SetPrefix(v string) *ListObjectsV2Input { s.Prefix = &v @@ -24891,8 +30885,9 @@ func (s ListObjectsV2Input) updateArnableField(v string) (interface{}, error) { type ListObjectsV2Output struct { _ struct{} `type:"structure"` - // All of the keys rolled up into a common prefix count as a single return when - // calculating the number of returns. + // All of the keys (up to 1,000) that share the same prefix are grouped together. + // When counting the total numbers of returns by this API operation, this group + // of keys is considered as one item. // // A response can contain CommonPrefixes only if you specify a delimiter. // @@ -24906,12 +30901,24 @@ type ListObjectsV2Output struct { // in notes/summer/july, the common prefix is notes/summer/. All of the keys // that roll up into a common prefix count as a single return when calculating // the number of returns. + // + // * Directory buckets - For directory buckets, only prefixes that end in + // a delimiter (/) are supported. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Metadata about each object returned. Contents []*Object `type:"list" flattened:"true"` // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + // You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `type:"string"` // Causes keys that contain the same string between the prefix and the first @@ -24919,6 +30926,8 @@ type ListObjectsV2Output struct { // in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere // in the response. Each rolled-up result counts as only one return against // the MaxKeys value. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object key names in the XML response. @@ -24936,31 +30945,16 @@ type ListObjectsV2Output struct { IsTruncated *bool `type:"boolean"` // KeyCount is the number of keys returned with this request. KeyCount will - // always be less than equals to MaxKeys field. Say you ask for 50 keys, your - // result will include less than equals 50 keys + // always be less than or equal to the MaxKeys field. For example, if you ask + // for 50 keys, your result will include 50 keys or fewer. KeyCount *int64 `type:"integer"` - // Sets the maximum number of keys returned in the response. By default the - // API returns up to 1,000 key names. The response might contain fewer keys + // Sets the maximum number of keys returned in the response. By default, the + // action returns up to 1,000 key names. The response might contain fewer keys // but will never contain more. MaxKeys *int64 `type:"integer"` // The bucket name. - // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. Name *string `type:"string"` // NextContinuationToken is sent when isTruncated is true, which means there @@ -24970,18 +30964,37 @@ type ListObjectsV2Output struct { NextContinuationToken *string `type:"string"` // Keys that begin with the indicated prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` + // If StartAfter was sent with the request, it is included in the response. + // + // This functionality is not supported for directory buckets. StartAfter *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsV2Output) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListObjectsV2Output) GoString() string { return s.String() } @@ -25052,6 +31065,12 @@ func (s *ListObjectsV2Output) SetPrefix(v string) *ListObjectsV2Output { return s } +// SetRequestCharged sets the RequestCharged field's value. +func (s *ListObjectsV2Output) SetRequestCharged(v string) *ListObjectsV2Output { + s.RequestCharged = &v + return s +} + // SetStartAfter sets the StartAfter field's value. func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output { s.StartAfter = &v @@ -25063,27 +31082,41 @@ type ListPartsInput struct { // The name of the bucket to which the parts are being uploaded. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -25099,24 +31132,64 @@ type ListPartsInput struct { PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // The server-side encryption (SSE) algorithm used to encrypt the object. This + // parameter is needed only when the object was created using a checksum algorithm. + // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` + + // The server-side encryption (SSE) customer managed key. This parameter is + // needed only when the object was created using a checksum algorithm. For more + // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ListPartsInput's + // String and GoString methods. + SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` + + // The MD5 server-side encryption (SSE) customer managed key. This parameter + // is needed only when the object was created using a checksum algorithm. For + // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // Upload ID identifying the multipart upload whose parts are being listed. // // UploadId is a required field UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListPartsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListPartsInput) GoString() string { return s.String() } @@ -25189,6 +31262,31 @@ func (s *ListPartsInput) SetRequestPayer(v string) *ListPartsInput { return s } +// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value. +func (s *ListPartsInput) SetSSECustomerAlgorithm(v string) *ListPartsInput { + s.SSECustomerAlgorithm = &v + return s +} + +// SetSSECustomerKey sets the SSECustomerKey field's value. +func (s *ListPartsInput) SetSSECustomerKey(v string) *ListPartsInput { + s.SSECustomerKey = &v + return s +} + +func (s *ListPartsInput) getSSECustomerKey() (v string) { + if s.SSECustomerKey == nil { + return v + } + return *s.SSECustomerKey +} + +// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value. +func (s *ListPartsInput) SetSSECustomerKeyMD5(v string) *ListPartsInput { + s.SSECustomerKeyMD5 = &v + return s +} + // SetUploadId sets the UploadId field's value. func (s *ListPartsInput) SetUploadId(v string) *ListPartsInput { s.UploadId = &v @@ -25230,24 +31328,32 @@ type ListPartsOutput struct { // name in the request, then the response includes this header indicating when // the initiated multipart upload will become eligible for abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). // // The response will also include the x-amz-abort-rule-id header that will provide // the ID of the lifecycle configuration rule that defines this action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` - // The name of the bucket to which the multipart upload was initiated. + // The name of the bucket to which the multipart upload was initiated. Does + // not return the access point ARN or access point alias if used. Bucket *string `type:"string"` + // The algorithm that was used to create a checksum of the object. + ChecksumAlgorithm *string `type:"string" enum:"ChecksumAlgorithm"` + // Container element that identifies who initiated the multipart upload. If - // the initiator is an AWS account, this element provides the same information - // as the Owner element. If the initiator is an IAM User, this element provides - // the user ARN and display name. + // the initiator is an Amazon Web Services account, this element provides the + // same information as the Owner element. If the initiator is an IAM User, this + // element provides the user ARN and display name. Initiator *Initiator `type:"structure"` // Indicates whether the returned list of parts is truncated. A true value indicates @@ -25269,11 +31375,13 @@ type ListPartsOutput struct { // Container element that identifies the object owner, after the object is created. // If multipart upload is initiated by an IAM user, this element provides the // parent account ID and display name. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the parts. Owner *Owner `type:"structure"` - // When a list is truncated, this element specifies the last part in the list, - // as well as the value to use for the part-number-marker request parameter - // in a subsequent request. + // Specifies the part after which listing should begin. Only parts with higher + // part numbers will be listed. PartNumberMarker *int64 `type:"integer"` // Container for elements related to a particular part. A response can contain @@ -25282,22 +31390,34 @@ type ListPartsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded - // object. + // The class of storage used to store the uploaded object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID identifying the multipart upload whose parts are being listed. UploadId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListPartsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ListPartsOutput) GoString() string { return s.String() } @@ -25327,6 +31447,12 @@ func (s *ListPartsOutput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *ListPartsOutput) SetChecksumAlgorithm(v string) *ListPartsOutput { + s.ChecksumAlgorithm = &v + return s +} + // SetInitiator sets the Initiator field's value. func (s *ListPartsOutput) SetInitiator(v *Initiator) *ListPartsOutput { s.Initiator = v @@ -25427,12 +31553,20 @@ type Location struct { UserMetadata []*MetadataEntry `locationNameList:"MetadataEntry" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Location) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Location) GoString() string { return s.String() } @@ -25521,10 +31655,60 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { return s } +// Specifies the location where the bucket will be created. +// +// For directory buckets, the location type is Availability Zone. For more information +// about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type LocationInfo struct { + _ struct{} `type:"structure"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the name of the location is the AZ ID of the Availability + // Zone where the bucket will be created. An example AZ ID value is usw2-az1. + Name *string `type:"string"` + + // The type of location where the bucket will be created. + Type *string `type:"string" enum:"LocationType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *LocationInfo) SetName(v string) *LocationInfo { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *LocationInfo) SetType(v string) *LocationInfo { + s.Type = &v + return s +} + // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type LoggingEnabled struct { _ struct{} `type:"structure"` @@ -25539,8 +31723,16 @@ type LoggingEnabled struct { TargetBucket *string `type:"string" required:"true"` // Container for granting information. + // + // Buckets that use the bucket owner enforced setting for Object Ownership don't + // support target grants. For more information, see Permissions for server access + // log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) + // in the Amazon S3 User Guide. TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` + // Amazon S3 key format for log objects. + TargetObjectKeyFormat *TargetObjectKeyFormat `type:"structure"` + // A prefix for all log object keys. If you store log files from multiple Amazon // S3 buckets in a single bucket, you can use a prefix to distinguish which // log files came from which bucket. @@ -25549,12 +31741,20 @@ type LoggingEnabled struct { TargetPrefix *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LoggingEnabled) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s LoggingEnabled) GoString() string { return s.String() } @@ -25597,6 +31797,12 @@ func (s *LoggingEnabled) SetTargetGrants(v []*TargetGrant) *LoggingEnabled { return s } +// SetTargetObjectKeyFormat sets the TargetObjectKeyFormat field's value. +func (s *LoggingEnabled) SetTargetObjectKeyFormat(v *TargetObjectKeyFormat) *LoggingEnabled { + s.TargetObjectKeyFormat = v + return s +} + // SetTargetPrefix sets the TargetPrefix field's value. func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled { s.TargetPrefix = &v @@ -25607,19 +31813,27 @@ func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled { type MetadataEntry struct { _ struct{} `type:"structure"` - // Name of the Object. + // Name of the object. Name *string `type:"string"` - // Value of the Object. + // Value of the object. Value *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetadataEntry) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetadataEntry) GoString() string { return s.String() } @@ -25651,12 +31865,20 @@ type Metrics struct { Status *string `type:"string" required:"true" enum:"MetricsStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Metrics) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Metrics) GoString() string { return s.String() } @@ -25692,6 +31914,9 @@ func (s *Metrics) SetStatus(v string) *Metrics { type MetricsAndOperator struct { _ struct{} `type:"structure"` + // The access point ARN used when evaluating an AND predicate. + AccessPointArn *string `type:"string"` + // The prefix used when evaluating an AND predicate. Prefix *string `type:"string"` @@ -25699,12 +31924,20 @@ type MetricsAndOperator struct { Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetricsAndOperator) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetricsAndOperator) GoString() string { return s.String() } @@ -25729,6 +31962,12 @@ func (s *MetricsAndOperator) Validate() error { return nil } +// SetAccessPointArn sets the AccessPointArn field's value. +func (s *MetricsAndOperator) SetAccessPointArn(v string) *MetricsAndOperator { + s.AccessPointArn = &v + return s +} + // SetPrefix sets the Prefix field's value. func (s *MetricsAndOperator) SetPrefix(v string) *MetricsAndOperator { s.Prefix = &v @@ -25745,29 +31984,37 @@ func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator { // by the metrics configuration ID) from an Amazon S3 bucket. If you're updating // an existing metrics configuration, note that this is a full replacement of // the existing metrics configuration. If you don't include the elements you -// want to keep, they are erased. For more information, see PUT Bucket metrics -// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) -// in the Amazon Simple Storage Service API Reference. +// want to keep, they are erased. For more information, see PutBucketMetricsConfiguration +// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html). type MetricsConfiguration struct { _ struct{} `type:"structure"` // Specifies a metrics configuration filter. The metrics configuration will // only include objects that meet the filter's criteria. A filter must be a - // prefix, a tag, or a conjunction (MetricsAndOperator). + // prefix, an object tag, an access point ARN, or a conjunction (MetricsAndOperator). Filter *MetricsFilter `type:"structure"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetricsConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetricsConfiguration) GoString() string { return s.String() } @@ -25804,10 +32051,14 @@ func (s *MetricsConfiguration) SetId(v string) *MetricsConfiguration { // Specifies a metrics configuration filter. The metrics configuration only // includes objects that meet the filter's criteria. A filter must be a prefix, -// a tag, or a conjunction (MetricsAndOperator). +// an object tag, an access point ARN, or a conjunction (MetricsAndOperator). +// For more information, see PutBucketMetricsConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html). type MetricsFilter struct { _ struct{} `type:"structure"` + // The access point ARN used when evaluating a metrics filter. + AccessPointArn *string `type:"string"` + // A conjunction (logical AND) of predicates, which is used in evaluating a // metrics filter. The operator must have at least two predicates, and an object // must match all of the predicates in order for the filter to apply. @@ -25820,12 +32071,20 @@ type MetricsFilter struct { Tag *Tag `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetricsFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MetricsFilter) GoString() string { return s.String() } @@ -25850,6 +32109,12 @@ func (s *MetricsFilter) Validate() error { return nil } +// SetAccessPointArn sets the AccessPointArn field's value. +func (s *MetricsFilter) SetAccessPointArn(v string) *MetricsFilter { + s.AccessPointArn = &v + return s +} + // SetAnd sets the And field's value. func (s *MetricsFilter) SetAnd(v *MetricsAndOperator) *MetricsFilter { s.And = v @@ -25872,6 +32137,9 @@ func (s *MetricsFilter) SetTag(v *Tag) *MetricsFilter { type MultipartUpload struct { _ struct{} `type:"structure"` + // The algorithm that was used to create a checksum of the object. + ChecksumAlgorithm *string `type:"string" enum:"ChecksumAlgorithm"` + // Date and time at which the multipart upload was initiated. Initiated *time.Time `type:"timestamp"` @@ -25882,25 +32150,45 @@ type MultipartUpload struct { Key *string `min:"1" type:"string"` // Specifies the owner of the object that is part of the multipart upload. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the objects. Owner *Owner `type:"structure"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID that identifies the multipart upload. UploadId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MultipartUpload) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s MultipartUpload) GoString() string { return s.String() } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *MultipartUpload) SetChecksumAlgorithm(v string) *MultipartUpload { + s.ChecksumAlgorithm = &v + return s +} + // SetInitiated sets the Initiated field's value. func (s *MultipartUpload) SetInitiated(v time.Time) *MultipartUpload { s.Initiated = &v @@ -25945,24 +32233,46 @@ func (s *MultipartUpload) SetUploadId(v string) *MultipartUpload { type NoncurrentVersionExpiration struct { _ struct{} `type:"structure"` + // Specifies how many noncurrent versions Amazon S3 will retain. You can specify + // up to 100 noncurrent versions to retain. Amazon S3 will permanently delete + // any additional noncurrent versions beyond the specified number to retain. + // For more information about noncurrent versions, see Lifecycle configuration + // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) + // in the Amazon S3 User Guide. + NewerNoncurrentVersions *int64 `type:"integer"` + // Specifies the number of days an object is noncurrent before Amazon S3 can - // perform the associated action. For information about the noncurrent days - // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) - // in the Amazon Simple Storage Service Developer Guide. + // perform the associated action. The value must be a non-zero positive integer. + // For information about the noncurrent days calculations, see How Amazon S3 + // Calculates When an Object Became Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) + // in the Amazon S3 User Guide. NoncurrentDays *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NoncurrentVersionExpiration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NoncurrentVersionExpiration) GoString() string { return s.String() } +// SetNewerNoncurrentVersions sets the NewerNoncurrentVersions field's value. +func (s *NoncurrentVersionExpiration) SetNewerNoncurrentVersions(v int64) *NoncurrentVersionExpiration { + s.NewerNoncurrentVersions = &v + return s +} + // SetNoncurrentDays sets the NoncurrentDays field's value. func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVersionExpiration { s.NoncurrentDays = &v @@ -25970,36 +32280,58 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers } // Container for the transition rule that describes when noncurrent objects -// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, -// or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning -// is suspended), you can set this action to request that Amazon S3 transition -// noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, -// GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's -// lifetime. +// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, +// GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled +// (or versioning is suspended), you can set this action to request that Amazon +// S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA, +// INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at +// a specific period in the object's lifetime. type NoncurrentVersionTransition struct { _ struct{} `type:"structure"` + // Specifies how many noncurrent versions Amazon S3 will retain in the same + // storage class before transitioning objects. You can specify up to 100 noncurrent + // versions to retain. Amazon S3 will transition any additional noncurrent versions + // beyond the specified number to retain. For more information about noncurrent + // versions, see Lifecycle configuration elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) + // in the Amazon S3 User Guide. + NewerNoncurrentVersions *int64 `type:"integer"` + // Specifies the number of days an object is noncurrent before Amazon S3 can // perform the associated action. For information about the noncurrent days // calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent // (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. NoncurrentDays *int64 `type:"integer"` // The class of storage used to store the object. StorageClass *string `type:"string" enum:"TransitionStorageClass"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NoncurrentVersionTransition) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NoncurrentVersionTransition) GoString() string { return s.String() } +// SetNewerNoncurrentVersions sets the NewerNoncurrentVersions field's value. +func (s *NoncurrentVersionTransition) SetNewerNoncurrentVersions(v int64) *NoncurrentVersionTransition { + s.NewerNoncurrentVersions = &v + return s +} + // SetNoncurrentDays sets the NoncurrentDays field's value. func (s *NoncurrentVersionTransition) SetNoncurrentDays(v int64) *NoncurrentVersionTransition { s.NoncurrentDays = &v @@ -26017,8 +32349,11 @@ func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersi type NotificationConfiguration struct { _ struct{} `type:"structure"` - // Describes the AWS Lambda functions to invoke and the events for which to - // invoke them. + // Enables delivery of events to Amazon EventBridge. + EventBridgeConfiguration *EventBridgeConfiguration `type:"structure"` + + // Describes the Lambda functions to invoke and the events for which to invoke + // them. LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"` // The Amazon Simple Queue Service queues to publish messages to and the events @@ -26030,12 +32365,20 @@ type NotificationConfiguration struct { TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotificationConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotificationConfiguration) GoString() string { return s.String() } @@ -26080,6 +32423,12 @@ func (s *NotificationConfiguration) Validate() error { return nil } +// SetEventBridgeConfiguration sets the EventBridgeConfiguration field's value. +func (s *NotificationConfiguration) SetEventBridgeConfiguration(v *EventBridgeConfiguration) *NotificationConfiguration { + s.EventBridgeConfiguration = v + return s +} + // SetLambdaFunctionConfigurations sets the LambdaFunctionConfigurations field's value. func (s *NotificationConfiguration) SetLambdaFunctionConfigurations(v []*LambdaFunctionConfiguration) *NotificationConfiguration { s.LambdaFunctionConfigurations = v @@ -26101,7 +32450,7 @@ func (s *NotificationConfiguration) SetTopicConfigurations(v []*TopicConfigurati type NotificationConfigurationDeprecated struct { _ struct{} `type:"structure"` - // Container for specifying the AWS Lambda notification configuration. + // Container for specifying the Lambda notification configuration. CloudFunctionConfiguration *CloudFunctionConfiguration `type:"structure"` // This data type is deprecated. This data type specifies the configuration @@ -26115,12 +32464,20 @@ type NotificationConfigurationDeprecated struct { TopicConfiguration *TopicConfigurationDeprecated `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotificationConfigurationDeprecated) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotificationConfigurationDeprecated) GoString() string { return s.String() } @@ -26144,8 +32501,9 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf } // Specifies object key name filtering rules. For information about key name -// filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) -// in the Amazon Simple Storage Service Developer Guide. +// filtering, see Configuring event notifications using object key name filtering +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) +// in the Amazon S3 User Guide. type NotificationConfigurationFilter struct { _ struct{} `type:"structure"` @@ -26153,12 +32511,20 @@ type NotificationConfigurationFilter struct { Key *KeyFilter `locationName:"S3Key" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotificationConfigurationFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s NotificationConfigurationFilter) GoString() string { return s.String() } @@ -26173,51 +32539,89 @@ func (s *NotificationConfigurationFilter) SetKey(v *KeyFilter) *NotificationConf type Object struct { _ struct{} `type:"structure"` + // The algorithm that was used to create a checksum of the object. + ChecksumAlgorithm []*string `type:"list" flattened:"true" enum:"ChecksumAlgorithm"` + // The entity tag is a hash of the object. The ETag reflects changes only to // the contents of an object, not its metadata. The ETag may or may not be an // MD5 digest of the object data. Whether or not it is depends on how the object // was created and how it is encrypted as described below: // // * Objects created by the PUT Object, POST Object, or Copy operation, or - // through the AWS Management Console, and are encrypted by SSE-S3 or plaintext, - // have ETags that are an MD5 digest of their object data. + // through the Amazon Web Services Management Console, and are encrypted + // by SSE-S3 or plaintext, have ETags that are an MD5 digest of their object + // data. // // * Objects created by the PUT Object, POST Object, or Copy operation, or - // through the AWS Management Console, and are encrypted by SSE-C or SSE-KMS, - // have ETags that are not an MD5 digest of their object data. + // through the Amazon Web Services Management Console, and are encrypted + // by SSE-C or SSE-KMS, have ETags that are not an MD5 digest of their object + // data. // // * If an object is created by either the Multipart Upload or Part Copy // operation, the ETag is not an MD5 digest, regardless of the method of - // encryption. + // encryption. If an object is larger than 16 MB, the Amazon Web Services + // Management Console will upload or copy that object as a Multipart Upload, + // and therefore the ETag will not be an MD5 digest. + // + // Directory buckets - MD5 is not supported by directory buckets. ETag *string `type:"string"` // The name that you assign to an object. You use the object key to retrieve // the object. Key *string `min:"1" type:"string"` - // The date the Object was Last Modified + // Creation date of the object. LastModified *time.Time `type:"timestamp"` // The owner of the object + // + // Directory buckets - The bucket owner is returned as the object owner. Owner *Owner `type:"structure"` + // Specifies the restoration status of an object. Objects in certain storage + // classes must be restored before they can be retrieved. For more information + // about these storage classes and how to work with archived objects, see Working + // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. + RestoreStatus *RestoreStatus `type:"structure"` + // Size in bytes of the object - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"ObjectStorageClass"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Object) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Object) GoString() string { return s.String() } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *Object) SetChecksumAlgorithm(v []*string) *Object { + s.ChecksumAlgorithm = v + return s +} + // SetETag sets the ETag field's value. func (s *Object) SetETag(v string) *Object { s.ETag = &v @@ -26242,6 +32646,12 @@ func (s *Object) SetOwner(v *Owner) *Object { return s } +// SetRestoreStatus sets the RestoreStatus field's value. +func (s *Object) SetRestoreStatus(v *RestoreStatus) *Object { + s.RestoreStatus = v + return s +} + // SetSize sets the Size field's value. func (s *Object) SetSize(v int64) *Object { s.Size = &v @@ -26258,21 +32668,35 @@ func (s *Object) SetStorageClass(v string) *Object { type ObjectIdentifier struct { _ struct{} `type:"structure"` - // Key name of the object to delete. + // Key name of the object. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). // // Key is a required field Key *string `min:"1" type:"string" required:"true"` - // VersionId for the specific version of the object to delete. + // Version ID for the specific version of the object to delete. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectIdentifier) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectIdentifier) GoString() string { return s.String() } @@ -26309,19 +32733,31 @@ func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier { type ObjectLockConfiguration struct { _ struct{} `type:"structure"` - // Indicates whether this bucket has an Object Lock configuration enabled. + // Indicates whether this bucket has an Object Lock configuration enabled. Enable + // ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket. ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"` - // The Object Lock rule in place for the specified object. + // Specifies the Object Lock rule for the specified object. Enable the this + // rule when you apply ObjectLockConfiguration to a bucket. Bucket settings + // require both a mode and a period. The period can be either Days or Years + // but you must select one. You cannot specify Days and Years at the same time. Rule *ObjectLockRule `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockConfiguration) GoString() string { return s.String() } @@ -26338,20 +32774,28 @@ func (s *ObjectLockConfiguration) SetRule(v *ObjectLockRule) *ObjectLockConfigur return s } -// A Legal Hold configuration for an object. +// A legal hold configuration for an object. type ObjectLockLegalHold struct { _ struct{} `type:"structure"` - // Indicates whether the specified object has a Legal Hold in place. + // Indicates whether the specified object has a legal hold in place. Status *string `type:"string" enum:"ObjectLockLegalHoldStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockLegalHold) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockLegalHold) GoString() string { return s.String() } @@ -26373,12 +32817,20 @@ type ObjectLockRetention struct { RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockRetention) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockRetention) GoString() string { return s.String() } @@ -26399,17 +32851,27 @@ func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetenti type ObjectLockRule struct { _ struct{} `type:"structure"` - // The default retention period that you want to apply to new objects placed - // in the specified bucket. + // The default Object Lock retention mode and period that you want to apply + // to new objects placed in the specified bucket. Bucket settings require both + // a mode and a period. The period can be either Days or Years but you must + // select one. You cannot specify Days and Years at the same time. DefaultRetention *DefaultRetention `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectLockRule) GoString() string { return s.String() } @@ -26420,10 +32882,116 @@ func (s *ObjectLockRule) SetDefaultRetention(v *DefaultRetention) *ObjectLockRul return s } +// A container for elements related to an individual part. +type ObjectPart struct { + _ struct{} `type:"structure"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32 checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `type:"string"` + + // The part number identifying the part. This value is a positive integer between + // 1 and 10,000. + PartNumber *int64 `type:"integer"` + + // The size of the uploaded part in bytes. + Size *int64 `type:"long"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ObjectPart) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ObjectPart) GoString() string { + return s.String() +} + +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *ObjectPart) SetChecksumCRC32(v string) *ObjectPart { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *ObjectPart) SetChecksumCRC32C(v string) *ObjectPart { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *ObjectPart) SetChecksumSHA1(v string) *ObjectPart { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *ObjectPart) SetChecksumSHA256(v string) *ObjectPart { + s.ChecksumSHA256 = &v + return s +} + +// SetPartNumber sets the PartNumber field's value. +func (s *ObjectPart) SetPartNumber(v int64) *ObjectPart { + s.PartNumber = &v + return s +} + +// SetSize sets the Size field's value. +func (s *ObjectPart) SetSize(v int64) *ObjectPart { + s.Size = &v + return s +} + // The version of an object. type ObjectVersion struct { _ struct{} `type:"structure"` + // The algorithm that was used to create a checksum of the object. + ChecksumAlgorithm []*string `type:"list" flattened:"true" enum:"ChecksumAlgorithm"` + // The entity tag is an MD5 hash of that version of the object. ETag *string `type:"string"` @@ -26434,14 +33002,21 @@ type ObjectVersion struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // Specifies the owner of the object. Owner *Owner `type:"structure"` + // Specifies the restoration status of an object. Objects in certain storage + // classes must be restored before they can be retrieved. For more information + // about these storage classes and how to work with archived objects, see Working + // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) + // in the Amazon S3 User Guide. + RestoreStatus *RestoreStatus `type:"structure"` + // Size in bytes of the object. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. StorageClass *string `type:"string" enum:"ObjectVersionStorageClass"` @@ -26450,16 +33025,30 @@ type ObjectVersion struct { VersionId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectVersion) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ObjectVersion) GoString() string { return s.String() } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *ObjectVersion) SetChecksumAlgorithm(v []*string) *ObjectVersion { + s.ChecksumAlgorithm = v + return s +} + // SetETag sets the ETag field's value. func (s *ObjectVersion) SetETag(v string) *ObjectVersion { s.ETag = &v @@ -26490,6 +33079,12 @@ func (s *ObjectVersion) SetOwner(v *Owner) *ObjectVersion { return s } +// SetRestoreStatus sets the RestoreStatus field's value. +func (s *ObjectVersion) SetRestoreStatus(v *RestoreStatus) *ObjectVersion { + s.RestoreStatus = v + return s +} + // SetSize sets the Size field's value. func (s *ObjectVersion) SetSize(v int64) *ObjectVersion { s.Size = &v @@ -26516,12 +33111,20 @@ type OutputLocation struct { S3 *Location `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OutputLocation) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OutputLocation) GoString() string { return s.String() } @@ -26558,12 +33161,20 @@ type OutputSerialization struct { JSON *JSONOutput `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OutputSerialization) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OutputSerialization) GoString() string { return s.String() } @@ -26584,19 +33195,46 @@ func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization { type Owner struct { _ struct{} `type:"structure"` - // Container for the display name of the owner. + // Container for the display name of the owner. This value is only supported + // in the following Amazon Web Services Regions: + // + // * US East (N. Virginia) + // + // * US West (N. California) + // + // * US West (Oregon) + // + // * Asia Pacific (Singapore) + // + // * Asia Pacific (Sydney) + // + // * Asia Pacific (Tokyo) + // + // * Europe (Ireland) + // + // * South America (São Paulo) + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` // Container for the ID of the owner. ID *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Owner) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Owner) GoString() string { return s.String() } @@ -26623,12 +33261,20 @@ type OwnershipControls struct { Rules []*OwnershipControlsRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OwnershipControls) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OwnershipControls) GoString() string { return s.String() } @@ -26675,16 +33321,41 @@ type OwnershipControlsRule struct { // ObjectWriter - The uploading account will own the object if the object is // uploaded with the bucket-owner-full-control canned ACL. // + // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer + // affect permissions. The bucket owner automatically owns and has full control + // over every object in the bucket. The bucket only accepts PUT requests that + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. + // // ObjectOwnership is a required field ObjectOwnership *string `type:"string" required:"true" enum:"ObjectOwnership"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OwnershipControlsRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s OwnershipControlsRule) GoString() string { return s.String() } @@ -26713,12 +33384,20 @@ type ParquetInput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ParquetInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ParquetInput) GoString() string { return s.String() } @@ -26727,6 +33406,40 @@ func (s ParquetInput) GoString() string { type Part struct { _ struct{} `type:"structure"` + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32 checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 256-bit SHA-256 digest of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `type:"string"` + // Entity tag returned when the part was uploaded. ETag *string `type:"string"` @@ -26738,19 +33451,51 @@ type Part struct { PartNumber *int64 `type:"integer"` // Size in bytes of the uploaded part data. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Part) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Part) GoString() string { return s.String() } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *Part) SetChecksumCRC32(v string) *Part { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *Part) SetChecksumCRC32C(v string) *Part { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *Part) SetChecksumSHA1(v string) *Part { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *Part) SetChecksumSHA256(v string) *Part { + s.ChecksumSHA256 = &v + return s +} + // SetETag sets the ETag field's value. func (s *Part) SetETag(v string) *Part { s.ETag = &v @@ -26775,6 +33520,44 @@ func (s *Part) SetSize(v int64) *Part { return s } +// Amazon S3 keys for log objects are partitioned in the following format: +// +// [DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +// +// PartitionedPrefix defaults to EventTime delivery when server access logs +// are delivered. +type PartitionedPrefix struct { + _ struct{} `locationName:"PartitionedPrefix" type:"structure"` + + // Specifies the partition date source for the partitioned prefix. PartitionDateSource + // can be EventTime or DeliveryTime. + PartitionDateSource *string `type:"string" enum:"PartitionDateSource"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) GoString() string { + return s.String() +} + +// SetPartitionDateSource sets the PartitionDateSource field's value. +func (s *PartitionedPrefix) SetPartitionDateSource(v string) *PartitionedPrefix { + s.PartitionDateSource = &v + return s +} + // The container element for a bucket's policy status. type PolicyStatus struct { _ struct{} `type:"structure"` @@ -26784,12 +33567,20 @@ type PolicyStatus struct { IsPublic *bool `locationName:"IsPublic" type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PolicyStatus) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PolicyStatus) GoString() string { return s.String() } @@ -26814,12 +33605,20 @@ type Progress struct { BytesScanned *int64 `type:"long"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Progress) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Progress) GoString() string { return s.String() } @@ -26850,12 +33649,20 @@ type ProgressEvent struct { Details *Progress `locationName:"Details" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ProgressEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ProgressEvent) GoString() string { return s.String() } @@ -26899,7 +33706,7 @@ func (s *ProgressEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstr // S3 bucket. You can enable the configuration options in any combination. For // more information about when Amazon S3 considers a bucket or object public, // see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. type PublicAccessBlockConfiguration struct { _ struct{} `type:"structure"` @@ -26907,7 +33714,7 @@ type PublicAccessBlockConfiguration struct { // for this bucket and objects in this bucket. Setting this element to TRUE // causes the following behavior: // - // * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is + // * PUT Bucket ACL and PUT Object ACL calls fail if the specified ACL is // public. // // * PUT Object calls fail if the request includes a public ACL. @@ -26934,8 +33741,8 @@ type PublicAccessBlockConfiguration struct { // Specifies whether Amazon S3 should restrict public bucket policies for this // bucket. Setting this element to TRUE restricts access to this bucket to only - // AWS service principals and authorized users within this account if the bucket - // has a public policy. + // Amazon Web Service principals and authorized users within this account if + // the bucket has a public policy. // // Enabling this setting doesn't affect previously stored bucket policies, except // that public and cross-account access within any public bucket policy, including @@ -26943,12 +33750,20 @@ type PublicAccessBlockConfiguration struct { RestrictPublicBuckets *bool `locationName:"RestrictPublicBuckets" type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PublicAccessBlockConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PublicAccessBlockConfiguration) GoString() string { return s.String() } @@ -26990,18 +33805,43 @@ type PutBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAccelerateConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAccelerateConfigurationInput) GoString() string { return s.String() } @@ -27044,6 +33884,12 @@ func (s *PutBucketAccelerateConfigurationInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketAccelerateConfigurationInput) SetChecksumAlgorithm(v string) *PutBucketAccelerateConfigurationInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketAccelerateConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketAccelerateConfigurationInput { s.ExpectedBucketOwner = &v @@ -27081,12 +33927,20 @@ type PutBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAccelerateConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAccelerateConfigurationOutput) GoString() string { return s.String() } @@ -27105,9 +33959,30 @@ type PutBucketAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the @@ -27120,19 +33995,30 @@ type PutBucketAclInput struct { // Allows grantee to read the bucket ACL. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to create, overwrite, and delete any object in the bucket. + // Allows grantee to create new objects in the bucket. + // + // For the bucket and object owners of existing objects, also allows deletions + // and overwrites of those objects. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAclInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAclInput) GoString() string { return s.String() } @@ -27183,6 +34069,12 @@ func (s *PutBucketAclInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketAclInput) SetChecksumAlgorithm(v string) *PutBucketAclInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketAclInput) SetExpectedBucketOwner(v string) *PutBucketAclInput { s.ExpectedBucketOwner = &v @@ -27250,12 +34142,20 @@ type PutBucketAclOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAclOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAclOutput) GoString() string { return s.String() } @@ -27273,9 +34173,9 @@ type PutBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -27284,12 +34184,20 @@ type PutBucketAnalyticsConfigurationInput struct { Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAnalyticsConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAnalyticsConfigurationInput) GoString() string { return s.String() } @@ -27383,12 +34291,20 @@ type PutBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAnalyticsConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketAnalyticsConfigurationOutput) GoString() string { return s.String() } @@ -27404,23 +34320,52 @@ type PutBucketCorsInput struct { // Describes the cross-origin access configuration for objects in an Amazon // S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon - // Simple Storage Service Developer Guide. + // S3 User Guide. // // CORSConfiguration is a required field CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketCorsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketCorsInput) GoString() string { return s.String() } @@ -27468,6 +34413,12 @@ func (s *PutBucketCorsInput) SetCORSConfiguration(v *CORSConfiguration) *PutBuck return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketCorsInput) SetChecksumAlgorithm(v string) *PutBucketCorsInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketCorsInput) SetExpectedBucketOwner(v string) *PutBucketCorsInput { s.ExpectedBucketOwner = &v @@ -27505,12 +34456,20 @@ type PutBucketCorsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketCorsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketCorsOutput) GoString() string { return s.String() } @@ -27519,17 +34478,41 @@ type PutBucketEncryptionInput struct { _ struct{} `locationName:"PutBucketEncryptionRequest" type:"structure" payload:"ServerSideEncryptionConfiguration"` // Specifies default encryption for a bucket using server-side encryption with - // Amazon S3-managed keys (SSE-S3) or customer master keys stored in AWS KMS - // (SSE-KMS). For information about the Amazon S3 default encryption feature, - // see Amazon S3 Default Bucket Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) - // in the Amazon Simple Storage Service Developer Guide. + // different key options. By default, all buckets have a default encryption + // configuration that uses server-side encryption with Amazon S3 managed keys + // (SSE-S3). You can optionally configure default encryption for a bucket by + // using server-side encryption with an Amazon Web Services KMS key (SSE-KMS) + // or a customer-provided key (SSE-C). For information about the bucket default + // encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the default server-side-encryption configuration. @@ -27538,12 +34521,20 @@ type PutBucketEncryptionInput struct { ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketEncryptionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketEncryptionInput) GoString() string { return s.String() } @@ -27585,6 +34576,12 @@ func (s *PutBucketEncryptionInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketEncryptionInput) SetChecksumAlgorithm(v string) *PutBucketEncryptionInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketEncryptionInput) SetExpectedBucketOwner(v string) *PutBucketEncryptionInput { s.ExpectedBucketOwner = &v @@ -27628,12 +34625,20 @@ type PutBucketEncryptionOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketEncryptionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketEncryptionOutput) GoString() string { return s.String() } @@ -27658,12 +34663,20 @@ type PutBucketIntelligentTieringConfigurationInput struct { IntelligentTieringConfiguration *IntelligentTieringConfiguration `locationName:"IntelligentTieringConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketIntelligentTieringConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketIntelligentTieringConfigurationInput) GoString() string { return s.String() } @@ -27751,12 +34764,20 @@ type PutBucketIntelligentTieringConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketIntelligentTieringConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketIntelligentTieringConfigurationOutput) GoString() string { return s.String() } @@ -27769,9 +34790,9 @@ type PutBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -27785,12 +34806,20 @@ type PutBucketInventoryConfigurationInput struct { InventoryConfiguration *InventoryConfiguration `locationName:"InventoryConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketInventoryConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketInventoryConfigurationInput) GoString() string { return s.String() } @@ -27884,12 +34913,20 @@ type PutBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketInventoryConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketInventoryConfigurationOutput) GoString() string { return s.String() } @@ -27902,21 +34939,50 @@ type PutBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1,000 rules. LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleConfigurationInput) GoString() string { return s.String() } @@ -27955,6 +35021,12 @@ func (s *PutBucketLifecycleConfigurationInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketLifecycleConfigurationInput) SetChecksumAlgorithm(v string) *PutBucketLifecycleConfigurationInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketLifecycleConfigurationInput) SetExpectedBucketOwner(v string) *PutBucketLifecycleConfigurationInput { s.ExpectedBucketOwner = &v @@ -27998,12 +35070,20 @@ type PutBucketLifecycleConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleConfigurationOutput) GoString() string { return s.String() } @@ -28014,21 +35094,53 @@ type PutBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1000 rules. + // + // For more information see, Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) + // in the Amazon S3 User Guide. LifecycleConfiguration *LifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleInput) GoString() string { return s.String() } @@ -28067,6 +35179,12 @@ func (s *PutBucketLifecycleInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketLifecycleInput) SetChecksumAlgorithm(v string) *PutBucketLifecycleInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketLifecycleInput) SetExpectedBucketOwner(v string) *PutBucketLifecycleInput { s.ExpectedBucketOwner = &v @@ -28110,12 +35228,20 @@ type PutBucketLifecycleOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLifecycleOutput) GoString() string { return s.String() } @@ -28133,18 +35259,47 @@ type PutBucketLoggingInput struct { // BucketLoggingStatus is a required field BucketLoggingStatus *BucketLoggingStatus `locationName:"BucketLoggingStatus" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLoggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLoggingInput) GoString() string { return s.String() } @@ -28192,6 +35347,12 @@ func (s *PutBucketLoggingInput) SetBucketLoggingStatus(v *BucketLoggingStatus) * return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketLoggingInput) SetChecksumAlgorithm(v string) *PutBucketLoggingInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketLoggingInput) SetExpectedBucketOwner(v string) *PutBucketLoggingInput { s.ExpectedBucketOwner = &v @@ -28229,12 +35390,20 @@ type PutBucketLoggingOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLoggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketLoggingOutput) GoString() string { return s.String() } @@ -28247,12 +35416,13 @@ type PutBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The ID used to identify the metrics configuration. + // The ID used to identify the metrics configuration. The ID has a 64 character + // limit and can only contain letters, numbers, periods, dashes, and underscores. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -28263,12 +35433,20 @@ type PutBucketMetricsConfigurationInput struct { MetricsConfiguration *MetricsConfiguration `locationName:"MetricsConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketMetricsConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketMetricsConfigurationInput) GoString() string { return s.String() } @@ -28362,12 +35540,20 @@ type PutBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketMetricsConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketMetricsConfigurationOutput) GoString() string { return s.String() } @@ -28380,9 +35566,9 @@ type PutBucketNotificationConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for specifying the notification configuration of the bucket. @@ -28390,14 +35576,26 @@ type PutBucketNotificationConfigurationInput struct { // // NotificationConfiguration is a required field NotificationConfiguration *NotificationConfiguration `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` + + // Skips validation of Amazon SQS, Amazon SNS, and Lambda destinations. True + // or false value. + SkipDestinationValidation *bool `location:"header" locationName:"x-amz-skip-destination-validation" type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationConfigurationInput) GoString() string { return s.String() } @@ -28451,6 +35649,12 @@ func (s *PutBucketNotificationConfigurationInput) SetNotificationConfiguration(v return s } +// SetSkipDestinationValidation sets the SkipDestinationValidation field's value. +func (s *PutBucketNotificationConfigurationInput) SetSkipDestinationValidation(v bool) *PutBucketNotificationConfigurationInput { + s.SkipDestinationValidation = &v + return s +} + func (s *PutBucketNotificationConfigurationInput) getEndpointARN() (arn.Resource, error) { if s.Bucket == nil { return nil, fmt.Errorf("member Bucket is nil") @@ -28482,12 +35686,20 @@ type PutBucketNotificationConfigurationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationConfigurationOutput) GoString() string { return s.String() } @@ -28500,9 +35712,30 @@ type PutBucketNotificationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The container for the configuration. @@ -28511,12 +35744,20 @@ type PutBucketNotificationInput struct { NotificationConfiguration *NotificationConfigurationDeprecated `locationName:"NotificationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationInput) GoString() string { return s.String() } @@ -28553,6 +35794,12 @@ func (s *PutBucketNotificationInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketNotificationInput) SetChecksumAlgorithm(v string) *PutBucketNotificationInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketNotificationInput) SetExpectedBucketOwner(v string) *PutBucketNotificationInput { s.ExpectedBucketOwner = &v @@ -28596,12 +35843,20 @@ type PutBucketNotificationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketNotificationOutput) GoString() string { return s.String() } @@ -28614,24 +35869,32 @@ type PutBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The OwnershipControls (BucketOwnerPreferred or ObjectWriter) that you want - // to apply to this Amazon S3 bucket. + // The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) + // that you want to apply to this Amazon S3 bucket. // // OwnershipControls is a required field OwnershipControls *OwnershipControls `locationName:"OwnershipControls" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketOwnershipControlsInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketOwnershipControlsInput) GoString() string { return s.String() } @@ -28716,12 +35979,20 @@ type PutBucketOwnershipControlsOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketOwnershipControlsOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketOwnershipControlsOutput) GoString() string { return s.String() } @@ -28731,30 +36002,94 @@ type PutBucketPolicyInput struct { // The name of the bucket. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + // Set this parameter to true to confirm that you want to remove your permissions // to change this bucket policy in the future. + // + // This functionality is not supported for directory buckets. ConfirmRemoveSelfBucketAccess *bool `location:"header" locationName:"x-amz-confirm-remove-self-bucket-access" type:"boolean"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The bucket policy as a JSON document. // + // For directory buckets, the only IAM action supported in the bucket policy + // is s3express:CreateSession. + // // Policy is a required field Policy *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketPolicyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketPolicyInput) GoString() string { return s.String() } @@ -28791,6 +36126,12 @@ func (s *PutBucketPolicyInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketPolicyInput) SetChecksumAlgorithm(v string) *PutBucketPolicyInput { + s.ChecksumAlgorithm = &v + return s +} + // SetConfirmRemoveSelfBucketAccess sets the ConfirmRemoveSelfBucketAccess field's value. func (s *PutBucketPolicyInput) SetConfirmRemoveSelfBucketAccess(v bool) *PutBucketPolicyInput { s.ConfirmRemoveSelfBucketAccess = &v @@ -28840,12 +36181,20 @@ type PutBucketPolicyOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketPolicyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketPolicyOutput) GoString() string { return s.String() } @@ -28858,9 +36207,30 @@ type PutBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for replication rules. You can add up to 1,000 rules. The maximum @@ -28873,12 +36243,20 @@ type PutBucketReplicationInput struct { Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketReplicationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketReplicationInput) GoString() string { return s.String() } @@ -28920,6 +36298,12 @@ func (s *PutBucketReplicationInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketReplicationInput) SetChecksumAlgorithm(v string) *PutBucketReplicationInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketReplicationInput) SetExpectedBucketOwner(v string) *PutBucketReplicationInput { s.ExpectedBucketOwner = &v @@ -28969,12 +36353,20 @@ type PutBucketReplicationOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketReplicationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketReplicationOutput) GoString() string { return s.String() } @@ -28987,9 +36379,30 @@ type PutBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for Payer. @@ -28998,12 +36411,20 @@ type PutBucketRequestPaymentInput struct { RequestPaymentConfiguration *RequestPaymentConfiguration `locationName:"RequestPaymentConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketRequestPaymentInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketRequestPaymentInput) GoString() string { return s.String() } @@ -29045,6 +36466,12 @@ func (s *PutBucketRequestPaymentInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketRequestPaymentInput) SetChecksumAlgorithm(v string) *PutBucketRequestPaymentInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketRequestPaymentInput) SetExpectedBucketOwner(v string) *PutBucketRequestPaymentInput { s.ExpectedBucketOwner = &v @@ -29088,12 +36515,20 @@ type PutBucketRequestPaymentOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketRequestPaymentOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketRequestPaymentOutput) GoString() string { return s.String() } @@ -29106,9 +36541,30 @@ type PutBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the TagSet and Tag elements. @@ -29117,12 +36573,20 @@ type PutBucketTaggingInput struct { Tagging *Tagging `locationName:"Tagging" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketTaggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketTaggingInput) GoString() string { return s.String() } @@ -29164,6 +36628,12 @@ func (s *PutBucketTaggingInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketTaggingInput) SetChecksumAlgorithm(v string) *PutBucketTaggingInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketTaggingInput) SetExpectedBucketOwner(v string) *PutBucketTaggingInput { s.ExpectedBucketOwner = &v @@ -29207,12 +36677,20 @@ type PutBucketTaggingOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketTaggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketTaggingOutput) GoString() string { return s.String() } @@ -29225,9 +36703,30 @@ type PutBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, @@ -29240,12 +36739,20 @@ type PutBucketVersioningInput struct { VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketVersioningInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketVersioningInput) GoString() string { return s.String() } @@ -29282,6 +36789,12 @@ func (s *PutBucketVersioningInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketVersioningInput) SetChecksumAlgorithm(v string) *PutBucketVersioningInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketVersioningInput) SetExpectedBucketOwner(v string) *PutBucketVersioningInput { s.ExpectedBucketOwner = &v @@ -29331,12 +36844,20 @@ type PutBucketVersioningOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketVersioningOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketVersioningOutput) GoString() string { return s.String() } @@ -29349,9 +36870,30 @@ type PutBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the request. @@ -29360,12 +36902,20 @@ type PutBucketWebsiteInput struct { WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketWebsiteInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketWebsiteInput) GoString() string { return s.String() } @@ -29407,6 +36957,12 @@ func (s *PutBucketWebsiteInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutBucketWebsiteInput) SetChecksumAlgorithm(v string) *PutBucketWebsiteInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutBucketWebsiteInput) SetExpectedBucketOwner(v string) *PutBucketWebsiteInput { s.ExpectedBucketOwner = &v @@ -29450,12 +37006,20 @@ type PutBucketWebsiteOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketWebsiteOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutBucketWebsiteOutput) GoString() string { return s.String() } @@ -29473,82 +37037,116 @@ type PutObjectAclInput struct { // The bucket name that contains the object to which you want to attach the // ACL. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to create, overwrite, and delete any object in the bucket. + // Allows grantee to create new objects in the bucket. + // + // For the bucket and object owners of existing objects, also allows deletions + // and overwrites of those objects. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` - // Key for which the PUT operation was initiated. - // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Key for which the PUT action was initiated. // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectAclInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectAclInput) GoString() string { return s.String() } @@ -29605,6 +37203,12 @@ func (s *PutObjectAclInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutObjectAclInput) SetChecksumAlgorithm(v string) *PutObjectAclInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutObjectAclInput) SetExpectedBucketOwner(v string) *PutObjectAclInput { s.ExpectedBucketOwner = &v @@ -29691,15 +37295,25 @@ type PutObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectAclOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectAclOutput) GoString() string { return s.String() } @@ -29714,41 +37328,80 @@ type PutObjectInput struct { _ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"` // The canned ACL to apply to the object. For more information, see Canned ACL - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). - // - // This action is not supported by Amazon S3 on Outposts. + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. + // + // When adding a new object, you can use headers to grant ACL-based permissions + // to individual Amazon Web Services accounts or to predefined groups defined + // by Amazon S3. These permissions are then added to the ACL on the object. + // By default, all objects are private. Only the owner has full access control. + // For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) + // in the Amazon S3 User Guide. + // + // If the bucket that you're uploading objects to uses the bucket owner enforced + // setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. + // Buckets that use this setting only accept PUT requests that don't specify + // an ACL or PUT requests that specify bucket owner full control ACLs, such + // as the bucket-owner-full-control canned ACL or an equivalent form of this + // ACL expressed in the XML format. PUT requests that contain other ACLs (for + // example, custom grants to certain Amazon Web Services accounts) fail and + // return a 400 error with the error code AccessControlListNotSupported. For + // more information, see Controlling ownership of objects and disabling ACLs + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // Object data. Body io.ReadSeeker `type:"blob"` - // The bucket name to which the PUT operation was initiated. - // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // The bucket name to which the PUT action was initiated. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption - // with server-side encryption using AWS KMS (SSE-KMS). Setting this header - // to true causes Amazon S3 to use an S3 Bucket Key for object encryption with - // SSE-KMS. + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. // - // Specifying this header with a PUT operation doesn’t affect bucket-level - // settings for S3 Bucket Key. + // Specifying this header with a PUT action doesn’t affect bucket-level settings + // for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Can be used to specify caching behavior along the request/reply chain. For @@ -29756,22 +37409,84 @@ type PutObjectInput struct { // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32 checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32C checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 160-bit SHA-1 digest of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 256-bit SHA-256 digest of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` + // Specifies presentational information for the object. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1). + // see https://www.rfc-editor.org/rfc/rfc6266#section-4 (https://www.rfc-editor.org/rfc/rfc6266#section-4). ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced - // by the Content-Type header field. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11). + // by the Content-Type header field. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding + // (https://www.rfc-editor.org/rfc/rfc9110.html#field.content-encoding). ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` // Size of the body in bytes. This parameter is useful when the size of the - // body cannot be determined automatically. For more information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13 - // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13). + // body cannot be determined automatically. For more information, see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length + // (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length). ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` // The base64-encoded 128-bit MD5 digest of the message (without the headers) @@ -29780,42 +37495,57 @@ type PutObjectInput struct { // it is optional, we recommend using the Content-MD5 mechanism as an end-to-end // integrity check. For more information about REST request authentication, // see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). + // + // The Content-MD5 header is required for any request to upload an object with + // a retention period configured using Amazon S3 Object Lock. For more information + // about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // A standard MIME type describing the format of the contents. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17). + // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type). ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. For more information, - // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21). + // see https://www.rfc-editor.org/rfc/rfc7234#section-5.3 (https://www.rfc-editor.org/rfc/rfc7234#section-5.3). Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` - // Object key for which the PUT operation was initiated. + // Object key for which the PUT action was initiated. // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` @@ -29824,24 +37554,37 @@ type PutObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether a legal hold will be applied to this object. For more information - // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode that you want to apply to this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want this object's Object Lock to expire. + // The date and time when you want this object's Object Lock to expire. Must + // be formatted as a timestamp parameter. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -29849,50 +37592,92 @@ type PutObjectInput struct { // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PutObjectInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // Specifies the AWS KMS Encryption Context to use for object encryption. The - // value of this header is a base64-encoded UTF-8 string holding JSON with the - // encryption context key-value pairs. + // Specifies the Amazon Web Services KMS Encryption Context to use for object + // encryption. The value of this header is a base64-encoded UTF-8 string holding + // JSON with the encryption context key-value pairs. This value is stored as + // object metadata and automatically gets passed on to Amazon Web Services KMS + // for future GetObject or CopyObject operations on this object. This value + // must be explicitly added during CopyObject operations. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSEncryptionContext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PutObjectInput's + // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetrical customer managed customer master key (CMK) that was used for - // the object. + // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, + // this header specifies the ID (Key ID, Key ARN, or Key Alias) of the Key Management + // Service (KMS) symmetric encryption customer managed key that was used for + // the object. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, + // but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 + // uses the Amazon Web Services managed key (aws/s3) to protect the data. If + // the KMS key does not exist in the same account that's issuing the command, + // you must use the full ARN and not just the ID. + // + // This functionality is not supported for directory buckets. // - // If the value of x-amz-server-side-encryption is aws:kms, this header specifies - // the ID of the symmetric customer managed AWS KMS CMK that will be used for - // the object. If you specify x-amz-server-side-encryption:aws:kms, but do not - // providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the AWS - // managed CMK in AWS to protect the data. + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PutObjectInput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms). + // The server-side encryption algorithm that was used when you store this object + // in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // General purpose buckets - You have four mutually exclusive options to protect + // data using server-side encryption in Amazon S3, depending on how you choose + // to manage the encryption keys. Specifically, the encryption key options are + // Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or + // DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with + // server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. + // You can optionally tell Amazon S3 to encrypt data at rest by using server-side + // encryption with other key options. For more information, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - For directory buckets, only the server-side encryption + // with Amazon S3 managed keys (SSE-S3) (AES256) value is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // in the Amazon S3 Service Developer Guide. + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. // (For example, "Key1=Value1") + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. For information about object - // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). + // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) + // in the Amazon S3 User Guide. // // In the following example, the request header sets the redirect to an object // (anotherPage.html) in the same bucket: @@ -29906,16 +37691,27 @@ type PutObjectInput struct { // // For more information about website hosting in Amazon S3, see Hosting Websites // on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) - // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html). + // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectInput) GoString() string { return s.String() } @@ -29979,6 +37775,36 @@ func (s *PutObjectInput) SetCacheControl(v string) *PutObjectInput { return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutObjectInput) SetChecksumAlgorithm(v string) *PutObjectInput { + s.ChecksumAlgorithm = &v + return s +} + +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *PutObjectInput) SetChecksumCRC32(v string) *PutObjectInput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *PutObjectInput) SetChecksumCRC32C(v string) *PutObjectInput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *PutObjectInput) SetChecksumSHA1(v string) *PutObjectInput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *PutObjectInput) SetChecksumSHA256(v string) *PutObjectInput { + s.ChecksumSHA256 = &v + return s +} + // SetContentDisposition sets the ContentDisposition field's value. func (s *PutObjectInput) SetContentDisposition(v string) *PutObjectInput { s.ContentDisposition = &v @@ -30178,50 +38004,85 @@ func (s PutObjectInput) updateArnableField(v string) (interface{}, error) { type PutObjectLegalHoldInput struct { _ struct{} `locationName:"PutObjectLegalHoldRequest" type:"structure" payload:"LegalHold"` - // The bucket name containing the object that you want to place a Legal Hold + // The bucket name containing the object that you want to place a legal hold // on. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The key name for the object that you want to place a Legal Hold on. + // The key name for the object that you want to place a legal hold on. // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Container element for the Legal Hold configuration you want to apply to the + // Container element for the legal hold configuration you want to apply to the // specified object. LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // The version ID of the object that you want to place a Legal Hold on. + // The version ID of the object that you want to place a legal hold on. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLegalHoldInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLegalHoldInput) GoString() string { return s.String() } @@ -30261,6 +38122,12 @@ func (s *PutObjectLegalHoldInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutObjectLegalHoldInput) SetChecksumAlgorithm(v string) *PutObjectLegalHoldInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutObjectLegalHoldInput) SetExpectedBucketOwner(v string) *PutObjectLegalHoldInput { s.ExpectedBucketOwner = &v @@ -30323,15 +38190,25 @@ type PutObjectLegalHoldOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLegalHoldOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLegalHoldOutput) GoString() string { return s.String() } @@ -30350,31 +38227,64 @@ type PutObjectLockConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The Object Lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // A token to allow Object Lock to be enabled for an existing bucket. Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLockConfigurationInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLockConfigurationInput) GoString() string { return s.String() } @@ -30408,6 +38318,12 @@ func (s *PutObjectLockConfigurationInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutObjectLockConfigurationInput) SetChecksumAlgorithm(v string) *PutObjectLockConfigurationInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutObjectLockConfigurationInput) SetExpectedBucketOwner(v string) *PutObjectLockConfigurationInput { s.ExpectedBucketOwner = &v @@ -30464,15 +38380,25 @@ type PutObjectLockConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLockConfigurationOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectLockConfigurationOutput) GoString() string { return s.String() } @@ -30487,60 +38413,151 @@ type PutObjectOutput struct { _ struct{} `type:"structure"` // Indicates whether the uploaded object uses an S3 Bucket Key for server-side - // encryption with AWS KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` + // Entity tag for the uploaded object. + // + // General purpose buckets - To ensure that data is not corrupted traversing + // the network, for objects where the ETag is the MD5 digest of the object, + // you can calculate the MD5 while putting an object to Amazon S3 and compare + // the returned ETag to the calculated MD5 value. + // + // Directory buckets - The ETag for the object in a directory bucket isn't the + // MD5 digest of the object. ETag *string `location:"header" locationName:"ETag" type:"string"` // If the expiration is configured for the object (see PutBucketLifecycleConfiguration - // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), - // the response includes this header. It includes the expiry-date and rule-id - // key-value pairs that provide information about object expiration. The value - // of the rule-id is URL encoded. + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)) + // in the Amazon S3 User Guide, the response includes this header. It includes + // the expiry-date and rule-id key-value pairs that provide information about + // object expiration. The value of the rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the AWS KMS Encryption Context to use for object encryption. - // The value of this header is a base64-encoded UTF-8 string holding JSON with - // the encryption context key-value pairs. + // If present, indicates the Amazon Web Services KMS Encryption Context to use + // for object encryption. The value of this header is a base64-encoded UTF-8 + // string holding JSON with the encryption context key-value pairs. This value + // is stored as object metadata and automatically gets passed on to Amazon Web + // Services KMS for future GetObject or CopyObject operations on this object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSEncryptionContext is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PutObjectOutput's + // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) that was used for the - // object. + // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, + // this header indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PutObjectOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // If you specified server-side encryption either with an AWS KMS customer master - // key (CMK) or Amazon S3-managed encryption key in your PUT request, the response - // includes this header. It confirms the encryption algorithm that Amazon S3 - // used to encrypt the object. + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // Version of the object. + // Version ID of the object. + // + // If you enable versioning for a bucket, Amazon S3 automatically generates + // a unique version ID for the object being stored. Amazon S3 returns this ID + // in the response. When you enable versioning for a bucket, if Amazon S3 receives + // multiple write requests for the same object simultaneously, it stores all + // of the objects. For more information about versioning, see Adding Objects + // to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) + // in the Amazon S3 User Guide. For information about returning the versioning + // state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectOutput) GoString() string { return s.String() } @@ -30551,6 +38568,30 @@ func (s *PutObjectOutput) SetBucketKeyEnabled(v bool) *PutObjectOutput { return s } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *PutObjectOutput) SetChecksumCRC32(v string) *PutObjectOutput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *PutObjectOutput) SetChecksumCRC32C(v string) *PutObjectOutput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *PutObjectOutput) SetChecksumSHA1(v string) *PutObjectOutput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *PutObjectOutput) SetChecksumSHA256(v string) *PutObjectOutput { + s.ChecksumSHA256 = &v + return s +} + // SetETag sets the ETag field's value. func (s *PutObjectOutput) SetETag(v string) *PutObjectOutput { s.ETag = &v @@ -30611,22 +38652,45 @@ type PutObjectRetentionInput struct { // The bucket name that contains the object you want to apply this Object Retention // configuration to. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates whether this operation should bypass Governance-mode restrictions. + // Indicates whether this action should bypass Governance-mode restrictions. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object that you want to apply this Object Retention @@ -30636,10 +38700,14 @@ type PutObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The container element for the Object Retention configuration. @@ -30650,12 +38718,20 @@ type PutObjectRetentionInput struct { VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectRetentionInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectRetentionInput) GoString() string { return s.String() } @@ -30701,6 +38777,12 @@ func (s *PutObjectRetentionInput) SetBypassGovernanceRetention(v bool) *PutObjec return s } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutObjectRetentionInput) SetChecksumAlgorithm(v string) *PutObjectRetentionInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutObjectRetentionInput) SetExpectedBucketOwner(v string) *PutObjectRetentionInput { s.ExpectedBucketOwner = &v @@ -30763,15 +38845,25 @@ type PutObjectRetentionOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectRetentionOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectRetentionOutput) GoString() string { return s.String() } @@ -30787,27 +38879,51 @@ type PutObjectTaggingInput struct { // The bucket name containing the object. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Name of the object key. @@ -30815,6 +38931,17 @@ type PutObjectTaggingInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Container for the TagSet and Tag elements // // Tagging is a required field @@ -30824,12 +38951,20 @@ type PutObjectTaggingInput struct { VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectTaggingInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectTaggingInput) GoString() string { return s.String() } @@ -30877,6 +39012,12 @@ func (s *PutObjectTaggingInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutObjectTaggingInput) SetChecksumAlgorithm(v string) *PutObjectTaggingInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutObjectTaggingInput) SetExpectedBucketOwner(v string) *PutObjectTaggingInput { s.ExpectedBucketOwner = &v @@ -30889,6 +39030,12 @@ func (s *PutObjectTaggingInput) SetKey(v string) *PutObjectTaggingInput { return s } +// SetRequestPayer sets the RequestPayer field's value. +func (s *PutObjectTaggingInput) SetRequestPayer(v string) *PutObjectTaggingInput { + s.RequestPayer = &v + return s +} + // SetTagging sets the Tagging field's value. func (s *PutObjectTaggingInput) SetTagging(v *Tagging) *PutObjectTaggingInput { s.Tagging = v @@ -30935,12 +39082,20 @@ type PutObjectTaggingOutput struct { VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectTaggingOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutObjectTaggingOutput) GoString() string { return s.String() } @@ -30960,27 +39115,56 @@ type PutPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + // + // The SDK will automatically compute the Content-MD5 checksum for this operation. + // The AWS SDK for Go v2 allows you to configure alternative checksum algorithm + // to be used. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The PublicAccessBlock configuration that you want to apply to this Amazon // S3 bucket. You can enable the configuration options in any combination. For // more information about when Amazon S3 considers a bucket or object public, // see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. // // PublicAccessBlockConfiguration is a required field PublicAccessBlockConfiguration *PublicAccessBlockConfiguration `locationName:"PublicAccessBlockConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutPublicAccessBlockInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutPublicAccessBlockInput) GoString() string { return s.String() } @@ -31017,6 +39201,12 @@ func (s *PutPublicAccessBlockInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *PutPublicAccessBlockInput) SetChecksumAlgorithm(v string) *PutPublicAccessBlockInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *PutPublicAccessBlockInput) SetExpectedBucketOwner(v string) *PutPublicAccessBlockInput { s.ExpectedBucketOwner = &v @@ -31060,12 +39250,20 @@ type PutPublicAccessBlockOutput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutPublicAccessBlockOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PutPublicAccessBlockOutput) GoString() string { return s.String() } @@ -31078,11 +39276,12 @@ type QueueConfiguration struct { // A collection of bucket events for which to send notifications // // Events is a required field - Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` + Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) - // in the Amazon Simple Storage Service Developer Guide. + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) + // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` // An optional unique identifier for configurations in a notification configuration. @@ -31096,12 +39295,20 @@ type QueueConfiguration struct { QueueArn *string `locationName:"Queue" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s QueueConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s QueueConfiguration) GoString() string { return s.String() } @@ -31158,8 +39365,8 @@ type QueueConfigurationDeprecated struct { // Deprecated: Event has been deprecated Event *string `deprecated:"true" type:"string" enum:"Event"` - // A collection of bucket events for which to send notifications - Events []*string `locationName:"Event" type:"list" flattened:"true"` + // A collection of bucket events for which to send notifications. + Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"` // An optional unique identifier for configurations in a notification configuration. // If you don't provide one, Amazon S3 will assign an ID. @@ -31170,12 +39377,20 @@ type QueueConfigurationDeprecated struct { Queue *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s QueueConfigurationDeprecated) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s QueueConfigurationDeprecated) GoString() string { return s.String() } @@ -31209,17 +39424,24 @@ type RecordsEvent struct { _ struct{} `locationName:"RecordsEvent" type:"structure" payload:"Payload"` // The byte array of partial, one or more result records. - // // Payload is automatically base64 encoded/decoded by the SDK. Payload []byte `type:"blob"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RecordsEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RecordsEvent) GoString() string { return s.String() } @@ -31275,20 +39497,36 @@ type Redirect struct { // and in the Redirect set ReplaceKeyPrefixWith to /documents. Not required // if one of the siblings is present. Can be present only if ReplaceKeyWith // is not provided. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). ReplaceKeyPrefixWith *string `type:"string"` // The specific object key to use in the redirect request. For example, redirect // request to error.html. Not required if one of the siblings is present. Can // be present only if ReplaceKeyPrefixWith is not provided. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). ReplaceKeyWith *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Redirect) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Redirect) GoString() string { return s.String() } @@ -31338,12 +39576,20 @@ type RedirectAllRequestsTo struct { Protocol *string `type:"string" enum:"Protocol"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RedirectAllRequestsTo) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RedirectAllRequestsTo) GoString() string { return s.String() } @@ -31391,12 +39637,20 @@ type ReplicaModifications struct { Status *string `type:"string" required:"true" enum:"ReplicaModificationsStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicaModifications) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicaModifications) GoString() string { return s.String() } @@ -31425,10 +39679,10 @@ func (s *ReplicaModifications) SetStatus(v string) *ReplicaModifications { type ReplicationConfiguration struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the AWS Identity and Access Management - // (IAM) role that Amazon S3 assumes when replicating objects. For more information, + // The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) + // role that Amazon S3 assumes when replicating objects. For more information, // see How to Set Up Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-how-setup.html) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. // // Role is a required field Role *string `type:"string" required:"true"` @@ -31440,12 +39694,20 @@ type ReplicationConfiguration struct { Rules []*ReplicationRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationConfiguration) GoString() string { return s.String() } @@ -31515,7 +39777,7 @@ type ReplicationRule struct { // Optional configuration to replicate existing source bucket objects. For more // information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. ExistingObjectReplication *ExistingObjectReplication `type:"structure"` // A filter that identifies the subset of objects to which the replication rule @@ -31529,6 +39791,10 @@ type ReplicationRule struct { // the rule applies. The maximum prefix length is 1,024 characters. To include // all objects in a bucket, specify an empty string. // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + // // Deprecated: Prefix has been deprecated Prefix *string `deprecated:"true" type:"string"` @@ -31539,14 +39805,15 @@ type ReplicationRule struct { // with the highest priority. The higher the number, the higher the priority. // // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. Priority *int64 `type:"integer"` // A container that describes additional filters for identifying the source // objects that you want to replicate. You can choose to enable or disable the // replication of these objects. Currently, Amazon S3 supports only the filter // that you can specify for objects created with server-side encryption using - // a customer master key (CMK) stored in AWS Key Management Service (SSE-KMS). + // a customer managed key stored in Amazon Web Services Key Management Service + // (SSE-KMS). SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"` // Specifies whether the rule is enabled. @@ -31555,12 +39822,20 @@ type ReplicationRule struct { Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationRule) GoString() string { return s.String() } @@ -31661,11 +39936,11 @@ func (s *ReplicationRule) SetStatus(v string) *ReplicationRule { // // For example: // -// * If you specify both a Prefix and a Tag filter, wrap these filters in -// an And tag. +// - If you specify both a Prefix and a Tag filter, wrap these filters in +// an And tag. // -// * If you specify a filter based on multiple tags, wrap the Tag elements -// in an And tag +// - If you specify a filter based on multiple tags, wrap the Tag elements +// in an And tag. type ReplicationRuleAndOperator struct { _ struct{} `type:"structure"` @@ -31677,12 +39952,20 @@ type ReplicationRuleAndOperator struct { Tags []*Tag `locationName:"Tag" locationNameList:"Tag" type:"list" flattened:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationRuleAndOperator) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationRuleAndOperator) GoString() string { return s.String() } @@ -31737,6 +40020,10 @@ type ReplicationRuleFilter struct { // An object key name prefix that identifies the subset of objects to which // the rule applies. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). Prefix *string `type:"string"` // A container for specifying a tag key and value. @@ -31745,12 +40032,20 @@ type ReplicationRuleFilter struct { Tag *Tag `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationRuleFilter) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationRuleFilter) GoString() string { return s.String() } @@ -31812,12 +40107,20 @@ type ReplicationTime struct { Time *ReplicationTimeValue `type:"structure" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationTime) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationTime) GoString() string { return s.String() } @@ -31857,16 +40160,24 @@ type ReplicationTimeValue struct { // Contains an integer specifying time in minutes. // - // Valid values: 15 minutes. + // Valid value: 15 Minutes *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationTimeValue) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ReplicationTimeValue) GoString() string { return s.String() } @@ -31887,12 +40198,20 @@ type RequestPaymentConfiguration struct { Payer *string `type:"string" required:"true" enum:"Payer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RequestPaymentConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RequestPaymentConfiguration) GoString() string { return s.String() } @@ -31925,12 +40244,20 @@ type RequestProgress struct { Enabled *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RequestProgress) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RequestProgress) GoString() string { return s.String() } @@ -31946,39 +40273,63 @@ type RestoreObjectInput struct { // The bucket name containing the object to restore. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Object key for which the operation was initiated. + // Object key for which the action was initiated. // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for restore job parameters. @@ -31988,12 +40339,20 @@ type RestoreObjectInput struct { VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreObjectInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreObjectInput) GoString() string { return s.String() } @@ -32038,6 +40397,12 @@ func (s *RestoreObjectInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *RestoreObjectInput) SetChecksumAlgorithm(v string) *RestoreObjectInput { + s.ChecksumAlgorithm = &v + return s +} + // SetExpectedBucketOwner sets the ExpectedBucketOwner field's value. func (s *RestoreObjectInput) SetExpectedBucketOwner(v string) *RestoreObjectInput { s.ExpectedBucketOwner = &v @@ -32100,6 +40465,8 @@ type RestoreObjectOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Indicates the path in the provided S3 output location where Select results @@ -32107,12 +40474,20 @@ type RestoreObjectOutput struct { RestoreOutputPath *string `location:"header" locationName:"x-amz-restore-output-path" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreObjectOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreObjectOutput) GoString() string { return s.String() } @@ -32160,12 +40535,20 @@ type RestoreRequest struct { Type *string `type:"string" enum:"RestoreRequestType"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreRequest) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RestoreRequest) GoString() string { return s.String() } @@ -32237,10 +40620,71 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest { return s } +// Specifies the restoration status of an object. Objects in certain storage +// classes must be restored before they can be retrieved. For more information +// about these storage classes and how to work with archived objects, see Working +// with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) +// in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Only the S3 Express +// One Zone storage class is supported by directory buckets to store objects. +type RestoreStatus struct { + _ struct{} `type:"structure"` + + // Specifies whether the object is currently being restored. If the object restoration + // is in progress, the header returns the value TRUE. For example: + // + // x-amz-optional-object-attributes: IsRestoreInProgress="true" + // + // If the object restoration has completed, the header returns the value FALSE. + // For example: + // + // x-amz-optional-object-attributes: IsRestoreInProgress="false", RestoreExpiryDate="2012-12-21T00:00:00.000Z" + // + // If the object hasn't been restored, there is no header response. + IsRestoreInProgress *bool `type:"boolean"` + + // Indicates when the restored copy will expire. This value is populated only + // if the object has already been restored. For example: + // + // x-amz-optional-object-attributes: IsRestoreInProgress="false", RestoreExpiryDate="2012-12-21T00:00:00.000Z" + RestoreExpiryDate *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreStatus) GoString() string { + return s.String() +} + +// SetIsRestoreInProgress sets the IsRestoreInProgress field's value. +func (s *RestoreStatus) SetIsRestoreInProgress(v bool) *RestoreStatus { + s.IsRestoreInProgress = &v + return s +} + +// SetRestoreExpiryDate sets the RestoreExpiryDate field's value. +func (s *RestoreStatus) SetRestoreExpiryDate(v time.Time) *RestoreStatus { + s.RestoreExpiryDate = &v + return s +} + // Specifies the redirect behavior and when a redirect is applied. For more // information about routing rules, see Configuring advanced conditional redirects // (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. type RoutingRule struct { _ struct{} `type:"structure"` @@ -32258,12 +40702,20 @@ type RoutingRule struct { Redirect *Redirect `type:"structure" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RoutingRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s RoutingRule) GoString() string { return s.String() } @@ -32295,16 +40747,16 @@ func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule { // Specifies lifecycle rules for an Amazon S3 bucket. For more information, // see Put Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html) -// in the Amazon Simple Storage Service API Reference. For examples, see Put -// Bucket Lifecycle Configuration Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html#API_PutBucketLifecycleConfiguration_Examples) +// in the Amazon S3 API Reference. For examples, see Put Bucket Lifecycle Configuration +// Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html#API_PutBucketLifecycleConfiguration_Examples). type Rule struct { _ struct{} `type:"structure"` // Specifies the days since the initiation of an incomplete multipart upload // that Amazon S3 will wait before permanently removing all parts of the upload. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) - // in the Amazon Simple Storage Service Developer Guide. + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon S3 User Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` // Specifies the expiration for the lifecycle of the object. @@ -32321,17 +40773,21 @@ type Rule struct { NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"` // Container for the transition rule that describes when noncurrent objects - // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, - // or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning - // is suspended), you can set this action to request that Amazon S3 transition - // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, - // GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's - // lifetime. + // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, + // GLACIER, or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled + // (or versioning is suspended), you can set this action to request that Amazon + // S3 transition noncurrent object versions to the STANDARD_IA, ONEZONE_IA, + // INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE storage class at + // a specific period in the object's lifetime. NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"` // Object key prefix that identifies one or more objects to which this rule // applies. // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + // // Prefix is a required field Prefix *string `type:"string" required:"true"` @@ -32344,16 +40800,24 @@ type Rule struct { // Specifies when an object transitions to a specified storage class. For more // information about Amazon S3 lifecycle configuration rules, see Transitioning // Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. Transition *Transition `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Rule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Rule) GoString() string { return s.String() } @@ -32426,19 +40890,31 @@ func (s *Rule) SetTransition(v *Transition) *Rule { type SSEKMS struct { _ struct{} `locationName:"SSE-KMS" type:"structure"` - // Specifies the ID of the AWS Key Management Service (AWS KMS) symmetric customer - // managed customer master key (CMK) to use for encrypting inventory reports. + // Specifies the ID of the Key Management Service (KMS) symmetric encryption + // customer managed key to use for encrypting inventory reports. + // + // KeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SSEKMS's + // String and GoString methods. // // KeyId is a required field KeyId *string `type:"string" required:"true" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SSEKMS) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SSEKMS) GoString() string { return s.String() } @@ -32467,12 +40943,20 @@ type SSES3 struct { _ struct{} `locationName:"SSE-S3" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SSES3) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SSES3) GoString() string { return s.String() } @@ -32493,17 +40977,25 @@ type ScanRange struct { // Specifies the start of the byte range. This parameter is optional. Valid // values: non-negative integers. The default value is 0. If only start is supplied, - // it means scan from that point to the end of the file.For example; 50 + // it means scan from that point to the end of the file. For example, 50 // means scan from byte 50 until the end of the file. Start *int64 `type:"long"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ScanRange) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ScanRange) GoString() string { return s.String() } @@ -32525,11 +41017,11 @@ func (s *ScanRange) SetStart(v int64) *ScanRange { // // These events are: // -// * ContinuationEvent -// * EndEvent -// * ProgressEvent -// * RecordsEvent -// * StatsEvent +// - ContinuationEvent +// - EndEvent +// - ProgressEvent +// - RecordsEvent +// - StatsEvent type SelectObjectContentEventStreamEvent interface { eventSelectObjectContentEventStream() eventstreamapi.Marshaler @@ -32543,12 +41035,12 @@ type SelectObjectContentEventStreamEvent interface { // // These events are: // -// * ContinuationEvent -// * EndEvent -// * ProgressEvent -// * RecordsEvent -// * StatsEvent -// * SelectObjectContentEventStreamUnknownEvent +// - ContinuationEvent +// - EndEvent +// - ProgressEvent +// - RecordsEvent +// - StatsEvent +// - SelectObjectContentEventStreamUnknownEvent type SelectObjectContentEventStreamReader interface { // Returns a channel of events as they are read from the event stream. Events() <-chan SelectObjectContentEventStreamEvent @@ -32703,9 +41195,9 @@ type SelectObjectContentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The expression that is used to query the object. @@ -32736,16 +41228,26 @@ type SelectObjectContentInput struct { // Specifies if periodic request progress information should be enabled. RequestProgress *RequestProgress `type:"structure"` - // The SSE Algorithm used to encrypt the object. For more information, see Server-Side - // Encryption (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). + // The server-side encryption (SSE) algorithm used to encrypt the object. This + // parameter is needed only when the object was created using a checksum algorithm. + // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` - // The SSE Customer Key. For more information, see Server-Side Encryption (Using - // Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). + // The server-side encryption (SSE) customer managed key. This parameter is + // needed only when the object was created using a checksum algorithm. For more + // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SelectObjectContentInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // The SSE Customer Key MD5. For more information, see Server-Side Encryption - // (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). + // The MD5 server-side encryption (SSE) customer managed key. This parameter + // is needed only when the object was created using a checksum algorithm. For + // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the byte range of the object to get the records from. A record @@ -32767,12 +41269,20 @@ type SelectObjectContentInput struct { ScanRange *ScanRange `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SelectObjectContentInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SelectObjectContentInput) GoString() string { return s.String() } @@ -32930,12 +41440,20 @@ type SelectObjectContentOutput struct { EventStream *SelectObjectContentEventStream } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SelectObjectContentOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SelectObjectContentOutput) GoString() string { return s.String() } @@ -32978,12 +41496,20 @@ type SelectParameters struct { OutputSerialization *OutputSerialization `type:"structure" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SelectParameters) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SelectParameters) GoString() string { return s.String() } @@ -33036,30 +41562,43 @@ func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *Selec // Describes the default server-side encryption to apply to new objects in the // bucket. If a PUT Object request doesn't specify any server-side encryption, -// this default encryption will be applied. For more information, see PUT Bucket -// encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) -// in the Amazon Simple Storage Service API Reference. +// this default encryption will be applied. If you don't specify a customer +// managed key at configuration, Amazon S3 automatically creates an Amazon Web +// Services KMS key in your Amazon Web Services account the first time that +// you add an object encrypted with SSE-KMS to a bucket. By default, Amazon +// S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption +// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) +// in the Amazon S3 API Reference. type ServerSideEncryptionByDefault struct { _ struct{} `type:"structure"` - // AWS Key Management Service (KMS) customer master key ID to use for the default - // encryption. This parameter is allowed if and only if SSEAlgorithm is set - // to aws:kms. + // Amazon Web Services Key Management Service (KMS) customer Amazon Web Services + // KMS key ID to use for the default encryption. This parameter is allowed if + // and only if SSEAlgorithm is set to aws:kms or aws:kms:dsse. // - // You can specify the key ID or the Amazon Resource Name (ARN) of the CMK. - // However, if you are using encryption with cross-account operations, you must - // use a fully qualified CMK ARN. For more information, see Using encryption - // for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - // - // For example: + // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) + // of the KMS key. // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // Amazon S3 only supports symmetric CMKs and not asymmetric CMKs. For more - // information, see Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) - // in the AWS Key Management Service Developer Guide. + // * Key Alias: alias/alias-name + // + // If you use a key ID, you can run into a LogDestination undeliverable error + // when creating a VPC flow log. + // + // If you are using encryption with cross-account or Amazon Web Services service + // operations you must use a fully qualified KMS key ARN. For more information, + // see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + // + // Amazon S3 only supports symmetric encryption KMS keys. For more information, + // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // in the Amazon Web Services Key Management Service Developer Guide. + // + // KMSMasterKeyID is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ServerSideEncryptionByDefault's + // String and GoString methods. KMSMasterKeyID *string `type:"string" sensitive:"true"` // Server-side encryption algorithm to use for the default encryption. @@ -33068,12 +41607,20 @@ type ServerSideEncryptionByDefault struct { SSEAlgorithm *string `type:"string" required:"true" enum:"ServerSideEncryption"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ServerSideEncryptionByDefault) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ServerSideEncryptionByDefault) GoString() string { return s.String() } @@ -33114,12 +41661,20 @@ type ServerSideEncryptionConfiguration struct { Rules []*ServerSideEncryptionRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ServerSideEncryptionConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ServerSideEncryptionConfiguration) GoString() string { return s.String() } @@ -33168,16 +41723,24 @@ type ServerSideEncryptionRule struct { // S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. // // For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. BucketKeyEnabled *bool `type:"boolean"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ServerSideEncryptionRule) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s ServerSideEncryptionRule) GoString() string { return s.String() } @@ -33209,11 +41772,124 @@ func (s *ServerSideEncryptionRule) SetBucketKeyEnabled(v bool) *ServerSideEncryp return s } +// The established temporary security credentials of the session. +// +// Directory buckets - These session credentials are only supported for the +// authentication and authorization of Zonal endpoint APIs on directory buckets. +type SessionCredentials struct { + _ struct{} `type:"structure"` + + // A unique identifier that's associated with a secret access key. The access + // key ID and the secret access key are used together to sign programmatic Amazon + // Web Services requests cryptographically. + // + // AccessKeyId is a required field + AccessKeyId *string `locationName:"AccessKeyId" type:"string" required:"true"` + + // Temporary security credentials expire after a specified interval. After temporary + // credentials expire, any calls that you make with those credentials will fail. + // So you must generate a new set of temporary credentials. Temporary credentials + // cannot be extended or refreshed beyond the original specified interval. + // + // Expiration is a required field + Expiration *time.Time `locationName:"Expiration" type:"timestamp" required:"true"` + + // A key that's used with the access key ID to cryptographically sign programmatic + // Amazon Web Services requests. Signing a request identifies the sender and + // prevents the request from being altered. + // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SecretAccessKey is a required field + SecretAccessKey *string `locationName:"SecretAccessKey" type:"string" required:"true" sensitive:"true"` + + // A part of the temporary security credentials. The session token is used to + // validate the temporary security credentials. + // + // SessionToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SessionToken is a required field + SessionToken *string `locationName:"SessionToken" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *SessionCredentials) SetAccessKeyId(v string) *SessionCredentials { + s.AccessKeyId = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *SessionCredentials) SetExpiration(v time.Time) *SessionCredentials { + s.Expiration = &v + return s +} + +// SetSecretAccessKey sets the SecretAccessKey field's value. +func (s *SessionCredentials) SetSecretAccessKey(v string) *SessionCredentials { + s.SecretAccessKey = &v + return s +} + +// SetSessionToken sets the SessionToken field's value. +func (s *SessionCredentials) SetSessionToken(v string) *SessionCredentials { + s.SessionToken = &v + return s +} + +// To use simple format for S3 keys for log objects, set SimplePrefix to an +// empty object. +// +// [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +type SimplePrefix struct { + _ struct{} `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) GoString() string { + return s.String() +} + // A container that describes additional filters for identifying the source // objects that you want to replicate. You can choose to enable or disable the // replication of these objects. Currently, Amazon S3 supports only the filter // that you can specify for objects created with server-side encryption using -// a customer master key (CMK) stored in AWS Key Management Service (SSE-KMS). +// a customer managed key stored in Amazon Web Services Key Management Service +// (SSE-KMS). type SourceSelectionCriteria struct { _ struct{} `type:"structure"` @@ -33229,17 +41905,25 @@ type SourceSelectionCriteria struct { ReplicaModifications *ReplicaModifications `type:"structure"` // A container for filter information for the selection of Amazon S3 objects - // encrypted with AWS KMS. If you include SourceSelectionCriteria in the replication - // configuration, this element is required. + // encrypted with Amazon Web Services KMS. If you include SourceSelectionCriteria + // in the replication configuration, this element is required. SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SourceSelectionCriteria) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SourceSelectionCriteria) GoString() string { return s.String() } @@ -33277,23 +41961,32 @@ func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedOb } // A container for filter information for the selection of S3 objects encrypted -// with AWS KMS. +// with Amazon Web Services KMS. type SseKmsEncryptedObjects struct { _ struct{} `type:"structure"` // Specifies whether Amazon S3 replicates objects created with server-side encryption - // using a customer master key (CMK) stored in AWS Key Management Service. + // using an Amazon Web Services KMS key stored in Amazon Web Services Key Management + // Service. // // Status is a required field Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SseKmsEncryptedObjects) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s SseKmsEncryptedObjects) GoString() string { return s.String() } @@ -33331,12 +42024,20 @@ type Stats struct { BytesScanned *int64 `type:"long"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Stats) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Stats) GoString() string { return s.String() } @@ -33367,12 +42068,20 @@ type StatsEvent struct { Details *Stats `locationName:"Details" type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StatsEvent) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StatsEvent) GoString() string { return s.String() } @@ -33423,12 +42132,20 @@ type StorageClassAnalysis struct { DataExport *StorageClassAnalysisDataExport `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StorageClassAnalysis) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StorageClassAnalysis) GoString() string { return s.String() } @@ -33470,12 +42187,20 @@ type StorageClassAnalysisDataExport struct { OutputSchemaVersion *string `type:"string" required:"true" enum:"StorageClassAnalysisSchemaVersion"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StorageClassAnalysisDataExport) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s StorageClassAnalysisDataExport) GoString() string { return s.String() } @@ -33528,12 +42253,20 @@ type Tag struct { Value *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) GoString() string { return s.String() } @@ -33579,12 +42312,20 @@ type Tagging struct { TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tagging) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tagging) GoString() string { return s.String() } @@ -33619,6 +42360,11 @@ func (s *Tagging) SetTagSet(v []*Tag) *Tagging { } // Container for granting information. +// +// Buckets that use the bucket owner enforced setting for Object Ownership don't +// support target grants. For more information, see Permissions server access +// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) +// in the Amazon S3 User Guide. type TargetGrant struct { _ struct{} `type:"structure"` @@ -33629,12 +42375,20 @@ type TargetGrant struct { Permission *string `type:"string" enum:"BucketLogsPermission"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TargetGrant) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TargetGrant) GoString() string { return s.String() } @@ -33666,6 +42420,49 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant { return s } +// Amazon S3 key format for log objects. Only one format, PartitionedPrefix +// or SimplePrefix, is allowed. +type TargetObjectKeyFormat struct { + _ struct{} `type:"structure"` + + // Partitioned S3 key for log objects. + PartitionedPrefix *PartitionedPrefix `locationName:"PartitionedPrefix" type:"structure"` + + // To use the simple format for S3 keys for log objects. To specify SimplePrefix + // format, set SimplePrefix to {}. + SimplePrefix *SimplePrefix `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) GoString() string { + return s.String() +} + +// SetPartitionedPrefix sets the PartitionedPrefix field's value. +func (s *TargetObjectKeyFormat) SetPartitionedPrefix(v *PartitionedPrefix) *TargetObjectKeyFormat { + s.PartitionedPrefix = v + return s +} + +// SetSimplePrefix sets the SimplePrefix field's value. +func (s *TargetObjectKeyFormat) SetSimplePrefix(v *SimplePrefix) *TargetObjectKeyFormat { + s.SimplePrefix = v + return s +} + // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access // tier, without additional operational overhead. @@ -33689,12 +42486,20 @@ type Tiering struct { Days *int64 `type:"integer" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tiering) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tiering) GoString() string { return s.String() } @@ -33735,14 +42540,15 @@ type TopicConfiguration struct { // The Amazon S3 bucket event about which to send notifications. For more information, // see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. // // Events is a required field - Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` + Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true" enum:"Event"` // Specifies object key name filtering rules. For information about key name - // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) - // in the Amazon Simple Storage Service Developer Guide. + // filtering, see Configuring event notifications using object key name filtering + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-filtering.html) + // in the Amazon S3 User Guide. Filter *NotificationConfigurationFilter `type:"structure"` // An optional unique identifier for configurations in a notification configuration. @@ -33756,12 +42562,20 @@ type TopicConfiguration struct { TopicArn *string `locationName:"Topic" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TopicConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TopicConfiguration) GoString() string { return s.String() } @@ -33820,7 +42634,7 @@ type TopicConfigurationDeprecated struct { Event *string `deprecated:"true" type:"string" enum:"Event"` // A collection of events related to objects - Events []*string `locationName:"Event" type:"list" flattened:"true"` + Events []*string `locationName:"Event" type:"list" flattened:"true" enum:"Event"` // An optional unique identifier for configurations in a notification configuration. // If you don't provide one, Amazon S3 will assign an ID. @@ -33831,12 +42645,20 @@ type TopicConfigurationDeprecated struct { Topic *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TopicConfigurationDeprecated) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s TopicConfigurationDeprecated) GoString() string { return s.String() } @@ -33868,7 +42690,7 @@ func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDep // Specifies when an object transitions to a specified storage class. For more // information about Amazon S3 lifecycle configuration rules, see Transitioning // Objects Using Amazon S3 Lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html) -// in the Amazon Simple Storage Service Developer Guide. +// in the Amazon S3 User Guide. type Transition struct { _ struct{} `type:"structure"` @@ -33884,12 +42706,20 @@ type Transition struct { StorageClass *string `type:"string" enum:"TransitionStorageClass"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Transition) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Transition) GoString() string { return s.String() } @@ -33917,32 +42747,46 @@ type UploadPartCopyInput struct { // The bucket name. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies the source object for the copy operation. You specify the value // in one of two formats, depending on whether you want to access the source - // object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html): + // object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): // // * For objects not accessed through an access point, specify the name of // the source bucket and key of the source object, separated by a slash (/). // For example, to copy the object reports/january.pdf from the bucket awsexamplebucket, - // use awsexamplebucket/reports/january.pdf. The value must be URL encoded. + // use awsexamplebucket/reports/january.pdf. The value must be URL-encoded. // // * For objects accessed through access points, specify the Amazon Resource // Name (ARN) of the object as accessed through the access point, in the @@ -33951,33 +42795,81 @@ type UploadPartCopyInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same AWS Region. Alternatively, for objects accessed through Amazon S3 - // on Outposts, specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. - // The value must be URL encoded. + // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). - // If you don't specify a version ID, Amazon S3 copies the latest version of - // the source object. + // If your bucket has versioning enabled, you could have multiple versions of + // the same object. By default, x-amz-copy-source identifies the current version + // of the source object to copy. To copy a specific version of the source object + // to copy, append ?versionId= to the x-amz-copy-source request + // header (for example, x-amz-copy-source: /awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // + // If the current version is a delete marker and you don't specify a versionId + // in the x-amz-copy-source request header, Amazon S3 returns a 404 Not Found + // error, because the object does not exist. If you specify versionId in the + // x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns + // an HTTP 400 Bad Request error, because you are not allowed to specify a delete + // marker as a version for the x-amz-copy-source. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // The range of bytes to copy from the source object. The range value must use @@ -33989,26 +42881,39 @@ type UploadPartCopyInput struct { // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt // the source object. The encryption key provided in this header must be one // that was used when the source object was created. + // + // This functionality is not supported when the source object is in a directory + // bucket. + // + // CopySourceSSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UploadPartCopyInput's + // String and GoString methods. CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account id of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request will fail with an HTTP - // 403 (Access Denied) error. + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account id of the expected source bucket owner. If the source bucket - // is owned by a different account, the request will fail with an HTTP 403 (Access - // Denied) error. + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -34023,14 +42928,20 @@ type UploadPartCopyInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -34039,11 +42950,21 @@ type UploadPartCopyInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. This must be the same encryption key specified in the initiate multipart // upload request. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UploadPartCopyInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being copied. @@ -34052,12 +42973,20 @@ type UploadPartCopyInput struct { UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartCopyInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartCopyInput) GoString() string { return s.String() } @@ -34259,7 +43188,9 @@ type UploadPartCopyOutput struct { _ struct{} `type:"structure" payload:"CopyPartResult"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with AWS KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. @@ -34267,38 +43198,63 @@ type UploadPartCopyOutput struct { // The version of the source object that was copied, if you have enabled versioning // on the source bucket. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) that was used for the - // object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UploadPartCopyOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartCopyOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartCopyOutput) GoString() string { return s.String() } @@ -34359,24 +43315,86 @@ type UploadPartInput struct { // The name of the bucket to which the multipart upload was initiated. // - // When using this API with an access point, you must direct requests to the - // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this operation with an access point through the AWS SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) - // in the Amazon Simple Storage Service Developer Guide. - // - // When using this API with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // using this operation using S3 on Outposts through the AWS SDKs, you provide - // the Outposts bucket ARN in place of the bucket name. For more information - // about S3 on Outposts ARNs, see Using S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) - // in the Amazon Simple Storage Service Developer Guide. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. + // + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm + // parameter. + // + // This checksum algorithm must be the same for all parts and it match the checksum + // value supplied in the CreateMultipartUpload request. + // + // The AWS SDK for Go v1 does not support automatic computing request payload + // checksum. This feature is available in the AWS SDK for Go v2. If a value + // is specified for this parameter, the matching algorithm's checksum member + // must be populated with the algorithm's checksum of the request payload. + ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32 checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 32-bit CRC32C checksum of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 160-bit SHA-1 digest of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies + // the base64-encoded, 256-bit SHA-256 digest of the object. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` + // Size of the body in bytes. This parameter is useful when the size of the // body cannot be determined automatically. ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` @@ -34384,11 +43402,13 @@ type UploadPartInput struct { // The base64-encoded 128-bit MD5 digest of the part data. This parameter is // auto-populated when using the command from the CLI. This parameter is required // if object lock parameters are specified. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` - // The account id of the expected bucket owner. If the bucket is owned by a - // different account, the request will fail with an HTTP 403 (Access Denied) - // error. + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -34403,14 +43423,19 @@ type UploadPartInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from requester pays buckets, see Downloading Objects - // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects + // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -34419,11 +43444,19 @@ type UploadPartInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. This must be the same encryption key specified in the initiate multipart // upload request. + // + // This functionality is not supported for directory buckets. + // + // SSECustomerKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UploadPartInput's + // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being uploaded. @@ -34432,12 +43465,20 @@ type UploadPartInput struct { UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartInput) GoString() string { return s.String() } @@ -34489,6 +43530,36 @@ func (s *UploadPartInput) getBucket() (v string) { return *s.Bucket } +// SetChecksumAlgorithm sets the ChecksumAlgorithm field's value. +func (s *UploadPartInput) SetChecksumAlgorithm(v string) *UploadPartInput { + s.ChecksumAlgorithm = &v + return s +} + +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *UploadPartInput) SetChecksumCRC32(v string) *UploadPartInput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *UploadPartInput) SetChecksumCRC32C(v string) *UploadPartInput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *UploadPartInput) SetChecksumSHA1(v string) *UploadPartInput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *UploadPartInput) SetChecksumSHA256(v string) *UploadPartInput { + s.ChecksumSHA256 = &v + return s +} + // SetContentLength sets the ContentLength field's value. func (s *UploadPartInput) SetContentLength(v int64) *UploadPartInput { s.ContentLength = &v @@ -34587,41 +43658,106 @@ type UploadPartOutput struct { _ struct{} `type:"structure"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with AWS KMS (SSE-KMS). + // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` + // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` + + // The base64-encoded, 32-bit CRC32C checksum of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` + + // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` + + // The base64-encoded, 256-bit SHA-256 digest of the object. This will only + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // in the Amazon S3 User Guide. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` + // Entity tag for the uploaded object. ETag *string `location:"header" locationName:"ETag" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (AWS KMS) - // symmetric customer managed customer master key (CMK) was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UploadPartOutput's + // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s UploadPartOutput) GoString() string { return s.String() } @@ -34632,6 +43768,30 @@ func (s *UploadPartOutput) SetBucketKeyEnabled(v bool) *UploadPartOutput { return s } +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *UploadPartOutput) SetChecksumCRC32(v string) *UploadPartOutput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *UploadPartOutput) SetChecksumCRC32C(v string) *UploadPartOutput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *UploadPartOutput) SetChecksumSHA1(v string) *UploadPartOutput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *UploadPartOutput) SetChecksumSHA256(v string) *UploadPartOutput { + s.ChecksumSHA256 = &v + return s +} + // SetETag sets the ETag field's value. func (s *UploadPartOutput) SetETag(v string) *UploadPartOutput { s.ETag = &v @@ -34670,7 +43830,7 @@ func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput { // Describes the versioning state of an Amazon S3 bucket. For more information, // see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type VersioningConfiguration struct { _ struct{} `type:"structure"` @@ -34683,12 +43843,20 @@ type VersioningConfiguration struct { Status *string `type:"string" enum:"BucketVersioningStatus"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s VersioningConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s VersioningConfiguration) GoString() string { return s.String() } @@ -34724,12 +43892,20 @@ type WebsiteConfiguration struct { RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s WebsiteConfiguration) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s WebsiteConfiguration) GoString() string { return s.String() } @@ -34793,6 +43969,552 @@ func (s *WebsiteConfiguration) SetRoutingRules(v []*RoutingRule) *WebsiteConfigu return s } +type WriteGetObjectResponseInput struct { + _ struct{} `locationName:"WriteGetObjectResponseRequest" type:"structure" payload:"Body"` + + // Indicates that a range of bytes was specified. + AcceptRanges *string `location:"header" locationName:"x-amz-fwd-header-accept-ranges" type:"string"` + + // The object data. + // + // To use an non-seekable io.Reader for this request wrap the io.Reader with + // "aws.ReadSeekCloser". The SDK will not retry request errors for non-seekable + // readers. This will allow the SDK to send the reader's payload as chunked + // transfer encoding. + Body io.ReadSeeker `type:"blob"` + + // Indicates whether the object stored in Amazon S3 uses an S3 bucket key for + // server-side encryption with Amazon Web Services KMS (SSE-KMS). + BucketKeyEnabled *bool `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` + + // Specifies caching behavior along the request/reply chain. + CacheControl *string `location:"header" locationName:"x-amz-fwd-header-Cache-Control" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This specifies the base64-encoded, + // 32-bit CRC32 checksum of the object returned by the Object Lambda function. + // This may not match the checksum for the object stored in Amazon S3. Amazon + // S3 will perform validation of the checksum values only when the original + // GetObject request required checksum validation. For more information about + // checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // Only one checksum header can be specified at a time. If you supply multiple + // checksum headers, this request will fail. + ChecksumCRC32 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-crc32" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This specifies the base64-encoded, + // 32-bit CRC32C checksum of the object returned by the Object Lambda function. + // This may not match the checksum for the object stored in Amazon S3. Amazon + // S3 will perform validation of the checksum values only when the original + // GetObject request required checksum validation. For more information about + // checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // Only one checksum header can be specified at a time. If you supply multiple + // checksum headers, this request will fail. + ChecksumCRC32C *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-crc32c" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This specifies the base64-encoded, + // 160-bit SHA-1 digest of the object returned by the Object Lambda function. + // This may not match the checksum for the object stored in Amazon S3. Amazon + // S3 will perform validation of the checksum values only when the original + // GetObject request required checksum validation. For more information about + // checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // Only one checksum header can be specified at a time. If you supply multiple + // checksum headers, this request will fail. + ChecksumSHA1 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-sha1" type:"string"` + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This specifies the base64-encoded, + // 256-bit SHA-256 digest of the object returned by the Object Lambda function. + // This may not match the checksum for the object stored in Amazon S3. Amazon + // S3 will perform validation of the checksum values only when the original + // GetObject request required checksum validation. For more information about + // checksums, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. + // + // Only one checksum header can be specified at a time. If you supply multiple + // checksum headers, this request will fail. + ChecksumSHA256 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-checksum-sha256" type:"string"` + + // Specifies presentational information for the object. + ContentDisposition *string `location:"header" locationName:"x-amz-fwd-header-Content-Disposition" type:"string"` + + // Specifies what content encodings have been applied to the object and thus + // what decoding mechanisms must be applied to obtain the media-type referenced + // by the Content-Type header field. + ContentEncoding *string `location:"header" locationName:"x-amz-fwd-header-Content-Encoding" type:"string"` + + // The language the content is in. + ContentLanguage *string `location:"header" locationName:"x-amz-fwd-header-Content-Language" type:"string"` + + // The size of the content body in bytes. + ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` + + // The portion of the object returned in the response. + ContentRange *string `location:"header" locationName:"x-amz-fwd-header-Content-Range" type:"string"` + + // A standard MIME type describing the format of the object data. + ContentType *string `location:"header" locationName:"x-amz-fwd-header-Content-Type" type:"string"` + + // Specifies whether an object stored in Amazon S3 is (true) or is not (false) + // a delete marker. + DeleteMarker *bool `location:"header" locationName:"x-amz-fwd-header-x-amz-delete-marker" type:"boolean"` + + // An opaque identifier assigned by a web server to a specific version of a + // resource found at a URL. + ETag *string `location:"header" locationName:"x-amz-fwd-header-ETag" type:"string"` + + // A string that uniquely identifies an error condition. Returned in the + // tag of the error XML response for a corresponding GetObject call. Cannot + // be used with a successful StatusCode header or when the transformed object + // is provided in the body. All error codes from S3 are sentence-cased. The + // regular expression (regex) value is "^[A-Z][a-zA-Z]+$". + ErrorCode *string `location:"header" locationName:"x-amz-fwd-error-code" type:"string"` + + // Contains a generic description of the error condition. Returned in the + // tag of the error XML response for a corresponding GetObject call. Cannot + // be used with a successful StatusCode header or when the transformed object + // is provided in body. + ErrorMessage *string `location:"header" locationName:"x-amz-fwd-error-message" type:"string"` + + // If the object expiration is configured (see PUT Bucket lifecycle), the response + // includes this header. It includes the expiry-date and rule-id key-value pairs + // that provide the object expiration information. The value of the rule-id + // is URL-encoded. + Expiration *string `location:"header" locationName:"x-amz-fwd-header-x-amz-expiration" type:"string"` + + // The date and time at which the object is no longer cacheable. + Expires *time.Time `location:"header" locationName:"x-amz-fwd-header-Expires" type:"timestamp"` + + // The date and time that the object was last modified. + LastModified *time.Time `location:"header" locationName:"x-amz-fwd-header-Last-Modified" type:"timestamp"` + + // A map of metadata to store with the object in S3. + Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` + + // Set to the number of metadata entries not returned in x-amz-meta headers. + // This can happen if you create metadata using an API like SOAP that supports + // more flexible metadata than the REST API. For example, using SOAP, you can + // create metadata whose values are not legal HTTP headers. + MissingMeta *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-missing-meta" type:"integer"` + + // Indicates whether an object stored in Amazon S3 has an active legal hold. + ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` + + // Indicates whether an object stored in Amazon S3 has Object Lock enabled. + // For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html). + ObjectLockMode *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` + + // The date and time when Object Lock is configured to expire. + ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` + + // The count of parts this object has. + PartsCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-mp-parts-count" type:"integer"` + + // Indicates if request involves bucket that is either a source or destination + // in a Replication rule. For more information about S3 Replication, see Replication + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html). + ReplicationStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-replication-status" type:"string" enum:"ReplicationStatus"` + + // If present, indicates that the requester was successfully charged for the + // request. + // + // This functionality is not supported for directory buckets. + RequestCharged *string `location:"header" locationName:"x-amz-fwd-header-x-amz-request-charged" type:"string" enum:"RequestCharged"` + + // Route prefix to the HTTP URL generated. + // + // RequestRoute is a required field + RequestRoute *string `location:"header" locationName:"x-amz-request-route" type:"string" required:"true"` + + // A single use encrypted token that maps WriteGetObjectResponse to the end + // user GetObject request. + // + // RequestToken is a required field + RequestToken *string `location:"header" locationName:"x-amz-request-token" type:"string" required:"true"` + + // Provides information about object restoration operation and expiration time + // of the restored object copy. + Restore *string `location:"header" locationName:"x-amz-fwd-header-x-amz-restore" type:"string"` + + // Encryption algorithm used if server-side encryption with a customer-provided + // encryption key was specified for object stored in Amazon S3. + SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm" type:"string"` + + // 128-bit MD5 digest of customer-provided encryption key used in Amazon S3 + // to encrypt data stored in S3. For more information, see Protecting data using + // server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html). + SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"` + + // If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the Amazon + // Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption + // customer managed key that was used for stored in Amazon S3 object. + // + // SSEKMSKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by WriteGetObjectResponseInput's + // String and GoString methods. + SSEKMSKeyId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` + + // The server-side encryption algorithm used when storing requested object in + // Amazon S3 (for example, AES256, aws:kms). + ServerSideEncryption *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` + + // The integer status code for an HTTP response of a corresponding GetObject + // request. The following is a list of status codes. + // + // * 200 - OK + // + // * 206 - Partial Content + // + // * 304 - Not Modified + // + // * 400 - Bad Request + // + // * 401 - Unauthorized + // + // * 403 - Forbidden + // + // * 404 - Not Found + // + // * 405 - Method Not Allowed + // + // * 409 - Conflict + // + // * 411 - Length Required + // + // * 412 - Precondition Failed + // + // * 416 - Range Not Satisfiable + // + // * 500 - Internal Server Error + // + // * 503 - Service Unavailable + StatusCode *int64 `location:"header" locationName:"x-amz-fwd-status" type:"integer"` + + // Provides storage class information of the object. Amazon S3 returns this + // header for all objects except for S3 Standard storage class objects. + // + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + StorageClass *string `location:"header" locationName:"x-amz-fwd-header-x-amz-storage-class" type:"string" enum:"StorageClass"` + + // The number of tags, if any, on the object. + TagCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-tagging-count" type:"integer"` + + // An ID used to reference a specific version of the object. + VersionId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-version-id" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WriteGetObjectResponseInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WriteGetObjectResponseInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *WriteGetObjectResponseInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "WriteGetObjectResponseInput"} + if s.RequestRoute == nil { + invalidParams.Add(request.NewErrParamRequired("RequestRoute")) + } + if s.RequestRoute != nil && len(*s.RequestRoute) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RequestRoute", 1)) + } + if s.RequestToken == nil { + invalidParams.Add(request.NewErrParamRequired("RequestToken")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAcceptRanges sets the AcceptRanges field's value. +func (s *WriteGetObjectResponseInput) SetAcceptRanges(v string) *WriteGetObjectResponseInput { + s.AcceptRanges = &v + return s +} + +// SetBody sets the Body field's value. +func (s *WriteGetObjectResponseInput) SetBody(v io.ReadSeeker) *WriteGetObjectResponseInput { + s.Body = v + return s +} + +// SetBucketKeyEnabled sets the BucketKeyEnabled field's value. +func (s *WriteGetObjectResponseInput) SetBucketKeyEnabled(v bool) *WriteGetObjectResponseInput { + s.BucketKeyEnabled = &v + return s +} + +// SetCacheControl sets the CacheControl field's value. +func (s *WriteGetObjectResponseInput) SetCacheControl(v string) *WriteGetObjectResponseInput { + s.CacheControl = &v + return s +} + +// SetChecksumCRC32 sets the ChecksumCRC32 field's value. +func (s *WriteGetObjectResponseInput) SetChecksumCRC32(v string) *WriteGetObjectResponseInput { + s.ChecksumCRC32 = &v + return s +} + +// SetChecksumCRC32C sets the ChecksumCRC32C field's value. +func (s *WriteGetObjectResponseInput) SetChecksumCRC32C(v string) *WriteGetObjectResponseInput { + s.ChecksumCRC32C = &v + return s +} + +// SetChecksumSHA1 sets the ChecksumSHA1 field's value. +func (s *WriteGetObjectResponseInput) SetChecksumSHA1(v string) *WriteGetObjectResponseInput { + s.ChecksumSHA1 = &v + return s +} + +// SetChecksumSHA256 sets the ChecksumSHA256 field's value. +func (s *WriteGetObjectResponseInput) SetChecksumSHA256(v string) *WriteGetObjectResponseInput { + s.ChecksumSHA256 = &v + return s +} + +// SetContentDisposition sets the ContentDisposition field's value. +func (s *WriteGetObjectResponseInput) SetContentDisposition(v string) *WriteGetObjectResponseInput { + s.ContentDisposition = &v + return s +} + +// SetContentEncoding sets the ContentEncoding field's value. +func (s *WriteGetObjectResponseInput) SetContentEncoding(v string) *WriteGetObjectResponseInput { + s.ContentEncoding = &v + return s +} + +// SetContentLanguage sets the ContentLanguage field's value. +func (s *WriteGetObjectResponseInput) SetContentLanguage(v string) *WriteGetObjectResponseInput { + s.ContentLanguage = &v + return s +} + +// SetContentLength sets the ContentLength field's value. +func (s *WriteGetObjectResponseInput) SetContentLength(v int64) *WriteGetObjectResponseInput { + s.ContentLength = &v + return s +} + +// SetContentRange sets the ContentRange field's value. +func (s *WriteGetObjectResponseInput) SetContentRange(v string) *WriteGetObjectResponseInput { + s.ContentRange = &v + return s +} + +// SetContentType sets the ContentType field's value. +func (s *WriteGetObjectResponseInput) SetContentType(v string) *WriteGetObjectResponseInput { + s.ContentType = &v + return s +} + +// SetDeleteMarker sets the DeleteMarker field's value. +func (s *WriteGetObjectResponseInput) SetDeleteMarker(v bool) *WriteGetObjectResponseInput { + s.DeleteMarker = &v + return s +} + +// SetETag sets the ETag field's value. +func (s *WriteGetObjectResponseInput) SetETag(v string) *WriteGetObjectResponseInput { + s.ETag = &v + return s +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *WriteGetObjectResponseInput) SetErrorCode(v string) *WriteGetObjectResponseInput { + s.ErrorCode = &v + return s +} + +// SetErrorMessage sets the ErrorMessage field's value. +func (s *WriteGetObjectResponseInput) SetErrorMessage(v string) *WriteGetObjectResponseInput { + s.ErrorMessage = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *WriteGetObjectResponseInput) SetExpiration(v string) *WriteGetObjectResponseInput { + s.Expiration = &v + return s +} + +// SetExpires sets the Expires field's value. +func (s *WriteGetObjectResponseInput) SetExpires(v time.Time) *WriteGetObjectResponseInput { + s.Expires = &v + return s +} + +// SetLastModified sets the LastModified field's value. +func (s *WriteGetObjectResponseInput) SetLastModified(v time.Time) *WriteGetObjectResponseInput { + s.LastModified = &v + return s +} + +// SetMetadata sets the Metadata field's value. +func (s *WriteGetObjectResponseInput) SetMetadata(v map[string]*string) *WriteGetObjectResponseInput { + s.Metadata = v + return s +} + +// SetMissingMeta sets the MissingMeta field's value. +func (s *WriteGetObjectResponseInput) SetMissingMeta(v int64) *WriteGetObjectResponseInput { + s.MissingMeta = &v + return s +} + +// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value. +func (s *WriteGetObjectResponseInput) SetObjectLockLegalHoldStatus(v string) *WriteGetObjectResponseInput { + s.ObjectLockLegalHoldStatus = &v + return s +} + +// SetObjectLockMode sets the ObjectLockMode field's value. +func (s *WriteGetObjectResponseInput) SetObjectLockMode(v string) *WriteGetObjectResponseInput { + s.ObjectLockMode = &v + return s +} + +// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value. +func (s *WriteGetObjectResponseInput) SetObjectLockRetainUntilDate(v time.Time) *WriteGetObjectResponseInput { + s.ObjectLockRetainUntilDate = &v + return s +} + +// SetPartsCount sets the PartsCount field's value. +func (s *WriteGetObjectResponseInput) SetPartsCount(v int64) *WriteGetObjectResponseInput { + s.PartsCount = &v + return s +} + +// SetReplicationStatus sets the ReplicationStatus field's value. +func (s *WriteGetObjectResponseInput) SetReplicationStatus(v string) *WriteGetObjectResponseInput { + s.ReplicationStatus = &v + return s +} + +// SetRequestCharged sets the RequestCharged field's value. +func (s *WriteGetObjectResponseInput) SetRequestCharged(v string) *WriteGetObjectResponseInput { + s.RequestCharged = &v + return s +} + +// SetRequestRoute sets the RequestRoute field's value. +func (s *WriteGetObjectResponseInput) SetRequestRoute(v string) *WriteGetObjectResponseInput { + s.RequestRoute = &v + return s +} + +// SetRequestToken sets the RequestToken field's value. +func (s *WriteGetObjectResponseInput) SetRequestToken(v string) *WriteGetObjectResponseInput { + s.RequestToken = &v + return s +} + +// SetRestore sets the Restore field's value. +func (s *WriteGetObjectResponseInput) SetRestore(v string) *WriteGetObjectResponseInput { + s.Restore = &v + return s +} + +// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value. +func (s *WriteGetObjectResponseInput) SetSSECustomerAlgorithm(v string) *WriteGetObjectResponseInput { + s.SSECustomerAlgorithm = &v + return s +} + +// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value. +func (s *WriteGetObjectResponseInput) SetSSECustomerKeyMD5(v string) *WriteGetObjectResponseInput { + s.SSECustomerKeyMD5 = &v + return s +} + +// SetSSEKMSKeyId sets the SSEKMSKeyId field's value. +func (s *WriteGetObjectResponseInput) SetSSEKMSKeyId(v string) *WriteGetObjectResponseInput { + s.SSEKMSKeyId = &v + return s +} + +// SetServerSideEncryption sets the ServerSideEncryption field's value. +func (s *WriteGetObjectResponseInput) SetServerSideEncryption(v string) *WriteGetObjectResponseInput { + s.ServerSideEncryption = &v + return s +} + +// SetStatusCode sets the StatusCode field's value. +func (s *WriteGetObjectResponseInput) SetStatusCode(v int64) *WriteGetObjectResponseInput { + s.StatusCode = &v + return s +} + +// SetStorageClass sets the StorageClass field's value. +func (s *WriteGetObjectResponseInput) SetStorageClass(v string) *WriteGetObjectResponseInput { + s.StorageClass = &v + return s +} + +// SetTagCount sets the TagCount field's value. +func (s *WriteGetObjectResponseInput) SetTagCount(v int64) *WriteGetObjectResponseInput { + s.TagCount = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *WriteGetObjectResponseInput) SetVersionId(v string) *WriteGetObjectResponseInput { + s.VersionId = &v + return s +} + +func (s *WriteGetObjectResponseInput) hostLabels() map[string]string { + return map[string]string{ + "RequestRoute": aws.StringValue(s.RequestRoute), + } +} + +type WriteGetObjectResponseOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WriteGetObjectResponseOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WriteGetObjectResponseOutput) GoString() string { + return s.String() +} + const ( // AnalyticsS3ExportFileFormatCsv is a AnalyticsS3ExportFileFormat enum value AnalyticsS3ExportFileFormatCsv = "CSV" @@ -34880,12 +44602,18 @@ const ( // BucketLocationConstraintApSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintApSouth1 = "ap-south-1" + // BucketLocationConstraintApSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintApSouth2 = "ap-south-2" + // BucketLocationConstraintApSoutheast1 is a BucketLocationConstraint enum value BucketLocationConstraintApSoutheast1 = "ap-southeast-1" // BucketLocationConstraintApSoutheast2 is a BucketLocationConstraint enum value BucketLocationConstraintApSoutheast2 = "ap-southeast-2" + // BucketLocationConstraintApSoutheast3 is a BucketLocationConstraint enum value + BucketLocationConstraintApSoutheast3 = "ap-southeast-3" + // BucketLocationConstraintCaCentral1 is a BucketLocationConstraint enum value BucketLocationConstraintCaCentral1 = "ca-central-1" @@ -34907,6 +44635,9 @@ const ( // BucketLocationConstraintEuSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintEuSouth1 = "eu-south-1" + // BucketLocationConstraintEuSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintEuSouth2 = "eu-south-2" + // BucketLocationConstraintEuWest1 is a BucketLocationConstraint enum value BucketLocationConstraintEuWest1 = "eu-west-1" @@ -34947,8 +44678,10 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintApNortheast2, BucketLocationConstraintApNortheast3, BucketLocationConstraintApSouth1, + BucketLocationConstraintApSouth2, BucketLocationConstraintApSoutheast1, BucketLocationConstraintApSoutheast2, + BucketLocationConstraintApSoutheast3, BucketLocationConstraintCaCentral1, BucketLocationConstraintCnNorth1, BucketLocationConstraintCnNorthwest1, @@ -34956,6 +44689,7 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintEuCentral1, BucketLocationConstraintEuNorth1, BucketLocationConstraintEuSouth1, + BucketLocationConstraintEuSouth2, BucketLocationConstraintEuWest1, BucketLocationConstraintEuWest2, BucketLocationConstraintEuWest3, @@ -34989,6 +44723,18 @@ func BucketLogsPermission_Values() []string { } } +const ( + // BucketTypeDirectory is a BucketType enum value + BucketTypeDirectory = "Directory" +) + +// BucketType_Values returns all elements of the BucketType enum +func BucketType_Values() []string { + return []string{ + BucketTypeDirectory, + } +} + const ( // BucketVersioningStatusEnabled is a BucketVersioningStatus enum value BucketVersioningStatusEnabled = "Enabled" @@ -35005,6 +44751,42 @@ func BucketVersioningStatus_Values() []string { } } +const ( + // ChecksumAlgorithmCrc32 is a ChecksumAlgorithm enum value + ChecksumAlgorithmCrc32 = "CRC32" + + // ChecksumAlgorithmCrc32c is a ChecksumAlgorithm enum value + ChecksumAlgorithmCrc32c = "CRC32C" + + // ChecksumAlgorithmSha1 is a ChecksumAlgorithm enum value + ChecksumAlgorithmSha1 = "SHA1" + + // ChecksumAlgorithmSha256 is a ChecksumAlgorithm enum value + ChecksumAlgorithmSha256 = "SHA256" +) + +// ChecksumAlgorithm_Values returns all elements of the ChecksumAlgorithm enum +func ChecksumAlgorithm_Values() []string { + return []string{ + ChecksumAlgorithmCrc32, + ChecksumAlgorithmCrc32c, + ChecksumAlgorithmSha1, + ChecksumAlgorithmSha256, + } +} + +const ( + // ChecksumModeEnabled is a ChecksumMode enum value + ChecksumModeEnabled = "ENABLED" +) + +// ChecksumMode_Values returns all elements of the ChecksumMode enum +func ChecksumMode_Values() []string { + return []string{ + ChecksumModeEnabled, + } +} + const ( // CompressionTypeNone is a CompressionType enum value CompressionTypeNone = "NONE" @@ -35025,6 +44807,18 @@ func CompressionType_Values() []string { } } +const ( + // DataRedundancySingleAvailabilityZone is a DataRedundancy enum value + DataRedundancySingleAvailabilityZone = "SingleAvailabilityZone" +) + +// DataRedundancy_Values returns all elements of the DataRedundancy enum +func DataRedundancy_Values() []string { + return []string{ + DataRedundancySingleAvailabilityZone, + } +} + const ( // DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value DeleteMarkerReplicationStatusEnabled = "Enabled" @@ -35042,8 +44836,8 @@ func DeleteMarkerReplicationStatus_Values() []string { } // Requests Amazon S3 to encode the object keys in the response and specifies -// the encoding method to use. An object key may contain any Unicode character; -// however, XML 1.0 parser cannot parse some characters, such as characters +// the encoding method to use. An object key can contain any Unicode character; +// however, the XML 1.0 parser cannot parse some characters, such as characters // with an ASCII value from 0 to 10. For characters that are not supported in // XML 1.0, you can add this parameter to request that Amazon S3 encode the // keys in the response. @@ -35111,6 +44905,36 @@ const ( // EventS3ReplicationOperationReplicatedAfterThreshold is a Event enum value EventS3ReplicationOperationReplicatedAfterThreshold = "s3:Replication:OperationReplicatedAfterThreshold" + + // EventS3ObjectRestoreDelete is a Event enum value + EventS3ObjectRestoreDelete = "s3:ObjectRestore:Delete" + + // EventS3LifecycleTransition is a Event enum value + EventS3LifecycleTransition = "s3:LifecycleTransition" + + // EventS3IntelligentTiering is a Event enum value + EventS3IntelligentTiering = "s3:IntelligentTiering" + + // EventS3ObjectAclPut is a Event enum value + EventS3ObjectAclPut = "s3:ObjectAcl:Put" + + // EventS3LifecycleExpiration is a Event enum value + EventS3LifecycleExpiration = "s3:LifecycleExpiration:*" + + // EventS3LifecycleExpirationDelete is a Event enum value + EventS3LifecycleExpirationDelete = "s3:LifecycleExpiration:Delete" + + // EventS3LifecycleExpirationDeleteMarkerCreated is a Event enum value + EventS3LifecycleExpirationDeleteMarkerCreated = "s3:LifecycleExpiration:DeleteMarkerCreated" + + // EventS3ObjectTagging is a Event enum value + EventS3ObjectTagging = "s3:ObjectTagging:*" + + // EventS3ObjectTaggingPut is a Event enum value + EventS3ObjectTaggingPut = "s3:ObjectTagging:Put" + + // EventS3ObjectTaggingDelete is a Event enum value + EventS3ObjectTaggingDelete = "s3:ObjectTagging:Delete" ) // Event_Values returns all elements of the Event enum @@ -35133,6 +44957,16 @@ func Event_Values() []string { EventS3ReplicationOperationNotTracked, EventS3ReplicationOperationMissedThreshold, EventS3ReplicationOperationReplicatedAfterThreshold, + EventS3ObjectRestoreDelete, + EventS3LifecycleTransition, + EventS3IntelligentTiering, + EventS3ObjectAclPut, + EventS3LifecycleExpiration, + EventS3LifecycleExpirationDelete, + EventS3LifecycleExpirationDeleteMarkerCreated, + EventS3ObjectTagging, + EventS3ObjectTaggingPut, + EventS3ObjectTaggingDelete, } } @@ -35333,6 +45167,18 @@ const ( // InventoryOptionalFieldIntelligentTieringAccessTier is a InventoryOptionalField enum value InventoryOptionalFieldIntelligentTieringAccessTier = "IntelligentTieringAccessTier" + + // InventoryOptionalFieldBucketKeyStatus is a InventoryOptionalField enum value + InventoryOptionalFieldBucketKeyStatus = "BucketKeyStatus" + + // InventoryOptionalFieldChecksumAlgorithm is a InventoryOptionalField enum value + InventoryOptionalFieldChecksumAlgorithm = "ChecksumAlgorithm" + + // InventoryOptionalFieldObjectAccessControlList is a InventoryOptionalField enum value + InventoryOptionalFieldObjectAccessControlList = "ObjectAccessControlList" + + // InventoryOptionalFieldObjectOwner is a InventoryOptionalField enum value + InventoryOptionalFieldObjectOwner = "ObjectOwner" ) // InventoryOptionalField_Values returns all elements of the InventoryOptionalField enum @@ -35349,6 +45195,10 @@ func InventoryOptionalField_Values() []string { InventoryOptionalFieldObjectLockMode, InventoryOptionalFieldObjectLockLegalHoldStatus, InventoryOptionalFieldIntelligentTieringAccessTier, + InventoryOptionalFieldBucketKeyStatus, + InventoryOptionalFieldChecksumAlgorithm, + InventoryOptionalFieldObjectAccessControlList, + InventoryOptionalFieldObjectOwner, } } @@ -35368,6 +45218,18 @@ func JSONType_Values() []string { } } +const ( + // LocationTypeAvailabilityZone is a LocationType enum value + LocationTypeAvailabilityZone = "AvailabilityZone" +) + +// LocationType_Values returns all elements of the LocationType enum +func LocationType_Values() []string { + return []string{ + LocationTypeAvailabilityZone, + } +} + const ( // MFADeleteEnabled is a MFADelete enum value MFADeleteEnabled = "Enabled" @@ -35432,6 +45294,34 @@ func MetricsStatus_Values() []string { } } +const ( + // ObjectAttributesEtag is a ObjectAttributes enum value + ObjectAttributesEtag = "ETag" + + // ObjectAttributesChecksum is a ObjectAttributes enum value + ObjectAttributesChecksum = "Checksum" + + // ObjectAttributesObjectParts is a ObjectAttributes enum value + ObjectAttributesObjectParts = "ObjectParts" + + // ObjectAttributesStorageClass is a ObjectAttributes enum value + ObjectAttributesStorageClass = "StorageClass" + + // ObjectAttributesObjectSize is a ObjectAttributes enum value + ObjectAttributesObjectSize = "ObjectSize" +) + +// ObjectAttributes_Values returns all elements of the ObjectAttributes enum +func ObjectAttributes_Values() []string { + return []string{ + ObjectAttributesEtag, + ObjectAttributesChecksum, + ObjectAttributesObjectParts, + ObjectAttributesStorageClass, + ObjectAttributesObjectSize, + } +} + const ( // ObjectCannedACLPrivate is a ObjectCannedACL enum value ObjectCannedACLPrivate = "private" @@ -35536,12 +45426,32 @@ func ObjectLockRetentionMode_Values() []string { // // ObjectWriter - The uploading account will own the object if the object is // uploaded with the bucket-owner-full-control canned ACL. +// +// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer +// affect permissions. The bucket owner automatically owns and has full control +// over every object in the bucket. The bucket only accepts PUT requests that +// don't specify an ACL or specify bucket owner full control ACLs (such as the +// predefined bucket-owner-full-control canned ACL or a custom ACL in XML format +// that grants the same permissions). +// +// By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. +// We recommend keeping ACLs disabled, except in uncommon use cases where you +// must control access for each object individually. For more information about +// S3 Object Ownership, see Controlling ownership of objects and disabling ACLs +// for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Directory buckets +// use the bucket owner enforced setting for S3 Object Ownership. const ( // ObjectOwnershipBucketOwnerPreferred is a ObjectOwnership enum value ObjectOwnershipBucketOwnerPreferred = "BucketOwnerPreferred" // ObjectOwnershipObjectWriter is a ObjectOwnership enum value ObjectOwnershipObjectWriter = "ObjectWriter" + + // ObjectOwnershipBucketOwnerEnforced is a ObjectOwnership enum value + ObjectOwnershipBucketOwnerEnforced = "BucketOwnerEnforced" ) // ObjectOwnership_Values returns all elements of the ObjectOwnership enum @@ -35549,6 +45459,7 @@ func ObjectOwnership_Values() []string { return []string{ ObjectOwnershipBucketOwnerPreferred, ObjectOwnershipObjectWriter, + ObjectOwnershipBucketOwnerEnforced, } } @@ -35576,6 +45487,15 @@ const ( // ObjectStorageClassOutposts is a ObjectStorageClass enum value ObjectStorageClassOutposts = "OUTPOSTS" + + // ObjectStorageClassGlacierIr is a ObjectStorageClass enum value + ObjectStorageClassGlacierIr = "GLACIER_IR" + + // ObjectStorageClassSnow is a ObjectStorageClass enum value + ObjectStorageClassSnow = "SNOW" + + // ObjectStorageClassExpressOnezone is a ObjectStorageClass enum value + ObjectStorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum @@ -35589,6 +45509,9 @@ func ObjectStorageClass_Values() []string { ObjectStorageClassIntelligentTiering, ObjectStorageClassDeepArchive, ObjectStorageClassOutposts, + ObjectStorageClassGlacierIr, + ObjectStorageClassSnow, + ObjectStorageClassExpressOnezone, } } @@ -35604,6 +45527,18 @@ func ObjectVersionStorageClass_Values() []string { } } +const ( + // OptionalObjectAttributesRestoreStatus is a OptionalObjectAttributes enum value + OptionalObjectAttributesRestoreStatus = "RestoreStatus" +) + +// OptionalObjectAttributes_Values returns all elements of the OptionalObjectAttributes enum +func OptionalObjectAttributes_Values() []string { + return []string{ + OptionalObjectAttributesRestoreStatus, + } +} + const ( // OwnerOverrideDestination is a OwnerOverride enum value OwnerOverrideDestination = "Destination" @@ -35616,6 +45551,22 @@ func OwnerOverride_Values() []string { } } +const ( + // PartitionDateSourceEventTime is a PartitionDateSource enum value + PartitionDateSourceEventTime = "EventTime" + + // PartitionDateSourceDeliveryTime is a PartitionDateSource enum value + PartitionDateSourceDeliveryTime = "DeliveryTime" +) + +// PartitionDateSource_Values returns all elements of the PartitionDateSource enum +func PartitionDateSource_Values() []string { + return []string{ + PartitionDateSourceEventTime, + PartitionDateSourceDeliveryTime, + } +} + const ( // PayerRequester is a Payer enum value PayerRequester = "Requester" @@ -35736,6 +45687,9 @@ const ( // ReplicationStatusReplica is a ReplicationStatus enum value ReplicationStatusReplica = "REPLICA" + + // ReplicationStatusCompleted is a ReplicationStatus enum value + ReplicationStatusCompleted = "COMPLETED" ) // ReplicationStatus_Values returns all elements of the ReplicationStatus enum @@ -35745,6 +45699,7 @@ func ReplicationStatus_Values() []string { ReplicationStatusPending, ReplicationStatusFailed, ReplicationStatusReplica, + ReplicationStatusCompleted, } } @@ -35766,6 +45721,8 @@ func ReplicationTimeStatus_Values() []string { // If present, indicates that the requester was successfully charged for the // request. +// +// This functionality is not supported for directory buckets. const ( // RequestChargedRequester is a RequestCharged enum value RequestChargedRequester = "requester" @@ -35779,10 +45736,14 @@ func RequestCharged_Values() []string { } // Confirms that the requester knows that they will be charged for the request. -// Bucket owners need not specify this parameter in their requests. For information -// about downloading objects from requester pays buckets, see Downloading Objects -// in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) -// in the Amazon S3 Developer Guide. +// Bucket owners need not specify this parameter in their requests. If either +// the source or destination S3 bucket has Requester Pays enabled, the requester +// will pay for corresponding charges to copy the object. For information about +// downloading objects from Requester Pays buckets, see Downloading Objects +// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) +// in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. const ( // RequestPayerRequester is a RequestPayer enum value RequestPayerRequester = "requester" @@ -35813,6 +45774,9 @@ const ( // ServerSideEncryptionAwsKms is a ServerSideEncryption enum value ServerSideEncryptionAwsKms = "aws:kms" + + // ServerSideEncryptionAwsKmsDsse is a ServerSideEncryption enum value + ServerSideEncryptionAwsKmsDsse = "aws:kms:dsse" ) // ServerSideEncryption_Values returns all elements of the ServerSideEncryption enum @@ -35820,6 +45784,23 @@ func ServerSideEncryption_Values() []string { return []string{ ServerSideEncryptionAes256, ServerSideEncryptionAwsKms, + ServerSideEncryptionAwsKmsDsse, + } +} + +const ( + // SessionModeReadOnly is a SessionMode enum value + SessionModeReadOnly = "ReadOnly" + + // SessionModeReadWrite is a SessionMode enum value + SessionModeReadWrite = "ReadWrite" +) + +// SessionMode_Values returns all elements of the SessionMode enum +func SessionMode_Values() []string { + return []string{ + SessionModeReadOnly, + SessionModeReadWrite, } } @@ -35863,6 +45844,15 @@ const ( // StorageClassOutposts is a StorageClass enum value StorageClassOutposts = "OUTPOSTS" + + // StorageClassGlacierIr is a StorageClass enum value + StorageClassGlacierIr = "GLACIER_IR" + + // StorageClassSnow is a StorageClass enum value + StorageClassSnow = "SNOW" + + // StorageClassExpressOnezone is a StorageClass enum value + StorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // StorageClass_Values returns all elements of the StorageClass enum @@ -35876,6 +45866,9 @@ func StorageClass_Values() []string { StorageClassGlacier, StorageClassDeepArchive, StorageClassOutposts, + StorageClassGlacierIr, + StorageClassSnow, + StorageClassExpressOnezone, } } @@ -35942,6 +45935,9 @@ const ( // TransitionStorageClassDeepArchive is a TransitionStorageClass enum value TransitionStorageClassDeepArchive = "DEEP_ARCHIVE" + + // TransitionStorageClassGlacierIr is a TransitionStorageClass enum value + TransitionStorageClassGlacierIr = "GLACIER_IR" ) // TransitionStorageClass_Values returns all elements of the TransitionStorageClass enum @@ -35952,6 +45948,7 @@ func TransitionStorageClass_Values() []string { TransitionStorageClassOnezoneIa, TransitionStorageClassIntelligentTiering, TransitionStorageClassDeepArchive, + TransitionStorageClassGlacierIr, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go index 9ba8a7887..20828387e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go @@ -39,11 +39,11 @@ func NormalizeBucketLocation(loc string) string { // See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html // for more information on the values that can be returned. // -// req, result := svc.GetBucketLocationRequest(&s3.GetBucketLocationInput{ -// Bucket: aws.String(bucket), -// }) -// req.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler) -// err := req.Send() +// req, result := svc.GetBucketLocationRequest(&s3.GetBucketLocationInput{ +// Bucket: aws.String(bucket), +// }) +// req.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler) +// err := req.Send() var NormalizeBucketLocationHandler = request.NamedHandler{ Name: "awssdk.s3.NormalizeBucketLocation", Fn: func(req *request.Request) { @@ -65,12 +65,12 @@ var NormalizeBucketLocationHandler = request.NamedHandler{ // See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html // for more information on the values that can be returned. // -// result, err := svc.GetBucketLocationWithContext(ctx, -// &s3.GetBucketLocationInput{ -// Bucket: aws.String(bucket), -// }, -// s3.WithNormalizeBucketLocation, -// ) +// result, err := svc.GetBucketLocationWithContext(ctx, +// &s3.GetBucketLocationInput{ +// Bucket: aws.String(bucket), +// }, +// s3.WithNormalizeBucketLocation, +// ) func WithNormalizeBucketLocation(r *request.Request) { r.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go index f1959b03a..229606b70 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go @@ -1,7 +1,9 @@ package s3 import ( + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/internal/s3shared/arn" "github.com/aws/aws-sdk-go/internal/s3shared/s3err" @@ -13,6 +15,14 @@ func init() { } func defaultInitClientFn(c *client.Client) { + if c.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateUnset { + if aws.BoolValue(c.Config.UseDualStack) { + c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled + } else { + c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateDisabled + } + } + // Support building custom endpoints based on config c.Handlers.Build.PushFront(endpointHandler) @@ -40,7 +50,7 @@ func defaultInitRequestFn(r *request.Request) { // Auto-populate LocationConstraint with current region r.Handlers.Validate.PushFront(populateLocationConstraint) case opCopyObject, opUploadPartCopy, opCompleteMultipartUpload: - r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarhsalError) + r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarshalError) r.Handlers.Unmarshal.PushBackNamed(s3err.RequestFailureWrapperHandler()) case opPutObject, opUploadPart: r.Handlers.Build.PushBack(computeBodyHashes) @@ -48,6 +58,8 @@ func defaultInitRequestFn(r *request.Request) { // case opGetObject: // r.Handlers.Build.PushBack(askForTxEncodingAppendMD5) // r.Handlers.Unmarshal.PushBack(useMD5ValidationReader) + case opWriteGetObjectResponse: + r.Handlers.Build.PushFront(buildWriteGetObjectResponseEndpoint) } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go index 0def02255..c148f757e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go @@ -8,7 +8,7 @@ // See s3 package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/ // -// Using the Client +// # Using the Client // // To contact Amazon Simple Storage Service with the SDK use the New function to create // a new service client. With that client you can make API requests to the service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go index 7f7aca208..2e8244f8f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go @@ -6,99 +6,99 @@ // for optimizations if the Body satisfies that type. Once the Uploader instance // is created you can call Upload concurrently from multiple goroutines safely. // -// // The session the S3 Uploader will use -// sess := session.Must(session.NewSession()) -// -// // Create an uploader with the session and default options -// uploader := s3manager.NewUploader(sess) -// -// f, err := os.Open(filename) -// if err != nil { -// return fmt.Errorf("failed to open file %q, %v", filename, err) -// } -// -// // Upload the file to S3. -// result, err := uploader.Upload(&s3manager.UploadInput{ -// Bucket: aws.String(myBucket), -// Key: aws.String(myString), -// Body: f, -// }) -// if err != nil { -// return fmt.Errorf("failed to upload file, %v", err) -// } -// fmt.Printf("file uploaded to, %s\n", aws.StringValue(result.Location)) +// // The session the S3 Uploader will use +// sess := session.Must(session.NewSession()) +// +// // Create an uploader with the session and default options +// uploader := s3manager.NewUploader(sess) +// +// f, err := os.Open(filename) +// if err != nil { +// return fmt.Errorf("failed to open file %q, %v", filename, err) +// } +// +// // Upload the file to S3. +// result, err := uploader.Upload(&s3manager.UploadInput{ +// Bucket: aws.String(myBucket), +// Key: aws.String(myString), +// Body: f, +// }) +// if err != nil { +// return fmt.Errorf("failed to upload file, %v", err) +// } +// fmt.Printf("file uploaded to, %s\n", aws.StringValue(result.Location)) // // See the s3manager package's Uploader type documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Uploader // -// Download Manager +// # Download Manager // // The s3manager package's Downloader provides concurrently downloading of Objects // from S3. The Downloader will write S3 Object content with an io.WriterAt. // Once the Downloader instance is created you can call Download concurrently from // multiple goroutines safely. // -// // The session the S3 Downloader will use -// sess := session.Must(session.NewSession()) +// // The session the S3 Downloader will use +// sess := session.Must(session.NewSession()) // -// // Create a downloader with the session and default options -// downloader := s3manager.NewDownloader(sess) +// // Create a downloader with the session and default options +// downloader := s3manager.NewDownloader(sess) // -// // Create a file to write the S3 Object contents to. -// f, err := os.Create(filename) -// if err != nil { -// return fmt.Errorf("failed to create file %q, %v", filename, err) -// } +// // Create a file to write the S3 Object contents to. +// f, err := os.Create(filename) +// if err != nil { +// return fmt.Errorf("failed to create file %q, %v", filename, err) +// } // -// // Write the contents of S3 Object to the file -// n, err := downloader.Download(f, &s3.GetObjectInput{ -// Bucket: aws.String(myBucket), -// Key: aws.String(myString), -// }) -// if err != nil { -// return fmt.Errorf("failed to download file, %v", err) -// } -// fmt.Printf("file downloaded, %d bytes\n", n) +// // Write the contents of S3 Object to the file +// n, err := downloader.Download(f, &s3.GetObjectInput{ +// Bucket: aws.String(myBucket), +// Key: aws.String(myString), +// }) +// if err != nil { +// return fmt.Errorf("failed to download file, %v", err) +// } +// fmt.Printf("file downloaded, %d bytes\n", n) // // See the s3manager package's Downloader type documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader // -// Automatic URI cleaning +// # Automatic URI cleaning // // Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname) // requires setting DisableRestProtocolURICleaning to true in the aws.Config struct // used by the service client. // -// svc := s3.New(sess, &aws.Config{ -// DisableRestProtocolURICleaning: aws.Bool(true), -// }) -// out, err := svc.GetObject(&s3.GetObjectInput { -// Bucket: aws.String("bucketname"), -// Key: aws.String("//foo//bar//moo"), -// }) +// svc := s3.New(sess, &aws.Config{ +// DisableRestProtocolURICleaning: aws.Bool(true), +// }) +// out, err := svc.GetObject(&s3.GetObjectInput { +// Bucket: aws.String("bucketname"), +// Key: aws.String("//foo//bar//moo"), +// }) // -// Get Bucket Region +// # Get Bucket Region // // GetBucketRegion will attempt to get the region for a bucket using a region // hint to determine which AWS partition to perform the query on. Use this utility // to determine the region a bucket is in. // -// sess := session.Must(session.NewSession()) +// sess := session.Must(session.NewSession()) // -// bucket := "my-bucket" -// region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2") -// if err != nil { -// if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" { -// fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket) -// } -// return err -// } -// fmt.Printf("Bucket %s is in %s region\n", bucket, region) +// bucket := "my-bucket" +// region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2") +// if err != nil { +// if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" { +// fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket) +// } +// return err +// } +// fmt.Printf("Bucket %s is in %s region\n", bucket, region) // // See the s3manager package's GetBucketRegion function documentation for more information // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#GetBucketRegion // -// S3 Crypto Client +// # S3 Crypto Client // // The s3crypto package provides the tools to upload and download encrypted // content from S3. The Encryption and Decryption clients can be used concurrently @@ -106,5 +106,4 @@ // // See the s3crypto package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3crypto/ -// package s3 diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go index 403aebb68..71b438692 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go @@ -1,6 +1,9 @@ package s3 import ( + "fmt" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/endpoints" "net/url" "strings" @@ -11,6 +14,13 @@ import ( "github.com/aws/aws-sdk-go/internal/s3shared/arn" ) +const ( + s3Namespace = "s3" + s3AccessPointNamespace = "s3-accesspoint" + s3ObjectsLambdaNamespace = "s3-object-lambda" + s3OutpostsNamespace = "s3-outposts" +) + // Used by shapes with members decorated as endpoint ARN. func parseEndpointARN(v string) (arn.Resource, error) { return arn.ParseResource(v, accessPointResourceParser) @@ -20,10 +30,14 @@ func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) { resParts := arn.SplitResource(a.Resource) switch resParts[0] { case "accesspoint": - if a.Service != "s3" { - return arn.AccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3"} + switch a.Service { + case s3Namespace: + return arn.ParseAccessPointResource(a, resParts[1:]) + case s3ObjectsLambdaNamespace: + return parseS3ObjectLambdaAccessPointResource(a, resParts) + default: + return arn.AccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s or %s", s3Namespace, s3ObjectsLambdaNamespace)} } - return arn.ParseAccessPointResource(a, resParts[1:]) case "outpost": if a.Service != "s3-outposts" { return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"} @@ -38,9 +52,8 @@ func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) { // outpost access-point resource. // // Supported Outpost AccessPoint ARN format: -// - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName} -// - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint -// +// - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName} +// - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) { // outpost accesspoint arn is only valid if service is s3-outposts if a.Service != "s3-outposts" { @@ -80,6 +93,25 @@ func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.Outpo return outpostAccessPointARN, nil } +func parseS3ObjectLambdaAccessPointResource(a awsarn.ARN, resParts []string) (arn.S3ObjectLambdaAccessPointARN, error) { + if a.Service != s3ObjectsLambdaNamespace { + return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s", s3ObjectsLambdaNamespace)} + } + + accessPointARN, err := arn.ParseAccessPointResource(a, resParts[1:]) + if err != nil { + return arn.S3ObjectLambdaAccessPointARN{}, err + } + + if len(accessPointARN.Region) == 0 { + return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("%s region not set", s3ObjectsLambdaNamespace)} + } + + return arn.S3ObjectLambdaAccessPointARN{ + AccessPointARN: accessPointARN, + }, nil +} + func endpointHandler(req *request.Request) { endpoint, ok := req.Params.(endpointARNGetter) if !ok || !endpoint.hasEndpointARN() { @@ -98,7 +130,7 @@ func endpointHandler(req *request.Request) { Request: req, } - if resReq.IsCrossPartition() { + if len(resReq.Request.ClientInfo.PartitionID) != 0 && resReq.IsCrossPartition() { req.Error = s3shared.NewClientPartitionMismatchError(resource, req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) return @@ -110,21 +142,22 @@ func endpointHandler(req *request.Request) { return } - if resReq.HasCustomEndpoint() { - req.Error = s3shared.NewInvalidARNWithCustomEndpointError(resource, nil) - return - } - switch tv := resource.(type) { case arn.AccessPointARN: err = updateRequestAccessPointEndpoint(req, tv) if err != nil { req.Error = err } + case arn.S3ObjectLambdaAccessPointARN: + err = updateRequestS3ObjectLambdaAccessPointEndpoint(req, tv) + if err != nil { + req.Error = err + } case arn.OutpostAccessPointARN: // outposts does not support FIPS regions - if resReq.ResourceConfiguredForFIPS() { - req.Error = s3shared.NewInvalidARNWithFIPSError(resource, nil) + if req.Config.UseFIPSEndpoint == endpoints.FIPSEndpointStateEnabled { + req.Error = s3shared.NewFIPSConfigurationError(resource, req.ClientInfo.PartitionID, + aws.StringValue(req.Config.Region), nil) return } @@ -155,8 +188,7 @@ func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.Acce req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) } - // Ignore the disable host prefix for access points since custom endpoints - // are not supported. + // Ignore the disable host prefix for access points req.Config.DisableEndpointHostPrefix = aws.Bool(false) if err := accessPointEndpointBuilder(accessPoint).build(req); err != nil { @@ -168,6 +200,31 @@ func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.Acce return nil } +func updateRequestS3ObjectLambdaAccessPointEndpoint(req *request.Request, accessPoint arn.S3ObjectLambdaAccessPointARN) error { + // DualStack not supported + if isUseDualStackEndpoint(req) { + return s3shared.NewClientConfiguredForDualStackError(accessPoint, + req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) + } + + // Accelerate not supported + if aws.BoolValue(req.Config.S3UseAccelerate) { + return s3shared.NewClientConfiguredForAccelerateError(accessPoint, + req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) + } + + // Ignore the disable host prefix for access points + req.Config.DisableEndpointHostPrefix = aws.Bool(false) + + if err := s3ObjectLambdaAccessPointEndpointBuilder(accessPoint).build(req); err != nil { + return err + } + + removeBucketFromPath(req.HTTPRequest.URL) + + return nil +} + func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint arn.OutpostAccessPointARN) error { // Accelerate not supported if aws.BoolValue(req.Config.S3UseAccelerate) { @@ -176,13 +233,12 @@ func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint a } // Dualstack not supported - if aws.BoolValue(req.Config.UseDualStack) { + if isUseDualStackEndpoint(req) { return s3shared.NewClientConfiguredForDualStackError(accessPoint, req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) } - // Ignore the disable host prefix for access points since custom endpoints - // are not supported. + // Ignore the disable host prefix for access points req.Config.DisableEndpointHostPrefix = aws.Bool(false) if err := outpostAccessPointEndpointBuilder(accessPoint).build(req); err != nil { @@ -199,3 +255,44 @@ func removeBucketFromPath(u *url.URL) { u.Path = "/" } } + +func buildWriteGetObjectResponseEndpoint(req *request.Request) { + // DualStack not supported + if isUseDualStackEndpoint(req) { + req.Error = awserr.New("ConfigurationError", "client configured for dualstack but not supported for operation", nil) + return + } + + // Accelerate not supported + if aws.BoolValue(req.Config.S3UseAccelerate) { + req.Error = awserr.New("ConfigurationError", "client configured for accelerate but not supported for operation", nil) + return + } + + signingName := s3ObjectsLambdaNamespace + signingRegion := req.ClientInfo.SigningRegion + + if !hasCustomEndpoint(req) { + endpoint, err := resolveRegionalEndpoint(req, aws.StringValue(req.Config.Region), req.ClientInfo.ResolvedRegion, EndpointsID) + if err != nil { + req.Error = awserr.New(request.ErrCodeSerialization, "failed to resolve endpoint", err) + return + } + signingRegion = endpoint.SigningRegion + + if err = updateRequestEndpoint(req, endpoint.URL); err != nil { + req.Error = err + return + } + updateS3HostPrefixForS3ObjectLambda(req) + } + + redirectSigner(req, signingName, signingRegion) +} + +func isUseDualStackEndpoint(req *request.Request) bool { + if req.Config.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset { + return req.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateEnabled + } + return aws.BoolValue(req.Config.UseDualStack) +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go index c1c77da9a..7ae18ef54 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go @@ -22,6 +22,11 @@ const ( outpostAccessPointPrefixTemplate = accessPointPrefixTemplate + "{" + outpostPrefixLabel + "}." ) +// hasCustomEndpoint returns true if endpoint is a custom endpoint +func hasCustomEndpoint(r *request.Request) bool { + return len(aws.StringValue(r.Config.Endpoint)) > 0 +} + // accessPointEndpointBuilder represents the endpoint builder for access point arn type accessPointEndpointBuilder arn.AccessPointARN @@ -32,39 +37,25 @@ type accessPointEndpointBuilder arn.AccessPointARN // - example : myaccesspoint-012345678901.s3-accesspoint.us-west-2.amazonaws.com // // Access Point Endpoint requests are signed using "s3" as signing name. -// func (a accessPointEndpointBuilder) build(req *request.Request) error { resolveService := arn.AccessPointARN(a).Service resolveRegion := arn.AccessPointARN(a).Region - cfgRegion := aws.StringValue(req.Config.Region) - - if s3shared.IsFIPS(cfgRegion) { - if aws.BoolValue(req.Config.S3UseARNRegion) && s3shared.IsCrossRegion(req, resolveRegion) { - // FIPS with cross region is not supported, the SDK must fail - // because there is no well defined method for SDK to construct a - // correct FIPS endpoint. - return s3shared.NewClientConfiguredForCrossRegionFIPSError(arn.AccessPointARN(a), - req.ClientInfo.PartitionID, cfgRegion, nil) - } - resolveRegion = cfgRegion - } - endpoint, err := resolveRegionalEndpoint(req, resolveRegion, resolveService) + endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", resolveService) if err != nil { return s3shared.NewFailedToResolveEndpointError(arn.AccessPointARN(a), - req.ClientInfo.PartitionID, cfgRegion, err) + req.ClientInfo.PartitionID, resolveRegion, err) } - if err = updateRequestEndpoint(req, endpoint.URL); err != nil { - return err - } + endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL)) - const serviceEndpointLabel = "s3-accesspoint" + if !hasCustomEndpoint(req) { + if err = updateRequestEndpoint(req, endpoint.URL); err != nil { + return err + } - // dual stack provided by endpoint resolver - cfgHost := req.HTTPRequest.URL.Host - if strings.HasPrefix(cfgHost, "s3") { - req.HTTPRequest.URL.Host = serviceEndpointLabel + cfgHost[2:] + // dual stack provided by endpoint resolver + updateS3HostForS3AccessPoint(req) } protocol.HostPrefixBuilder{ @@ -90,6 +81,60 @@ func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string { } } +// s3ObjectLambdaAccessPointEndpointBuilder represents the endpoint builder for an s3 object lambda access point arn +type s3ObjectLambdaAccessPointEndpointBuilder arn.S3ObjectLambdaAccessPointARN + +// build builds the endpoint for corresponding access point arn +// +// For building an endpoint from access point arn, format used is: +// - Access point endpoint format : {accesspointName}-{accountId}.s3-object-lambda.{region}.{dnsSuffix} +// - example : myaccesspoint-012345678901.s3-object-lambda.us-west-2.amazonaws.com +// +// Access Point Endpoint requests are signed using "s3-object-lambda" as signing name. +func (a s3ObjectLambdaAccessPointEndpointBuilder) build(req *request.Request) error { + resolveRegion := arn.S3ObjectLambdaAccessPointARN(a).Region + + endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", EndpointsID) + if err != nil { + return s3shared.NewFailedToResolveEndpointError(arn.S3ObjectLambdaAccessPointARN(a), + req.ClientInfo.PartitionID, resolveRegion, err) + } + + endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL)) + + endpoint.SigningName = s3ObjectsLambdaNamespace + + if !hasCustomEndpoint(req) { + if err = updateRequestEndpoint(req, endpoint.URL); err != nil { + return err + } + + updateS3HostPrefixForS3ObjectLambda(req) + } + + protocol.HostPrefixBuilder{ + Prefix: accessPointPrefixTemplate, + LabelsFn: a.hostPrefixLabelValues, + }.Build(req) + + // signer redirection + redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion) + + err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host) + if err != nil { + return s3shared.NewInvalidARNError(arn.S3ObjectLambdaAccessPointARN(a), err) + } + + return nil +} + +func (a s3ObjectLambdaAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string { + return map[string]string{ + accessPointPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccessPointName, + accountIDPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccountID, + } +} + // outpostAccessPointEndpointBuilder represents the Endpoint builder for outpost access point arn. type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN @@ -100,30 +145,28 @@ type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN // - example : myaccesspoint-012345678901.op-01234567890123456.s3-outposts.us-west-2.amazonaws.com // // Outpost AccessPoint Endpoint request are signed using "s3-outposts" as signing name. -// func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error { resolveRegion := o.Region resolveService := o.Service endpointsID := resolveService - if resolveService == "s3-outposts" { + if resolveService == s3OutpostsNamespace { endpointsID = "s3" } - endpoint, err := resolveRegionalEndpoint(req, resolveRegion, endpointsID) + endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", endpointsID) if err != nil { return s3shared.NewFailedToResolveEndpointError(o, req.ClientInfo.PartitionID, resolveRegion, err) } - if err = updateRequestEndpoint(req, endpoint.URL); err != nil { - return err - } + endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL)) - // add url host as s3-outposts - cfgHost := req.HTTPRequest.URL.Host - if strings.HasPrefix(cfgHost, endpointsID) { - req.HTTPRequest.URL.Host = resolveService + cfgHost[len(endpointsID):] + if !hasCustomEndpoint(req) { + if err = updateRequestEndpoint(req, endpoint.URL); err != nil { + return err + } + updateHostPrefix(req, endpointsID, resolveService) } protocol.HostPrefixBuilder{ @@ -150,17 +193,20 @@ func (o outpostAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]st } } -func resolveRegionalEndpoint(r *request.Request, region string, endpointsID string) (endpoints.ResolvedEndpoint, error) { +func resolveRegionalEndpoint(r *request.Request, region, resolvedRegion, endpointsID string) (endpoints.ResolvedEndpoint, error) { return r.Config.EndpointResolver.EndpointFor(endpointsID, region, func(opts *endpoints.Options) { opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL) opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack) + opts.UseDualStackEndpoint = r.Config.UseDualStackEndpoint + opts.UseFIPSEndpoint = r.Config.UseFIPSEndpoint opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint + opts.ResolvedRegion = resolvedRegion + opts.Logger = r.Config.Logger + opts.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) }) } func updateRequestEndpoint(r *request.Request, endpoint string) (err error) { - endpoint = endpoints.AddScheme(endpoint, aws.BoolValue(r.Config.DisableSSL)) - r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath) if err != nil { return awserr.New(request.ErrCodeSerialization, @@ -175,3 +221,19 @@ func redirectSigner(req *request.Request, signingName string, signingRegion stri req.ClientInfo.SigningName = signingName req.ClientInfo.SigningRegion = signingRegion } + +func updateS3HostForS3AccessPoint(req *request.Request) { + updateHostPrefix(req, "s3", s3AccessPointNamespace) +} + +func updateS3HostPrefixForS3ObjectLambda(req *request.Request) { + updateHostPrefix(req, "s3", s3ObjectsLambdaNamespace) +} + +func updateHostPrefix(req *request.Request, oldEndpointPrefix, newEndpointPrefix string) { + host := req.HTTPRequest.URL.Host + if strings.HasPrefix(host, oldEndpointPrefix) { + // replace service hostlabel oldEndpointPrefix to newEndpointPrefix + req.HTTPRequest.URL.Host = newEndpointPrefix + host[len(oldEndpointPrefix):] + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go index f64b55135..8a67333ab 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go @@ -15,16 +15,25 @@ const ( // "BucketAlreadyOwnedByYou". // // The bucket you tried to create already exists, and you own it. Amazon S3 - // returns this error in all AWS Regions except in the North Virginia Region. - // For legacy compatibility, if you re-create an existing bucket that you already - // own in the North Virginia Region, Amazon S3 returns 200 OK and resets the - // bucket access control lists (ACLs). + // returns this error in all Amazon Web Services Regions except in the North + // Virginia Region. For legacy compatibility, if you re-create an existing bucket + // that you already own in the North Virginia Region, Amazon S3 returns 200 + // OK and resets the bucket access control lists (ACLs). ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou" // ErrCodeInvalidObjectState for service response error code // "InvalidObjectState". // // Object is archived and inaccessible until restored. + // + // If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval + // storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering + // Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, + // before you can retrieve the object you must first restore a copy using RestoreObject + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). + // Otherwise, this operation returns an InvalidObjectState error. For information + // about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) + // in the Amazon S3 User Guide. ErrCodeInvalidObjectState = "InvalidObjectState" // ErrCodeNoSuchBucket for service response error code @@ -48,13 +57,13 @@ const ( // ErrCodeObjectAlreadyInActiveTierError for service response error code // "ObjectAlreadyInActiveTierError". // - // This operation is not allowed against this storage tier. + // This action is not allowed against this storage tier. ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError" // ErrCodeObjectNotInActiveTierError for service response error code // "ObjectNotInActiveTierError". // - // The source object of the COPY operation is not in the active tier and is - // only stored in Amazon S3 Glacier. + // The source object of the COPY action is not in the active tier and is only + // stored in Amazon S3 Glacier. ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError" ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go index 8e6f3307d..308b7d473 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go @@ -1,3 +1,4 @@ +//go:build !go1.6 // +build !go1.6 package s3 diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go index 14d05f7b7..70feffab7 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go @@ -1,3 +1,4 @@ +//go:build go1.6 // +build go1.6 package s3 @@ -24,5 +25,5 @@ func add100Continue(r *request.Request) { return } - r.HTTPRequest.Header.Set("Expect", "100-Continue") + r.HTTPRequest.Header.Set("Expect", "100-continue") } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_cbc_content_cipher.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_cbc_content_cipher.go index 952632c18..2e020f590 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_cbc_content_cipher.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_cbc_content_cipher.go @@ -17,7 +17,7 @@ type cbcContentCipherBuilder struct { // AESCBCContentCipherBuilder returns a new encryption only AES/CBC mode structure using the provided padder. The provided cipher data generator // will be used to provide keys for content encryption. // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func AESCBCContentCipherBuilder(generator CipherDataGenerator, padder Padder) ContentCipherBuilder { return cbcContentCipherBuilder{generator: generator, padder: padder} } @@ -25,12 +25,13 @@ func AESCBCContentCipherBuilder(generator CipherDataGenerator, padder Padder) Co // RegisterAESCBCContentCipher registers the AES/CBC cipher and padder with the provided CryptoRegistry. // // Example: +// // cr := s3crypto.NewCryptoRegistry() // if err := s3crypto.RegisterAESCBCContentCipher(cr, s3crypto.AESCBCPadder); err != nil { // panic(err) // handle error // } // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func RegisterAESCBCContentCipher(registry *CryptoRegistry, padder Padder) error { if registry == nil { return errNilCryptoRegistry diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_gcm_content_cipher.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_gcm_content_cipher.go index 8bfdaa1c0..8779e8f34 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_gcm_content_cipher.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/aes_gcm_content_cipher.go @@ -19,7 +19,7 @@ const ( // will be fully loaded into memory before encryption or decryption can occur. Caution must be taken to avoid memory // allocation failures. // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func AESGCMContentCipherBuilder(generator CipherDataGenerator) ContentCipherBuilder { return gcmContentCipherBuilder{generator} } @@ -37,11 +37,11 @@ func AESGCMContentCipherBuilderV2(generator CipherDataGeneratorWithCEKAlg) Conte // RegisterAESGCMContentCipher registers the AES/GCM content cipher algorithm with the provided CryptoRegistry. // // Example: +// // cr := s3crypto.NewCryptoRegistry() // if err := s3crypto.RegisterAESGCMContentCipher(cr); err != nil { // panic(err) // handle error // } -// func RegisterAESGCMContentCipher(registry *CryptoRegistry) error { if registry == nil { return errNilCryptoRegistry diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/crypto_registry.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/crypto_registry.go index ba58df6e9..fd9abc615 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/crypto_registry.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/crypto_registry.go @@ -46,6 +46,7 @@ func (c CryptoRegistry) GetWrap(name string) (WrapEntry, bool) { // // This method should only be used if you need to register custom wrapping algorithms. Please see the following methods // for helpers to register AWS provided algorithms: +// // RegisterKMSContextWrapWithAnyCMK (kms+context) // RegisterKMSContextWrapWithCMK (kms+context) // RegisterKMSWrapWithAnyCMK (kms) @@ -87,6 +88,7 @@ func (c CryptoRegistry) GetCEK(name string) (CEKEntry, bool) { // // This method should only be used if you need to register custom content encryption algorithms. Please see the following methods // for helpers to register AWS provided algorithms: +// // RegisterAESGCMContentCipher (AES/GCM) // RegisterAESCBCContentCipher (AES/CBC) func (c *CryptoRegistry) AddCEK(name string, entry CEKEntry) error { diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client.go index 5911b349d..38b1495b1 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client.go @@ -18,13 +18,14 @@ type CEKEntry func(CipherData) (ContentCipher, error) // DecryptionClient is an S3 crypto client. The decryption client // will handle all get object requests from Amazon S3. // Supported key wrapping algorithms: +// // *AWS KMS // // Supported content ciphers: -// * AES/GCM -// * AES/CBC +// - AES/GCM +// - AES/CBC // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. type DecryptionClient struct { S3Client s3iface.S3API // LoadStrategy is used to load the metadata either from the metadata of the object @@ -41,12 +42,13 @@ type DecryptionClient struct { // NewDecryptionClient instantiates a new S3 crypto client // // Example: +// // sess := session.Must(session.NewSession()) // svc := s3crypto.NewDecryptionClient(sess, func(svc *s3crypto.DecryptionClient{ // // Custom client options here // })) // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func NewDecryptionClient(prov client.ConfigProvider, options ...func(*DecryptionClient)) *DecryptionClient { s3client := s3.New(prov) @@ -84,22 +86,23 @@ func NewDecryptionClient(prov client.ConfigProvider, options ...func(*Decryption // decryption will be done. The SDK only supports V2 reads of KMS and GCM. // // Example: -// sess := session.Must(session.NewSession()) -// svc := s3crypto.NewDecryptionClient(sess) -// req, out := svc.GetObjectRequest(&s3.GetObjectInput { -// Key: aws.String("testKey"), -// Bucket: aws.String("testBucket"), -// }) -// err := req.Send() // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// sess := session.Must(session.NewSession()) +// svc := s3crypto.NewDecryptionClient(sess) +// req, out := svc.GetObjectRequest(&s3.GetObjectInput { +// Key: aws.String("testKey"), +// Bucket: aws.String("testBucket"), +// }) +// err := req.Send() +// +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func (c *DecryptionClient) GetObjectRequest(input *s3.GetObjectInput) (*request.Request, *s3.GetObjectOutput) { return getObjectRequest(c.getClientOptions(), input) } // GetObject is a wrapper for GetObjectRequest // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func (c *DecryptionClient) GetObject(input *s3.GetObjectInput) (*s3.GetObjectOutput, error) { return getObject(c.getClientOptions(), input) } @@ -112,7 +115,7 @@ func (c *DecryptionClient) GetObject(input *s3.GetObjectInput) (*s3.GetObjectOut // cause a panic. Use the Context to add deadlining, timeouts, etc. In the future // this may create sub-contexts for individual underlying requests. // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func (c *DecryptionClient) GetObjectWithContext(ctx aws.Context, input *s3.GetObjectInput, opts ...request.Option) (*s3.GetObjectOutput, error) { return getObjectWithContext(c.getClientOptions(), ctx, input, opts...) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client_v2.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client_v2.go index 307c33b7e..3ac501b95 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client_v2.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/decryption_client_v2.go @@ -11,12 +11,12 @@ import ( // DecryptionClientV2 is an S3 crypto client. The decryption client // will handle all get object requests from Amazon S3. // Supported key wrapping algorithms: -// * AWS KMS -// * AWS KMS + Context +// - AWS KMS +// - AWS KMS + Context // // Supported content ciphers: -// * AES/GCM -// * AES/CBC +// - AES/GCM +// - AES/CBC type DecryptionClientV2 struct { options DecryptionClientOptions } @@ -39,9 +39,10 @@ type DecryptionClientOptions struct { // NewDecryptionClientV2 will return an error if no key wrapping or content encryption algorithms have been provided. // // Example: +// // sess := session.Must(session.NewSession()) // cr := s3crypto.NewCryptoRegistry() -// if err := s3crypto.RegisterKMSContextWrapWithAnyCMK(cr, kms.New(sess)); err != nil { +// if err := s3crypto.RegisterKMSContextWrapWithAnyCMK(cr, kms.New(sess)); err != nil { // panic(err) // handle error // } // if err := s3crypto.RegisterAESGCMContentCipher(cr); err != nil { @@ -85,6 +86,7 @@ func NewDecryptionClientV2( // decryption will be done. The SDK only supports V2 reads of KMS and GCM. // // Example: +// // req, out := svc.GetObjectRequest(&s3.GetObjectInput { // Key: aws.String("testKey"), // Bucket: aws.String("testBucket"), diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/doc.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/doc.go index 55c639b71..71c9d9383 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/doc.go @@ -68,14 +68,14 @@ Configuration of the S3 cryptography client panic(err) // handle error } -Object Metadata SaveStrategy +# Object Metadata SaveStrategy The default SaveStrategy is to save metadata to an object's headers. An alternative SaveStrategy can be provided to the EncryptionClientV2. For example, the S3SaveStrategy can be used to save the encryption metadata to a instruction file that is stored in S3 using the objects KeyName+InstructionFileSuffix. The InstructionFileSuffix defaults to .instruction. If using this strategy you will need to configure the DecryptionClientV2 to use the matching S3LoadStrategy LoadStrategy in order to decrypt object using this save strategy. -Custom Key Wrappers and Custom Content Encryption Algorithms +# Custom Key Wrappers and Custom Content Encryption Algorithms Registration of custom key wrapping or content encryption algorithms not provided by AWS is allowed by the SDK, but security and compatibility with custom types can not be guaranteed. For example if you want to support `CustomWrap` @@ -109,14 +109,14 @@ defined ciphers. // Our content cipher builder, NewCustomCEKContentBuilder svc := s3crypto.NewEncryptionClientV2(sess, NewCustomCEKContentBuilder(handler)) -Maintenance Mode Notification for V1 Clients +# Maintenance Mode Notification for V1 Clients The EncryptionClient and DecryptionClient are in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. Users of these clients should migrate to EncryptionClientV2 and DecryptionClientV2. EncryptionClientV2 removes encryption support of the following features - * AES/CBC (content cipher) - * kms (key wrap algorithm) + - AES/CBC (content cipher) + - kms (key wrap algorithm) Attempting to construct an EncryptionClientV2 with deprecated features will result in an error returned back to the calling application during construction of the client. @@ -127,12 +127,11 @@ Users of `kms` key provider will need to migrate `kms+context`. DecryptionClientV2 client adds support for the `kms+context` key provider and maintains backwards comparability with objects encrypted with the V1 EncryptionClient. -Migrating from V1 to V2 Clients +# Migrating from V1 to V2 Clients Examples of how to migrate usage of the V1 clients to the V2 equivalents have been documented as usage examples of the NewEncryptionClientV2 and NewDecryptionClientV2 functions. Please see the AWS SDK for Go Developer Guide for additional migration steps https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/s3-encryption-migration.html - */ package s3crypto diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client.go index e00e9664d..bb964461b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client.go @@ -18,7 +18,7 @@ const DefaultMinFileSize = 1024 * 512 * 5 // AES GCM will load all data into memory. However, the rest of the content algorithms // do not load the entire contents into memory. // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. type EncryptionClient struct { S3Client s3iface.S3API ContentCipherBuilder ContentCipherBuilder @@ -50,12 +50,13 @@ func validateV1EncryptionClientConstruction(c *EncryptionClient) error { // NewEncryptionClient instantiates a new S3 crypto client // // Example: -// cmkID := "arn:aws:kms:region:000000000000:key/00000000-0000-0000-0000-000000000000" -// sess := session.Must(session.NewSession()) -// handler := s3crypto.NewKMSKeyGenerator(kms.New(sess), cmkID) -// svc := s3crypto.NewEncryptionClient(sess, s3crypto.AESGCMContentCipherBuilder(handler)) // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// cmkID := "arn:aws:kms:region:000000000000:key/00000000-0000-0000-0000-000000000000" +// sess := session.Must(session.NewSession()) +// handler := s3crypto.NewKMSKeyGenerator(kms.New(sess), cmkID) +// svc := s3crypto.NewEncryptionClient(sess, s3crypto.AESGCMContentCipherBuilder(handler)) +// +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func NewEncryptionClient(prov client.ConfigProvider, builder ContentCipherBuilder, options ...func(*EncryptionClient)) *EncryptionClient { s3client := s3.New(prov) @@ -81,6 +82,7 @@ func NewEncryptionClient(prov client.ConfigProvider, builder ContentCipherBuilde // that data to S3. // // Example: +// // svc := s3crypto.NewEncryptionClient(session.Must(session.NewSession()), s3crypto.AESGCMContentCipherBuilder(handler)) // req, out := svc.PutObjectRequest(&s3.PutObjectInput { // Key: aws.String("testKey"), @@ -89,7 +91,7 @@ func NewEncryptionClient(prov client.ConfigProvider, builder ContentCipherBuilde // }) // err := req.Send() // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func (c *EncryptionClient) PutObjectRequest(input *s3.PutObjectInput) (*request.Request, *s3.PutObjectOutput) { req, out := putObjectRequest(c.getClientOptions(), input) if err := validateV1EncryptionClientConstruction(c); err != nil { @@ -112,7 +114,7 @@ func setReqError(err error) func(*request.Request) { // PutObject is a wrapper for PutObjectRequest // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func (c *EncryptionClient) PutObject(input *s3.PutObjectInput) (*s3.PutObjectOutput, error) { if err := validateV1EncryptionClientConstruction(c); err != nil { return nil, err @@ -129,7 +131,7 @@ func (c *EncryptionClient) PutObject(input *s3.PutObjectInput) (*s3.PutObjectOut // this may create sub-contexts for individual underlying requests. // PutObject is a wrapper for PutObjectRequest // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func (c *EncryptionClient) PutObjectWithContext(ctx aws.Context, input *s3.PutObjectInput, opts ...request.Option) (*s3.PutObjectOutput, error) { if err := validateV1EncryptionClientConstruction(c); err != nil { return nil, err diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client_v2.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client_v2.go index 928c26765..dc8278e81 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client_v2.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/encryption_client_v2.go @@ -38,11 +38,12 @@ type EncryptionClientOptions struct { // contentCipherBuilder has been deprecated or was constructed with a deprecated component. // // Example: -// cmkID := "arn:aws:kms:region:000000000000:key/00000000-0000-0000-0000-000000000000" -// sess := session.Must(session.NewSession()) -// var matdesc s3crypto.MaterialDescription -// handler := s3crypto.NewKMSContextKeyGenerator(kms.New(sess), cmkID, matdesc) -// svc := s3crypto.NewEncryptionClientV2(sess, s3crypto.AESGCMContentCipherBuilderV2(handler)) +// +// cmkID := "arn:aws:kms:region:000000000000:key/00000000-0000-0000-0000-000000000000" +// sess := session.Must(session.NewSession()) +// var matdesc s3crypto.MaterialDescription +// handler := s3crypto.NewKMSContextKeyGenerator(kms.New(sess), cmkID, matdesc) +// svc := s3crypto.NewEncryptionClientV2(sess, s3crypto.AESGCMContentCipherBuilderV2(handler)) func NewEncryptionClientV2(prov client.ConfigProvider, contentCipherBuilder ContentCipherBuilder, options ...func(clientOptions *EncryptionClientOptions), ) ( client *EncryptionClientV2, err error, @@ -88,6 +89,7 @@ func NewEncryptionClientV2(prov client.ConfigProvider, contentCipherBuilder Cont // that data to S3. // // Example: +// // req, out := svc.PutObjectRequest(&s3.PutObjectInput { // Key: aws.String("testKey"), // Bucket: aws.String("testBucket"), diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/envelope.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/envelope.go index 12c67ceca..707fe8094 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/envelope.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/envelope.go @@ -39,7 +39,7 @@ type Envelope struct { CEKAlg string `json:"x-amz-cek-alg"` TagLen string `json:"x-amz-tag-len"` - // deprecated: This MD5 hash is no longer populated + // Deprecated: This MD5 hash is no longer populated UnencryptedMD5 string `json:"-"` UnencryptedContentLen string `json:"x-amz-unencrypted-content-length"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_context_key_handler.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_context_key_handler.go index 86f3572fd..583dcd641 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_context_key_handler.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_context_key_handler.go @@ -21,6 +21,7 @@ const ( // description. // // Example: +// // sess := session.Must(session.NewSession()) // cmkID := "KMS Key ARN" // var matdesc s3crypto.MaterialDescription @@ -33,6 +34,7 @@ func NewKMSContextKeyGenerator(client kmsiface.KMSAPI, cmkID string, matdesc Mat // will be configured to only call KMS Decrypt using the provided CMK. // // Example: +// // cr := s3crypto.NewCryptoRegistry() // if err := RegisterKMSContextWrapWithCMK(); err != nil { // panic(err) // handle error @@ -48,6 +50,7 @@ func RegisterKMSContextWrapWithCMK(registry *CryptoRegistry, client kmsiface.KMS // will be configured to call KMS decrypt without providing a CMK. // // Example: +// // sess := session.Must(session.NewSession()) // cr := s3crypto.NewCryptoRegistry() // if err := s3crypto.RegisterKMSContextWrapWithAnyCMK(cr, kms.New(sess)); err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_key_handler.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_key_handler.go index 44d40f124..41b872da1 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_key_handler.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3crypto/kms_key_handler.go @@ -27,12 +27,13 @@ type kmsKeyHandler struct { // description. // // Example: +// // sess := session.Must(session.NewSession()) // cmkID := "arn to key" // matdesc := s3crypto.MaterialDescription{} // handler := s3crypto.NewKMSKeyGenerator(kms.New(sess), cmkID) // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func NewKMSKeyGenerator(kmsClient kmsiface.KMSAPI, cmkID string) CipherDataGenerator { return NewKMSKeyGeneratorWithMatDesc(kmsClient, cmkID, MaterialDescription{}) } @@ -60,12 +61,13 @@ func newKMSKeyHandler(client kmsiface.KMSAPI, cmkID string, matdesc MaterialDesc // description. // // Example: +// // sess := session.Must(session.NewSession()) // cmkID := "arn to key" // matdesc := s3crypto.MaterialDescription{} // handler := s3crypto.NewKMSKeyGeneratorWithMatDesc(kms.New(sess), cmkID, matdesc) // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func NewKMSKeyGeneratorWithMatDesc(kmsClient kmsiface.KMSAPI, cmkID string, matdesc MaterialDescription) CipherDataGenerator { return newKMSKeyHandler(kmsClient, cmkID, matdesc) } @@ -73,6 +75,7 @@ func NewKMSKeyGeneratorWithMatDesc(kmsClient kmsiface.KMSAPI, cmkID string, matd // NewKMSWrapEntry builds returns a new KMS key provider and its decrypt handler. // // Example: +// // sess := session.Must(session.NewSession()) // customKMSClient := kms.New(sess) // decryptHandler := s3crypto.NewKMSWrapEntry(customKMSClient) @@ -81,7 +84,7 @@ func NewKMSKeyGeneratorWithMatDesc(kmsClient kmsiface.KMSAPI, cmkID string, matd // svc.WrapRegistry[s3crypto.KMSWrap] = decryptHandler // })) // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func NewKMSWrapEntry(kmsClient kmsiface.KMSAPI) WrapEntry { kp := newKMSWrapEntry(kmsClient) return kp.decryptHandler @@ -91,13 +94,14 @@ func NewKMSWrapEntry(kmsClient kmsiface.KMSAPI) WrapEntry { // configured to call KMS Decrypt with the provided CMK. // // Example: +// // sess := session.Must(session.NewSession()) // cr := s3crypto.NewCryptoRegistry() // if err := s3crypto.RegisterKMSWrapWithCMK(cr, kms.New(sess), "cmkId"); err != nil { // panic(err) // handle error // } // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func RegisterKMSWrapWithCMK(registry *CryptoRegistry, client kmsiface.KMSAPI, cmkID string) error { if registry == nil { return errNilCryptoRegistry @@ -109,13 +113,14 @@ func RegisterKMSWrapWithCMK(registry *CryptoRegistry, client kmsiface.KMSAPI, cm // configured to call KMS Decrypt without providing a CMK. // // Example: +// // sess := session.Must(session.NewSession()) // cr := s3crypto.NewCryptoRegistry() // if err := s3crypto.RegisterKMSWrapWithAnyCMK(cr, kms.New(sess)); err != nil { // panic(err) // handle error // } // -// deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. +// Deprecated: This feature is in maintenance mode, no new updates will be released. Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information. func RegisterKMSWrapWithAnyCMK(registry *CryptoRegistry, client kmsiface.KMSAPI) error { if registry == nil { return errNilCryptoRegistry diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go index 7c6221878..d13b46170 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/s3iface/interface.go @@ -23,37 +23,37 @@ import ( // can be stubbed out for unit testing your code with the SDK without needing // to inject custom request handlers into the SDK's request pipeline. // -// // myFunc uses an SDK service client to make a request to -// // Amazon Simple Storage Service. -// func myFunc(svc s3iface.S3API) bool { -// // Make svc.AbortMultipartUpload request -// } +// // myFunc uses an SDK service client to make a request to +// // Amazon Simple Storage Service. +// func myFunc(svc s3iface.S3API) bool { +// // Make svc.AbortMultipartUpload request +// } // -// func main() { -// sess := session.New() -// svc := s3.New(sess) +// func main() { +// sess := session.New() +// svc := s3.New(sess) // -// myFunc(svc) -// } +// myFunc(svc) +// } // // In your _test.go file: // -// // Define a mock struct to be used in your unit tests of myFunc. -// type mockS3Client struct { -// s3iface.S3API -// } -// func (m *mockS3Client) AbortMultipartUpload(input *s3.AbortMultipartUploadInput) (*s3.AbortMultipartUploadOutput, error) { -// // mock response/functionality -// } +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockS3Client struct { +// s3iface.S3API +// } +// func (m *mockS3Client) AbortMultipartUpload(input *s3.AbortMultipartUploadInput) (*s3.AbortMultipartUploadOutput, error) { +// // mock response/functionality +// } // -// func TestMyFunc(t *testing.T) { -// // Setup Test -// mockSvc := &mockS3Client{} +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockS3Client{} // -// myfunc(mockSvc) +// myfunc(mockSvc) // -// // Verify myFunc's functionality -// } +// // Verify myFunc's functionality +// } // // It is important to note that this interface will have breaking changes // when the service model is updated and adds new API operations, paginators, @@ -80,6 +80,10 @@ type S3API interface { CreateMultipartUploadWithContext(aws.Context, *s3.CreateMultipartUploadInput, ...request.Option) (*s3.CreateMultipartUploadOutput, error) CreateMultipartUploadRequest(*s3.CreateMultipartUploadInput) (*request.Request, *s3.CreateMultipartUploadOutput) + CreateSession(*s3.CreateSessionInput) (*s3.CreateSessionOutput, error) + CreateSessionWithContext(aws.Context, *s3.CreateSessionInput, ...request.Option) (*s3.CreateSessionOutput, error) + CreateSessionRequest(*s3.CreateSessionInput) (*request.Request, *s3.CreateSessionOutput) + DeleteBucket(*s3.DeleteBucketInput) (*s3.DeleteBucketOutput, error) DeleteBucketWithContext(aws.Context, *s3.DeleteBucketInput, ...request.Option) (*s3.DeleteBucketOutput, error) DeleteBucketRequest(*s3.DeleteBucketInput) (*request.Request, *s3.DeleteBucketOutput) @@ -244,6 +248,10 @@ type S3API interface { GetObjectAclWithContext(aws.Context, *s3.GetObjectAclInput, ...request.Option) (*s3.GetObjectAclOutput, error) GetObjectAclRequest(*s3.GetObjectAclInput) (*request.Request, *s3.GetObjectAclOutput) + GetObjectAttributes(*s3.GetObjectAttributesInput) (*s3.GetObjectAttributesOutput, error) + GetObjectAttributesWithContext(aws.Context, *s3.GetObjectAttributesInput, ...request.Option) (*s3.GetObjectAttributesOutput, error) + GetObjectAttributesRequest(*s3.GetObjectAttributesInput) (*request.Request, *s3.GetObjectAttributesOutput) + GetObjectLegalHold(*s3.GetObjectLegalHoldInput) (*s3.GetObjectLegalHoldOutput, error) GetObjectLegalHoldWithContext(aws.Context, *s3.GetObjectLegalHoldInput, ...request.Option) (*s3.GetObjectLegalHoldOutput, error) GetObjectLegalHoldRequest(*s3.GetObjectLegalHoldInput) (*request.Request, *s3.GetObjectLegalHoldOutput) @@ -296,6 +304,13 @@ type S3API interface { ListBucketsWithContext(aws.Context, *s3.ListBucketsInput, ...request.Option) (*s3.ListBucketsOutput, error) ListBucketsRequest(*s3.ListBucketsInput) (*request.Request, *s3.ListBucketsOutput) + ListDirectoryBuckets(*s3.ListDirectoryBucketsInput) (*s3.ListDirectoryBucketsOutput, error) + ListDirectoryBucketsWithContext(aws.Context, *s3.ListDirectoryBucketsInput, ...request.Option) (*s3.ListDirectoryBucketsOutput, error) + ListDirectoryBucketsRequest(*s3.ListDirectoryBucketsInput) (*request.Request, *s3.ListDirectoryBucketsOutput) + + ListDirectoryBucketsPages(*s3.ListDirectoryBucketsInput, func(*s3.ListDirectoryBucketsOutput, bool) bool) error + ListDirectoryBucketsPagesWithContext(aws.Context, *s3.ListDirectoryBucketsInput, func(*s3.ListDirectoryBucketsOutput, bool) bool, ...request.Option) error + ListMultipartUploads(*s3.ListMultipartUploadsInput) (*s3.ListMultipartUploadsOutput, error) ListMultipartUploadsWithContext(aws.Context, *s3.ListMultipartUploadsInput, ...request.Option) (*s3.ListMultipartUploadsOutput, error) ListMultipartUploadsRequest(*s3.ListMultipartUploadsInput) (*request.Request, *s3.ListMultipartUploadsOutput) @@ -455,6 +470,10 @@ type S3API interface { UploadPartCopyWithContext(aws.Context, *s3.UploadPartCopyInput, ...request.Option) (*s3.UploadPartCopyOutput, error) UploadPartCopyRequest(*s3.UploadPartCopyInput) (*request.Request, *s3.UploadPartCopyOutput) + WriteGetObjectResponse(*s3.WriteGetObjectResponseInput) (*s3.WriteGetObjectResponseOutput, error) + WriteGetObjectResponseWithContext(aws.Context, *s3.WriteGetObjectResponseInput, ...request.Option) (*s3.WriteGetObjectResponseOutput, error) + WriteGetObjectResponseRequest(*s3.WriteGetObjectResponseInput) (*request.Request, *s3.WriteGetObjectResponseOutput) + WaitUntilBucketExists(*s3.HeadBucketInput) error WaitUntilBucketExistsWithContext(aws.Context, *s3.HeadBucketInput, ...request.WaiterOption) error diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go index b4c07b4d4..3e75d0e94 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go @@ -39,31 +39,36 @@ const ( // aws.Config parameter to add your extra config. // // Example: -// mySession := session.Must(session.NewSession()) // -// // Create a S3 client from just a session. -// svc := s3.New(mySession) +// mySession := session.Must(session.NewSession()) // -// // Create a S3 client with additional configuration -// svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +// // Create a S3 client from just a session. +// svc := s3.New(mySession) +// +// // Create a S3 client with additional configuration +// svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2")) func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 { c := p.ClientConfig(EndpointsID, cfgs...) - return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "s3" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } // newClient creates, initializes and returns a new service client instance. -func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *S3 { +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *S3 { svc := &S3{ Client: client.New( cfg, metadata.ClientInfo{ - ServiceName: ServiceName, - ServiceID: ServiceID, - SigningName: signingName, - SigningRegion: signingRegion, - PartitionID: partitionID, - Endpoint: endpoint, - APIVersion: "2006-03-01", + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2006-03-01", + ResolvedRegion: resolvedRegion, }, handlers, ), diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go index 247770e4c..096adc091 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go @@ -11,16 +11,21 @@ import ( "github.com/aws/aws-sdk-go/internal/sdkio" ) -func copyMultipartStatusOKUnmarhsalError(r *request.Request) { +func copyMultipartStatusOKUnmarshalError(r *request.Request) { b, err := ioutil.ReadAll(r.HTTPResponse.Body) + r.HTTPResponse.Body.Close() if err != nil { r.Error = awserr.NewRequestFailure( awserr.New(request.ErrCodeSerialization, "unable to read response body", err), r.HTTPResponse.StatusCode, r.RequestID, ) + // Note, some middleware later in the stack like restxml.Unmarshal expect a valid, non-closed Body + // even in case of an error, so we replace it with an empty Reader. + r.HTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(nil)) return } + body := bytes.NewReader(b) r.HTTPResponse.Body = ioutil.NopCloser(body) defer body.Seek(0, sdkio.SeekStart) diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/api.go b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go new file mode 100644 index 000000000..b8f590f71 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go @@ -0,0 +1,1367 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package sso + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +const opGetRoleCredentials = "GetRoleCredentials" + +// GetRoleCredentialsRequest generates a "aws/request.Request" representing the +// client's request for the GetRoleCredentials operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetRoleCredentials for more information on using the GetRoleCredentials +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetRoleCredentialsRequest method. +// req, resp := client.GetRoleCredentialsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials +func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput) { + op := &request.Operation{ + Name: opGetRoleCredentials, + HTTPMethod: "GET", + HTTPPath: "/federation/credentials", + } + + if input == nil { + input = &GetRoleCredentialsInput{} + } + + output = &GetRoleCredentialsOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// GetRoleCredentials API operation for AWS Single Sign-On. +// +// Returns the STS short-term credentials for a given role name that is assigned +// to the user. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation GetRoleCredentials for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// - TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// - ResourceNotFoundException +// The specified resource doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials +func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error) { + req, out := c.GetRoleCredentialsRequest(input) + return out, req.Send() +} + +// GetRoleCredentialsWithContext is the same as GetRoleCredentials with the addition of +// the ability to pass a context and additional request options. +// +// See GetRoleCredentials for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) GetRoleCredentialsWithContext(ctx aws.Context, input *GetRoleCredentialsInput, opts ...request.Option) (*GetRoleCredentialsOutput, error) { + req, out := c.GetRoleCredentialsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListAccountRoles = "ListAccountRoles" + +// ListAccountRolesRequest generates a "aws/request.Request" representing the +// client's request for the ListAccountRoles operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAccountRoles for more information on using the ListAccountRoles +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListAccountRolesRequest method. +// req, resp := client.ListAccountRolesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles +func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput) { + op := &request.Operation{ + Name: opListAccountRoles, + HTTPMethod: "GET", + HTTPPath: "/assignment/roles", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAccountRolesInput{} + } + + output = &ListAccountRolesOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// ListAccountRoles API operation for AWS Single Sign-On. +// +// Lists all roles that are assigned to the user for a given AWS account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation ListAccountRoles for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// - TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// - ResourceNotFoundException +// The specified resource doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles +func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error) { + req, out := c.ListAccountRolesRequest(input) + return out, req.Send() +} + +// ListAccountRolesWithContext is the same as ListAccountRoles with the addition of +// the ability to pass a context and additional request options. +// +// See ListAccountRoles for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRolesInput, opts ...request.Option) (*ListAccountRolesOutput, error) { + req, out := c.ListAccountRolesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAccountRolesPages iterates over the pages of a ListAccountRoles operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAccountRoles method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAccountRoles operation. +// pageNum := 0 +// err := client.ListAccountRolesPages(params, +// func(page *sso.ListAccountRolesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error { + return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAccountRolesPagesWithContext same as ListAccountRolesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountRolesPagesWithContext(ctx aws.Context, input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAccountRolesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAccountRolesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListAccountRolesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListAccounts = "ListAccounts" + +// ListAccountsRequest generates a "aws/request.Request" representing the +// client's request for the ListAccounts operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAccounts for more information on using the ListAccounts +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListAccountsRequest method. +// req, resp := client.ListAccountsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts +func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { + op := &request.Operation{ + Name: opListAccounts, + HTTPMethod: "GET", + HTTPPath: "/assignment/accounts", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAccountsInput{} + } + + output = &ListAccountsOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// ListAccounts API operation for AWS Single Sign-On. +// +// Lists all AWS accounts assigned to the user. These AWS accounts are assigned +// by the administrator of the account. For more information, see Assign User +// Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers) +// in the IAM Identity Center User Guide. This operation returns a paginated +// response. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation ListAccounts for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// - TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// - ResourceNotFoundException +// The specified resource doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts +func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { + req, out := c.ListAccountsRequest(input) + return out, req.Send() +} + +// ListAccountsWithContext is the same as ListAccounts with the addition of +// the ability to pass a context and additional request options. +// +// See ListAccounts for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { + req, out := c.ListAccountsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAccountsPages iterates over the pages of a ListAccounts operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAccounts method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAccounts operation. +// pageNum := 0 +// err := client.ListAccountsPages(params, +// func(page *sso.ListAccountsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { + return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAccountsPagesWithContext same as ListAccountsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAccountsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAccountsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opLogout = "Logout" + +// LogoutRequest generates a "aws/request.Request" representing the +// client's request for the Logout operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See Logout for more information on using the Logout +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the LogoutRequest method. +// req, resp := client.LogoutRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout +func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput) { + op := &request.Operation{ + Name: opLogout, + HTTPMethod: "POST", + HTTPPath: "/logout", + } + + if input == nil { + input = &LogoutInput{} + } + + output = &LogoutOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// Logout API operation for AWS Single Sign-On. +// +// Removes the locally stored SSO tokens from the client-side cache and sends +// an API call to the IAM Identity Center service to invalidate the corresponding +// server-side IAM Identity Center sign in session. +// +// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM +// Identity Center sign in session is used to obtain an IAM session, as specified +// in the corresponding IAM Identity Center permission set. More specifically, +// IAM Identity Center assumes an IAM role in the target account on behalf of +// the user, and the corresponding temporary AWS credentials are returned to +// the client. +// +// After user logout, any existing IAM role sessions that were created by using +// IAM Identity Center permission sets continue based on the duration configured +// in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html) +// in the IAM Identity Center User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation Logout for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// - TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout +func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error) { + req, out := c.LogoutRequest(input) + return out, req.Send() +} + +// LogoutWithContext is the same as Logout with the addition of +// the ability to pass a context and additional request options. +// +// See Logout for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...request.Option) (*LogoutOutput, error) { + req, out := c.LogoutRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// Provides information about your AWS account. +type AccountInfo struct { + _ struct{} `type:"structure"` + + // The identifier of the AWS account that is assigned to the user. + AccountId *string `locationName:"accountId" type:"string"` + + // The display name of the AWS account that is assigned to the user. + AccountName *string `locationName:"accountName" type:"string"` + + // The email address of the AWS account that is assigned to the user. + EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountInfo) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *AccountInfo) SetAccountId(v string) *AccountInfo { + s.AccountId = &v + return s +} + +// SetAccountName sets the AccountName field's value. +func (s *AccountInfo) SetAccountName(v string) *AccountInfo { + s.AccountName = &v + return s +} + +// SetEmailAddress sets the EmailAddress field's value. +func (s *AccountInfo) SetEmailAddress(v string) *AccountInfo { + s.EmailAddress = &v + return s +} + +type GetRoleCredentialsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the IAM Identity Center OIDC API Reference Guide. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetRoleCredentialsInput's + // String and GoString methods. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` + + // The identifier for the AWS account that is assigned to the user. + // + // AccountId is a required field + AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"` + + // The friendly name of the role that is assigned to the user. + // + // RoleName is a required field + RoleName *string `location:"querystring" locationName:"role_name" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRoleCredentialsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRoleCredentialsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetRoleCredentialsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetRoleCredentialsInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + if s.AccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AccountId")) + } + if s.RoleName == nil { + invalidParams.Add(request.NewErrParamRequired("RoleName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *GetRoleCredentialsInput) SetAccessToken(v string) *GetRoleCredentialsInput { + s.AccessToken = &v + return s +} + +// SetAccountId sets the AccountId field's value. +func (s *GetRoleCredentialsInput) SetAccountId(v string) *GetRoleCredentialsInput { + s.AccountId = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *GetRoleCredentialsInput) SetRoleName(v string) *GetRoleCredentialsInput { + s.RoleName = &v + return s +} + +type GetRoleCredentialsOutput struct { + _ struct{} `type:"structure"` + + // The credentials for the role that is assigned to the user. + RoleCredentials *RoleCredentials `locationName:"roleCredentials" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRoleCredentialsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRoleCredentialsOutput) GoString() string { + return s.String() +} + +// SetRoleCredentials sets the RoleCredentials field's value. +func (s *GetRoleCredentialsOutput) SetRoleCredentials(v *RoleCredentials) *GetRoleCredentialsOutput { + s.RoleCredentials = v + return s +} + +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +type InvalidRequestException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { + return &InvalidRequestException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestException) Code() string { + return "InvalidRequestException" +} + +// Message returns the exception's message. +func (s *InvalidRequestException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestException) OrigErr() error { + return nil +} + +func (s *InvalidRequestException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestException) RequestID() string { + return s.RespMetadata.RequestID +} + +type ListAccountRolesInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the IAM Identity Center OIDC API Reference Guide. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ListAccountRolesInput's + // String and GoString methods. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` + + // The identifier for the AWS account that is assigned to the user. + // + // AccountId is a required field + AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"` + + // The number of items that clients can request per page. + MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"` + + // The page token from the previous response output when you request subsequent + // pages. + NextToken *string `location:"querystring" locationName:"next_token" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountRolesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountRolesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAccountRolesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccountRolesInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + if s.AccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AccountId")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *ListAccountRolesInput) SetAccessToken(v string) *ListAccountRolesInput { + s.AccessToken = &v + return s +} + +// SetAccountId sets the AccountId field's value. +func (s *ListAccountRolesInput) SetAccountId(v string) *ListAccountRolesInput { + s.AccountId = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccountRolesInput) SetMaxResults(v int64) *ListAccountRolesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountRolesInput) SetNextToken(v string) *ListAccountRolesInput { + s.NextToken = &v + return s +} + +type ListAccountRolesOutput struct { + _ struct{} `type:"structure"` + + // The page token client that is used to retrieve the list of accounts. + NextToken *string `locationName:"nextToken" type:"string"` + + // A paginated response with the list of roles and the next token if more results + // are available. + RoleList []*RoleInfo `locationName:"roleList" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountRolesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountRolesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountRolesOutput) SetNextToken(v string) *ListAccountRolesOutput { + s.NextToken = &v + return s +} + +// SetRoleList sets the RoleList field's value. +func (s *ListAccountRolesOutput) SetRoleList(v []*RoleInfo) *ListAccountRolesOutput { + s.RoleList = v + return s +} + +type ListAccountsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the IAM Identity Center OIDC API Reference Guide. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ListAccountsInput's + // String and GoString methods. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` + + // This is the number of items clients can request per page. + MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"` + + // (Optional) When requesting subsequent pages, this is the page token from + // the previous response output. + NextToken *string `location:"querystring" locationName:"next_token" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAccountsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *ListAccountsInput) SetAccessToken(v string) *ListAccountsInput { + s.AccessToken = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { + s.NextToken = &v + return s +} + +type ListAccountsOutput struct { + _ struct{} `type:"structure"` + + // A paginated response with the list of account information and the next token + // if more results are available. + AccountList []*AccountInfo `locationName:"accountList" type:"list"` + + // The page token client that is used to retrieve the list of accounts. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAccountsOutput) GoString() string { + return s.String() +} + +// SetAccountList sets the AccountList field's value. +func (s *ListAccountsOutput) SetAccountList(v []*AccountInfo) *ListAccountsOutput { + s.AccountList = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { + s.NextToken = &v + return s +} + +type LogoutInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the IAM Identity Center OIDC API Reference Guide. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by LogoutInput's + // String and GoString methods. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogoutInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogoutInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *LogoutInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "LogoutInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *LogoutInput) SetAccessToken(v string) *LogoutInput { + s.AccessToken = &v + return s +} + +type LogoutOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogoutOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LogoutOutput) GoString() string { + return s.String() +} + +// The specified resource doesn't exist. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Provides information about the role credentials that are assigned to the +// user. +type RoleCredentials struct { + _ struct{} `type:"structure"` + + // The identifier used for the temporary security credentials. For more information, + // see Using Temporary Security Credentials to Request Access to AWS Resources + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) + // in the AWS IAM User Guide. + AccessKeyId *string `locationName:"accessKeyId" type:"string"` + + // The date on which temporary security credentials expire. + Expiration *int64 `locationName:"expiration" type:"long"` + + // The key that is used to sign the request. For more information, see Using + // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) + // in the AWS IAM User Guide. + // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RoleCredentials's + // String and GoString methods. + SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"` + + // The token used for temporary credentials. For more information, see Using + // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) + // in the AWS IAM User Guide. + // + // SessionToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RoleCredentials's + // String and GoString methods. + SessionToken *string `locationName:"sessionToken" type:"string" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RoleCredentials) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RoleCredentials) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *RoleCredentials) SetAccessKeyId(v string) *RoleCredentials { + s.AccessKeyId = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *RoleCredentials) SetExpiration(v int64) *RoleCredentials { + s.Expiration = &v + return s +} + +// SetSecretAccessKey sets the SecretAccessKey field's value. +func (s *RoleCredentials) SetSecretAccessKey(v string) *RoleCredentials { + s.SecretAccessKey = &v + return s +} + +// SetSessionToken sets the SessionToken field's value. +func (s *RoleCredentials) SetSessionToken(v string) *RoleCredentials { + s.SessionToken = &v + return s +} + +// Provides information about the role that is assigned to the user. +type RoleInfo struct { + _ struct{} `type:"structure"` + + // The identifier of the AWS account assigned to the user. + AccountId *string `locationName:"accountId" type:"string"` + + // The friendly name of the role that is assigned to the user. + RoleName *string `locationName:"roleName" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RoleInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RoleInfo) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *RoleInfo) SetAccountId(v string) *RoleInfo { + s.AccountId = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *RoleInfo) SetRoleName(v string) *RoleInfo { + s.RoleName = &v + return s +} + +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +type TooManyRequestsException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyRequestsException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyRequestsException) GoString() string { + return s.String() +} + +func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error { + return &TooManyRequestsException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *TooManyRequestsException) Code() string { + return "TooManyRequestsException" +} + +// Message returns the exception's message. +func (s *TooManyRequestsException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *TooManyRequestsException) OrigErr() error { + return nil +} + +func (s *TooManyRequestsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *TooManyRequestsException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *TooManyRequestsException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +type UnauthorizedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnauthorizedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnauthorizedException) GoString() string { + return s.String() +} + +func newErrorUnauthorizedException(v protocol.ResponseMetadata) error { + return &UnauthorizedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *UnauthorizedException) Code() string { + return "UnauthorizedException" +} + +// Message returns the exception's message. +func (s *UnauthorizedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnauthorizedException) OrigErr() error { + return nil +} + +func (s *UnauthorizedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnauthorizedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnauthorizedException) RequestID() string { + return s.RespMetadata.RequestID +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go new file mode 100644 index 000000000..15e61a322 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go @@ -0,0 +1,45 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package sso provides the client and types for making API +// requests to AWS Single Sign-On. +// +// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web +// service that makes it easy for you to assign user access to IAM Identity +// Center resources such as the AWS access portal. Users can get AWS account +// applications and roles assigned to them and get federated into the application. +// +// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces +// will continue to retain their original name for backward compatibility purposes. +// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed). +// +// This reference guide describes the IAM Identity Center Portal operations +// that you can call programatically and includes detailed information on data +// types and errors. +// +// AWS provides SDKs that consist of libraries and sample code for various programming +// languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs +// provide a convenient way to create programmatic access to IAM Identity Center +// and other AWS services. For more information about the AWS SDKs, including +// how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/). +// +// See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service. +// +// See sso package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/ +// +// # Using the Client +// +// To contact AWS Single Sign-On with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the AWS Single Sign-On client SSO for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/#New +package sso diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go new file mode 100644 index 000000000..77a6792e3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go @@ -0,0 +1,44 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package sso + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeInvalidRequestException for service response error code + // "InvalidRequestException". + // + // Indicates that a problem occurred with the input to the request. For example, + // a required parameter might be missing or out of range. + ErrCodeInvalidRequestException = "InvalidRequestException" + + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // The specified resource doesn't exist. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" + + // ErrCodeTooManyRequestsException for service response error code + // "TooManyRequestsException". + // + // Indicates that the request is being made too frequently and is more than + // what the server can handle. + ErrCodeTooManyRequestsException = "TooManyRequestsException" + + // ErrCodeUnauthorizedException for service response error code + // "UnauthorizedException". + // + // Indicates that the request is not authorized. This can happen due to an invalid + // access token in the request. + ErrCodeUnauthorizedException = "UnauthorizedException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "InvalidRequestException": newErrorInvalidRequestException, + "ResourceNotFoundException": newErrorResourceNotFoundException, + "TooManyRequestsException": newErrorTooManyRequestsException, + "UnauthorizedException": newErrorUnauthorizedException, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/service.go b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go new file mode 100644 index 000000000..7094cfe41 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go @@ -0,0 +1,106 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package sso + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +// SSO provides the API operation methods for making requests to +// AWS Single Sign-On. See this package's package overview docs +// for details on the service. +// +// SSO methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type SSO struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "SSO" // Name of service. + EndpointsID = "portal.sso" // ID to lookup a service endpoint with. + ServiceID = "SSO" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the SSO client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// +// mySession := session.Must(session.NewSession()) +// +// // Create a SSO client from just a session. +// svc := sso.New(mySession) +// +// // Create a SSO client with additional configuration +// svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "awsssoportal" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSO { + svc := &SSO{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2019-06-10", + ResolvedRegion: resolvedRegion, + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(restjson.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a SSO operation and runs any +// custom request initialization. +func (c *SSO) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go new file mode 100644 index 000000000..818cab7cd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go @@ -0,0 +1,86 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package ssoiface provides an interface to enable mocking the AWS Single Sign-On service client +// for testing your code. +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. +package ssoiface + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/sso" +) + +// SSOAPI provides an interface to enable mocking the +// sso.SSO service client's API operation, +// paginators, and waiters. This make unit testing your code that calls out +// to the SDK's service client's calls easier. +// +// The best way to use this interface is so the SDK's service client's calls +// can be stubbed out for unit testing your code with the SDK without needing +// to inject custom request handlers into the SDK's request pipeline. +// +// // myFunc uses an SDK service client to make a request to +// // AWS Single Sign-On. +// func myFunc(svc ssoiface.SSOAPI) bool { +// // Make svc.GetRoleCredentials request +// } +// +// func main() { +// sess := session.New() +// svc := sso.New(sess) +// +// myFunc(svc) +// } +// +// In your _test.go file: +// +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockSSOClient struct { +// ssoiface.SSOAPI +// } +// func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) { +// // mock response/functionality +// } +// +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockSSOClient{} +// +// myfunc(mockSvc) +// +// // Verify myFunc's functionality +// } +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. Its suggested to use the pattern above for testing, or using +// tooling to generate mocks to satisfy the interfaces. +type SSOAPI interface { + GetRoleCredentials(*sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) + GetRoleCredentialsWithContext(aws.Context, *sso.GetRoleCredentialsInput, ...request.Option) (*sso.GetRoleCredentialsOutput, error) + GetRoleCredentialsRequest(*sso.GetRoleCredentialsInput) (*request.Request, *sso.GetRoleCredentialsOutput) + + ListAccountRoles(*sso.ListAccountRolesInput) (*sso.ListAccountRolesOutput, error) + ListAccountRolesWithContext(aws.Context, *sso.ListAccountRolesInput, ...request.Option) (*sso.ListAccountRolesOutput, error) + ListAccountRolesRequest(*sso.ListAccountRolesInput) (*request.Request, *sso.ListAccountRolesOutput) + + ListAccountRolesPages(*sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool) error + ListAccountRolesPagesWithContext(aws.Context, *sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool, ...request.Option) error + + ListAccounts(*sso.ListAccountsInput) (*sso.ListAccountsOutput, error) + ListAccountsWithContext(aws.Context, *sso.ListAccountsInput, ...request.Option) (*sso.ListAccountsOutput, error) + ListAccountsRequest(*sso.ListAccountsInput) (*request.Request, *sso.ListAccountsOutput) + + ListAccountsPages(*sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool) error + ListAccountsPagesWithContext(aws.Context, *sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool, ...request.Option) error + + Logout(*sso.LogoutInput) (*sso.LogoutOutput, error) + LogoutWithContext(aws.Context, *sso.LogoutInput, ...request.Option) (*sso.LogoutOutput, error) + LogoutRequest(*sso.LogoutInput) (*request.Request, *sso.LogoutOutput) +} + +var _ SSOAPI = (*sso.SSO)(nil) diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go new file mode 100644 index 000000000..827bd5194 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go @@ -0,0 +1,2406 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package ssooidc + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" +) + +const opCreateToken = "CreateToken" + +// CreateTokenRequest generates a "aws/request.Request" representing the +// client's request for the CreateToken operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateToken for more information on using the CreateToken +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTokenRequest method. +// req, resp := client.CreateTokenRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken +func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Request, output *CreateTokenOutput) { + op := &request.Operation{ + Name: opCreateToken, + HTTPMethod: "POST", + HTTPPath: "/token", + } + + if input == nil { + input = &CreateTokenInput{} + } + + output = &CreateTokenOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// CreateToken API operation for AWS SSO OIDC. +// +// Creates and returns access and refresh tokens for clients that are authenticated +// using client secrets. The access token can be used to fetch short-term credentials +// for the assigned AWS accounts or to access application APIs using bearer +// authentication. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation CreateToken for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - InvalidGrantException +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - AuthorizationPendingException +// Indicates that a request to authorize a client with an access user session +// token is pending. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ExpiredTokenException +// Indicates that the token issued by the service is expired and is no longer +// valid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken +func (c *SSOOIDC) CreateToken(input *CreateTokenInput) (*CreateTokenOutput, error) { + req, out := c.CreateTokenRequest(input) + return out, req.Send() +} + +// CreateTokenWithContext is the same as CreateToken with the addition of +// the ability to pass a context and additional request options. +// +// See CreateToken for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInput, opts ...request.Option) (*CreateTokenOutput, error) { + req, out := c.CreateTokenRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTokenWithIAM = "CreateTokenWithIAM" + +// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the +// client's request for the CreateTokenWithIAM operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTokenWithIAMRequest method. +// req, resp := client.CreateTokenWithIAMRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) { + op := &request.Operation{ + Name: opCreateTokenWithIAM, + HTTPMethod: "POST", + HTTPPath: "/token?aws_iam=t", + } + + if input == nil { + input = &CreateTokenWithIAMInput{} + } + + output = &CreateTokenWithIAMOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTokenWithIAM API operation for AWS SSO OIDC. +// +// Creates and returns access and refresh tokens for clients and applications +// that are authenticated using IAM entities. The access token can be used to +// fetch short-term credentials for the assigned Amazon Web Services accounts +// or to access application APIs using bearer authentication. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation CreateTokenWithIAM for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - InvalidGrantException +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - AuthorizationPendingException +// Indicates that a request to authorize a client with an access user session +// token is pending. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ExpiredTokenException +// Indicates that the token issued by the service is expired and is no longer +// valid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// - InvalidRequestRegionException +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + return out, req.Send() +} + +// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTokenWithIAM for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRegisterClient = "RegisterClient" + +// RegisterClientRequest generates a "aws/request.Request" representing the +// client's request for the RegisterClient operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RegisterClient for more information on using the RegisterClient +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RegisterClientRequest method. +// req, resp := client.RegisterClientRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient +func (c *SSOOIDC) RegisterClientRequest(input *RegisterClientInput) (req *request.Request, output *RegisterClientOutput) { + op := &request.Operation{ + Name: opRegisterClient, + HTTPMethod: "POST", + HTTPPath: "/client/register", + } + + if input == nil { + input = &RegisterClientInput{} + } + + output = &RegisterClientOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// RegisterClient API operation for AWS SSO OIDC. +// +// Registers a client with IAM Identity Center. This allows clients to initiate +// device authorization. The output should be persisted for reuse through many +// authentication requests. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation RegisterClient for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - InvalidClientMetadataException +// Indicates that the client information sent in the request during registration +// is invalid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// - InvalidRedirectUriException +// Indicates that one or more redirect URI in the request is not supported for +// this operation. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient +func (c *SSOOIDC) RegisterClient(input *RegisterClientInput) (*RegisterClientOutput, error) { + req, out := c.RegisterClientRequest(input) + return out, req.Send() +} + +// RegisterClientWithContext is the same as RegisterClient with the addition of +// the ability to pass a context and additional request options. +// +// See RegisterClient for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) RegisterClientWithContext(ctx aws.Context, input *RegisterClientInput, opts ...request.Option) (*RegisterClientOutput, error) { + req, out := c.RegisterClientRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStartDeviceAuthorization = "StartDeviceAuthorization" + +// StartDeviceAuthorizationRequest generates a "aws/request.Request" representing the +// client's request for the StartDeviceAuthorization operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartDeviceAuthorization for more information on using the StartDeviceAuthorization +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StartDeviceAuthorizationRequest method. +// req, resp := client.StartDeviceAuthorizationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization +func (c *SSOOIDC) StartDeviceAuthorizationRequest(input *StartDeviceAuthorizationInput) (req *request.Request, output *StartDeviceAuthorizationOutput) { + op := &request.Operation{ + Name: opStartDeviceAuthorization, + HTTPMethod: "POST", + HTTPPath: "/device_authorization", + } + + if input == nil { + input = &StartDeviceAuthorizationInput{} + } + + output = &StartDeviceAuthorizationOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// StartDeviceAuthorization API operation for AWS SSO OIDC. +// +// Initiates device authorization by requesting a pair of verification codes +// from the authorization service. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation StartDeviceAuthorization for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization +func (c *SSOOIDC) StartDeviceAuthorization(input *StartDeviceAuthorizationInput) (*StartDeviceAuthorizationOutput, error) { + req, out := c.StartDeviceAuthorizationRequest(input) + return out, req.Send() +} + +// StartDeviceAuthorizationWithContext is the same as StartDeviceAuthorization with the addition of +// the ability to pass a context and additional request options. +// +// See StartDeviceAuthorization for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) StartDeviceAuthorizationWithContext(ctx aws.Context, input *StartDeviceAuthorizationInput, opts ...request.Option) (*StartDeviceAuthorizationOutput, error) { + req, out := c.StartDeviceAuthorizationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// You do not have sufficient access to perform this action. +type AccessDeniedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be access_denied. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) GoString() string { + return s.String() +} + +func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { + return &AccessDeniedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AccessDeniedException) Code() string { + return "AccessDeniedException" +} + +// Message returns the exception's message. +func (s *AccessDeniedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AccessDeniedException) OrigErr() error { + return nil +} + +func (s *AccessDeniedException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AccessDeniedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AccessDeniedException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that a request to authorize a client with an access user session +// token is pending. +type AuthorizationPendingException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be authorization_pending. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthorizationPendingException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AuthorizationPendingException) GoString() string { + return s.String() +} + +func newErrorAuthorizationPendingException(v protocol.ResponseMetadata) error { + return &AuthorizationPendingException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AuthorizationPendingException) Code() string { + return "AuthorizationPendingException" +} + +// Message returns the exception's message. +func (s *AuthorizationPendingException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AuthorizationPendingException) OrigErr() error { + return nil +} + +func (s *AuthorizationPendingException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AuthorizationPendingException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AuthorizationPendingException) RequestID() string { + return s.RespMetadata.RequestID +} + +type CreateTokenInput struct { + _ struct{} `type:"structure"` + + // The unique identifier string for the client or application. This value comes + // from the result of the RegisterClient API. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // A secret string generated for the client. This value should come from the + // persisted result of the RegisterClient API. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + // + // ClientSecret is a required field + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` + + // Used only when calling this API for the Authorization Code grant type. The + // short-term code is used to identify this authorization request. This grant + // type is currently unsupported for the CreateToken API. + Code *string `locationName:"code" type:"string"` + + // Used only when calling this API for the Authorization Code grant type. This + // value is generated by the client and presented to validate the original code + // challenge value the client passed at authorization time. + // + // CodeVerifier is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + CodeVerifier *string `locationName:"codeVerifier" type:"string" sensitive:"true"` + + // Used only when calling this API for the Device Code grant type. This short-term + // code is used to identify this authorization request. This comes from the + // result of the StartDeviceAuthorization API. + DeviceCode *string `locationName:"deviceCode" type:"string"` + + // Supports the following OAuth grant types: Device Code and Refresh Token. + // Specify either of the following values, depending on the grant type that + // you want: + // + // * Device Code - urn:ietf:params:oauth:grant-type:device_code + // + // * Refresh Token - refresh_token + // + // For information about how to obtain the device code, see the StartDeviceAuthorization + // topic. + // + // GrantType is a required field + GrantType *string `locationName:"grantType" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. + RedirectUri *string `locationName:"redirectUri" type:"string"` + + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If this value is + // not specified, IAM Identity Center authorizes all scopes that are configured + // for the client during the call to RegisterClient. + Scope []*string `locationName:"scope" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTokenInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTokenInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.ClientSecret == nil { + invalidParams.Add(request.NewErrParamRequired("ClientSecret")) + } + if s.GrantType == nil { + invalidParams.Add(request.NewErrParamRequired("GrantType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientId sets the ClientId field's value. +func (s *CreateTokenInput) SetClientId(v string) *CreateTokenInput { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *CreateTokenInput) SetClientSecret(v string) *CreateTokenInput { + s.ClientSecret = &v + return s +} + +// SetCode sets the Code field's value. +func (s *CreateTokenInput) SetCode(v string) *CreateTokenInput { + s.Code = &v + return s +} + +// SetCodeVerifier sets the CodeVerifier field's value. +func (s *CreateTokenInput) SetCodeVerifier(v string) *CreateTokenInput { + s.CodeVerifier = &v + return s +} + +// SetDeviceCode sets the DeviceCode field's value. +func (s *CreateTokenInput) SetDeviceCode(v string) *CreateTokenInput { + s.DeviceCode = &v + return s +} + +// SetGrantType sets the GrantType field's value. +func (s *CreateTokenInput) SetGrantType(v string) *CreateTokenInput { + s.GrantType = &v + return s +} + +// SetRedirectUri sets the RedirectUri field's value. +func (s *CreateTokenInput) SetRedirectUri(v string) *CreateTokenInput { + s.RedirectUri = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenInput) SetRefreshToken(v string) *CreateTokenInput { + s.RefreshToken = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput { + s.Scope = v + return s +} + +type CreateTokenOutput struct { + _ struct{} `type:"structure"` + + // A bearer token to access Amazon Web Services accounts and applications assigned + // to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` + + // Indicates the time in seconds when an access token will expire. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // The idToken is not implemented or supported. For more information about the + // features and limitations of the current IAM Identity Center OIDC implementation, + // see Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // A JSON Web Token (JWT) that identifies who is associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // Used to notify the client that the returned token is an access token. The + // supported token type is Bearer. + TokenType *string `locationName:"tokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenOutput) GoString() string { + return s.String() +} + +// SetAccessToken sets the AccessToken field's value. +func (s *CreateTokenOutput) SetAccessToken(v string) *CreateTokenOutput { + s.AccessToken = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *CreateTokenOutput) SetExpiresIn(v int64) *CreateTokenOutput { + s.ExpiresIn = &v + return s +} + +// SetIdToken sets the IdToken field's value. +func (s *CreateTokenOutput) SetIdToken(v string) *CreateTokenOutput { + s.IdToken = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenOutput) SetRefreshToken(v string) *CreateTokenOutput { + s.RefreshToken = &v + return s +} + +// SetTokenType sets the TokenType field's value. +func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput { + s.TokenType = &v + return s +} + +type CreateTokenWithIAMInput struct { + _ struct{} `type:"structure"` + + // Used only when calling this API for the JWT Bearer grant type. This value + // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize + // a trusted token issuer, configure the JWT Bearer GrantOptions for the application. + // + // Assertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + Assertion *string `locationName:"assertion" type:"string" sensitive:"true"` + + // The unique identifier string for the client or application. This value is + // an application ARN that has OAuth grants configured. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // short-term code is used to identify this authorization request. The code + // is obtained through a redirect from IAM Identity Center to a redirect URI + // persisted in the Authorization Code GrantOptions for the application. + Code *string `locationName:"code" type:"string"` + + // Used only when calling this API for the Authorization Code grant type. This + // value is generated by the client and presented to validate the original code + // challenge value the client passed at authorization time. + // + // CodeVerifier is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + CodeVerifier *string `locationName:"codeVerifier" type:"string" sensitive:"true"` + + // Supports the following OAuth grant types: Authorization Code, Refresh Token, + // JWT Bearer, and Token Exchange. Specify one of the following values, depending + // on the grant type that you want: + // + // * Authorization Code - authorization_code + // + // * Refresh Token - refresh_token + // + // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer + // + // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange + // + // GrantType is a required field + GrantType *string `locationName:"grantType" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. + RedirectUri *string `locationName:"redirectUri" type:"string"` + + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that the requester can receive. The following + // values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + RequestedTokenType *string `locationName:"requestedTokenType" type:"string"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If the value is + // not specified, IAM Identity Center authorizes all scopes configured for the + // application, including the following default scopes: openid, aws, sts:identity_context. + Scope []*string `locationName:"scope" type:"list"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the subject of the exchange. The value of the subject token must + // be an access token issued by IAM Identity Center to a different client or + // application. The access token must have authorized scopes that indicate the + // requested application as a target audience. + // + // SubjectToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that is passed as the subject of the exchange. + // The following value is supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + SubjectTokenType *string `locationName:"subjectTokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTokenWithIAMInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.GrantType == nil { + invalidParams.Add(request.NewErrParamRequired("GrantType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssertion sets the Assertion field's value. +func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput { + s.Assertion = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput { + s.ClientId = &v + return s +} + +// SetCode sets the Code field's value. +func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput { + s.Code = &v + return s +} + +// SetCodeVerifier sets the CodeVerifier field's value. +func (s *CreateTokenWithIAMInput) SetCodeVerifier(v string) *CreateTokenWithIAMInput { + s.CodeVerifier = &v + return s +} + +// SetGrantType sets the GrantType field's value. +func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput { + s.GrantType = &v + return s +} + +// SetRedirectUri sets the RedirectUri field's value. +func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput { + s.RedirectUri = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput { + s.RefreshToken = &v + return s +} + +// SetRequestedTokenType sets the RequestedTokenType field's value. +func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput { + s.RequestedTokenType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput { + s.Scope = v + return s +} + +// SetSubjectToken sets the SubjectToken field's value. +func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput { + s.SubjectToken = &v + return s +} + +// SetSubjectTokenType sets the SubjectTokenType field's value. +func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput { + s.SubjectTokenType = &v + return s +} + +type CreateTokenWithIAMOutput struct { + _ struct{} `type:"structure"` + + // A bearer token to access Amazon Web Services accounts and applications assigned + // to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` + + // Indicates the time in seconds when an access token will expire. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // A JSON Web Token (JWT) that identifies the user associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + + // Indicates the type of tokens that are issued by IAM Identity Center. The + // following values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + IssuedTokenType *string `locationName:"issuedTokenType" type:"string"` + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is granted. The access token that + // is issued is limited to the scopes that are granted. + Scope []*string `locationName:"scope" type:"list"` + + // Used to notify the requester that the returned token is an access token. + // The supported token type is Bearer. + TokenType *string `locationName:"tokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) GoString() string { + return s.String() +} + +// SetAccessToken sets the AccessToken field's value. +func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput { + s.AccessToken = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput { + s.ExpiresIn = &v + return s +} + +// SetIdToken sets the IdToken field's value. +func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput { + s.IdToken = &v + return s +} + +// SetIssuedTokenType sets the IssuedTokenType field's value. +func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput { + s.IssuedTokenType = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput { + s.RefreshToken = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput { + s.Scope = v + return s +} + +// SetTokenType sets the TokenType field's value. +func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput { + s.TokenType = &v + return s +} + +// Indicates that the token issued by the service is expired and is no longer +// valid. +type ExpiredTokenException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be expired_token. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExpiredTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExpiredTokenException) GoString() string { + return s.String() +} + +func newErrorExpiredTokenException(v protocol.ResponseMetadata) error { + return &ExpiredTokenException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ExpiredTokenException) Code() string { + return "ExpiredTokenException" +} + +// Message returns the exception's message. +func (s *ExpiredTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ExpiredTokenException) OrigErr() error { + return nil +} + +func (s *ExpiredTokenException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ExpiredTokenException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ExpiredTokenException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that an error from the service occurred while trying to process +// a request. +type InternalServerException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be server_error. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) GoString() string { + return s.String() +} + +func newErrorInternalServerException(v protocol.ResponseMetadata) error { + return &InternalServerException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InternalServerException) Code() string { + return "InternalServerException" +} + +// Message returns the exception's message. +func (s *InternalServerException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InternalServerException) OrigErr() error { + return nil +} + +func (s *InternalServerException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InternalServerException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InternalServerException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +type InvalidClientException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_client. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientException) GoString() string { + return s.String() +} + +func newErrorInvalidClientException(v protocol.ResponseMetadata) error { + return &InvalidClientException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidClientException) Code() string { + return "InvalidClientException" +} + +// Message returns the exception's message. +func (s *InvalidClientException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidClientException) OrigErr() error { + return nil +} + +func (s *InvalidClientException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidClientException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidClientException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the client information sent in the request during registration +// is invalid. +type InvalidClientMetadataException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_client_metadata. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientMetadataException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidClientMetadataException) GoString() string { + return s.String() +} + +func newErrorInvalidClientMetadataException(v protocol.ResponseMetadata) error { + return &InvalidClientMetadataException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidClientMetadataException) Code() string { + return "InvalidClientMetadataException" +} + +// Message returns the exception's message. +func (s *InvalidClientMetadataException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidClientMetadataException) OrigErr() error { + return nil +} + +func (s *InvalidClientMetadataException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidClientMetadataException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidClientMetadataException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +type InvalidGrantException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_grant. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidGrantException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidGrantException) GoString() string { + return s.String() +} + +func newErrorInvalidGrantException(v protocol.ResponseMetadata) error { + return &InvalidGrantException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidGrantException) Code() string { + return "InvalidGrantException" +} + +// Message returns the exception's message. +func (s *InvalidGrantException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidGrantException) OrigErr() error { + return nil +} + +func (s *InvalidGrantException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidGrantException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidGrantException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that one or more redirect URI in the request is not supported for +// this operation. +type InvalidRedirectUriException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_redirect_uri. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRedirectUriException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRedirectUriException) GoString() string { + return s.String() +} + +func newErrorInvalidRedirectUriException(v protocol.ResponseMetadata) error { + return &InvalidRedirectUriException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRedirectUriException) Code() string { + return "InvalidRedirectUriException" +} + +// Message returns the exception's message. +func (s *InvalidRedirectUriException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRedirectUriException) OrigErr() error { + return nil +} + +func (s *InvalidRedirectUriException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRedirectUriException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRedirectUriException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +type InvalidRequestException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_request. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { + return &InvalidRequestException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestException) Code() string { + return "InvalidRequestException" +} + +// Message returns the exception's message. +func (s *InvalidRequestException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestException) OrigErr() error { + return nil +} + +func (s *InvalidRequestException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +type InvalidRequestRegionException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Indicates the IAM Identity Center endpoint which the requester may call with + // this token. + Endpoint *string `locationName:"endpoint" type:"string"` + + // Single error code. For this exception the value will be invalid_request. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` + + // Indicates the region which the requester may call with this token. + Region *string `locationName:"region" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error { + return &InvalidRequestRegionException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestRegionException) Code() string { + return "InvalidRequestRegionException" +} + +// Message returns the exception's message. +func (s *InvalidRequestRegionException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestRegionException) OrigErr() error { + return nil +} + +func (s *InvalidRequestRegionException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestRegionException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestRegionException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the scope provided in the request is invalid. +type InvalidScopeException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be invalid_scope. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidScopeException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidScopeException) GoString() string { + return s.String() +} + +func newErrorInvalidScopeException(v protocol.ResponseMetadata) error { + return &InvalidScopeException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidScopeException) Code() string { + return "InvalidScopeException" +} + +// Message returns the exception's message. +func (s *InvalidScopeException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidScopeException) OrigErr() error { + return nil +} + +func (s *InvalidScopeException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidScopeException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidScopeException) RequestID() string { + return s.RespMetadata.RequestID +} + +type RegisterClientInput struct { + _ struct{} `type:"structure"` + + // The friendly name of the client. + // + // ClientName is a required field + ClientName *string `locationName:"clientName" type:"string" required:"true"` + + // The type of client. The service supports only public as a client type. Anything + // other than public will be rejected by the service. + // + // ClientType is a required field + ClientType *string `locationName:"clientType" type:"string" required:"true"` + + // This IAM Identity Center application ARN is used to define administrator-managed + // configuration for public client access to resources. At authorization, the + // scopes, grants, and redirect URI available to this client will be restricted + // by this application resource. + EntitledApplicationArn *string `locationName:"entitledApplicationArn" type:"string"` + + // The list of OAuth 2.0 grant types that are defined by the client. This list + // is used to restrict the token granting flows available to the client. + GrantTypes []*string `locationName:"grantTypes" type:"list"` + + // The IAM Identity Center Issuer URL associated with an instance of IAM Identity + // Center. This value is needed for user access to resources through the client. + IssuerUrl *string `locationName:"issuerUrl" type:"string"` + + // The list of redirect URI that are defined by the client. At completion of + // authorization, this list is used to restrict what locations the user agent + // can be redirected back to. + RedirectUris []*string `locationName:"redirectUris" type:"list"` + + // The list of scopes that are defined by the client. Upon authorization, this + // list is used to restrict permissions when granting an access token. + Scopes []*string `locationName:"scopes" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RegisterClientInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RegisterClientInput"} + if s.ClientName == nil { + invalidParams.Add(request.NewErrParamRequired("ClientName")) + } + if s.ClientType == nil { + invalidParams.Add(request.NewErrParamRequired("ClientType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientName sets the ClientName field's value. +func (s *RegisterClientInput) SetClientName(v string) *RegisterClientInput { + s.ClientName = &v + return s +} + +// SetClientType sets the ClientType field's value. +func (s *RegisterClientInput) SetClientType(v string) *RegisterClientInput { + s.ClientType = &v + return s +} + +// SetEntitledApplicationArn sets the EntitledApplicationArn field's value. +func (s *RegisterClientInput) SetEntitledApplicationArn(v string) *RegisterClientInput { + s.EntitledApplicationArn = &v + return s +} + +// SetGrantTypes sets the GrantTypes field's value. +func (s *RegisterClientInput) SetGrantTypes(v []*string) *RegisterClientInput { + s.GrantTypes = v + return s +} + +// SetIssuerUrl sets the IssuerUrl field's value. +func (s *RegisterClientInput) SetIssuerUrl(v string) *RegisterClientInput { + s.IssuerUrl = &v + return s +} + +// SetRedirectUris sets the RedirectUris field's value. +func (s *RegisterClientInput) SetRedirectUris(v []*string) *RegisterClientInput { + s.RedirectUris = v + return s +} + +// SetScopes sets the Scopes field's value. +func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput { + s.Scopes = v + return s +} + +type RegisterClientOutput struct { + _ struct{} `type:"structure"` + + // An endpoint that the client can use to request authorization. + AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` + + // The unique identifier string for each client. This client uses this identifier + // to get authenticated by the service in subsequent calls. + ClientId *string `locationName:"clientId" type:"string"` + + // Indicates the time at which the clientId and clientSecret were issued. + ClientIdIssuedAt *int64 `locationName:"clientIdIssuedAt" type:"long"` + + // A secret string generated for the client. The client will use this string + // to get authenticated by the service in subsequent calls. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RegisterClientOutput's + // String and GoString methods. + ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"` + + // Indicates the time at which the clientId and clientSecret will become invalid. + ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"` + + // An endpoint that the client can use to create tokens. + TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RegisterClientOutput) GoString() string { + return s.String() +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *RegisterClientOutput) SetAuthorizationEndpoint(v string) *RegisterClientOutput { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *RegisterClientOutput) SetClientId(v string) *RegisterClientOutput { + s.ClientId = &v + return s +} + +// SetClientIdIssuedAt sets the ClientIdIssuedAt field's value. +func (s *RegisterClientOutput) SetClientIdIssuedAt(v int64) *RegisterClientOutput { + s.ClientIdIssuedAt = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *RegisterClientOutput) SetClientSecret(v string) *RegisterClientOutput { + s.ClientSecret = &v + return s +} + +// SetClientSecretExpiresAt sets the ClientSecretExpiresAt field's value. +func (s *RegisterClientOutput) SetClientSecretExpiresAt(v int64) *RegisterClientOutput { + s.ClientSecretExpiresAt = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *RegisterClientOutput) SetTokenEndpoint(v string) *RegisterClientOutput { + s.TokenEndpoint = &v + return s +} + +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +type SlowDownException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be slow_down. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SlowDownException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SlowDownException) GoString() string { + return s.String() +} + +func newErrorSlowDownException(v protocol.ResponseMetadata) error { + return &SlowDownException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *SlowDownException) Code() string { + return "SlowDownException" +} + +// Message returns the exception's message. +func (s *SlowDownException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *SlowDownException) OrigErr() error { + return nil +} + +func (s *SlowDownException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *SlowDownException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *SlowDownException) RequestID() string { + return s.RespMetadata.RequestID +} + +type StartDeviceAuthorizationInput struct { + _ struct{} `type:"structure"` + + // The unique identifier string for the client that is registered with IAM Identity + // Center. This value should come from the persisted result of the RegisterClient + // API operation. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // A secret string that is generated for the client. This value should come + // from the persisted result of the RegisterClient API operation. + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's + // String and GoString methods. + // + // ClientSecret is a required field + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` + + // The URL for the Amazon Web Services access portal. For more information, + // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) + // in the IAM Identity Center User Guide. + // + // StartUrl is a required field + StartUrl *string `locationName:"startUrl" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartDeviceAuthorizationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartDeviceAuthorizationInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.ClientSecret == nil { + invalidParams.Add(request.NewErrParamRequired("ClientSecret")) + } + if s.StartUrl == nil { + invalidParams.Add(request.NewErrParamRequired("StartUrl")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientId sets the ClientId field's value. +func (s *StartDeviceAuthorizationInput) SetClientId(v string) *StartDeviceAuthorizationInput { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *StartDeviceAuthorizationInput) SetClientSecret(v string) *StartDeviceAuthorizationInput { + s.ClientSecret = &v + return s +} + +// SetStartUrl sets the StartUrl field's value. +func (s *StartDeviceAuthorizationInput) SetStartUrl(v string) *StartDeviceAuthorizationInput { + s.StartUrl = &v + return s +} + +type StartDeviceAuthorizationOutput struct { + _ struct{} `type:"structure"` + + // The short-lived code that is used by the device when polling for a session + // token. + DeviceCode *string `locationName:"deviceCode" type:"string"` + + // Indicates the number of seconds in which the verification code will become + // invalid. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // Indicates the number of seconds the client must wait between attempts when + // polling for a session. + Interval *int64 `locationName:"interval" type:"integer"` + + // A one-time user verification code. This is needed to authorize an in-use + // device. + UserCode *string `locationName:"userCode" type:"string"` + + // The URI of the verification page that takes the userCode to authorize the + // device. + VerificationUri *string `locationName:"verificationUri" type:"string"` + + // An alternate URL that the client can use to automatically launch a browser. + // This process skips the manual step in which the user visits the verification + // page and enters their code. + VerificationUriComplete *string `locationName:"verificationUriComplete" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartDeviceAuthorizationOutput) GoString() string { + return s.String() +} + +// SetDeviceCode sets the DeviceCode field's value. +func (s *StartDeviceAuthorizationOutput) SetDeviceCode(v string) *StartDeviceAuthorizationOutput { + s.DeviceCode = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *StartDeviceAuthorizationOutput) SetExpiresIn(v int64) *StartDeviceAuthorizationOutput { + s.ExpiresIn = &v + return s +} + +// SetInterval sets the Interval field's value. +func (s *StartDeviceAuthorizationOutput) SetInterval(v int64) *StartDeviceAuthorizationOutput { + s.Interval = &v + return s +} + +// SetUserCode sets the UserCode field's value. +func (s *StartDeviceAuthorizationOutput) SetUserCode(v string) *StartDeviceAuthorizationOutput { + s.UserCode = &v + return s +} + +// SetVerificationUri sets the VerificationUri field's value. +func (s *StartDeviceAuthorizationOutput) SetVerificationUri(v string) *StartDeviceAuthorizationOutput { + s.VerificationUri = &v + return s +} + +// SetVerificationUriComplete sets the VerificationUriComplete field's value. +func (s *StartDeviceAuthorizationOutput) SetVerificationUriComplete(v string) *StartDeviceAuthorizationOutput { + s.VerificationUriComplete = &v + return s +} + +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +type UnauthorizedClientException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be unauthorized_client. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnauthorizedClientException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnauthorizedClientException) GoString() string { + return s.String() +} + +func newErrorUnauthorizedClientException(v protocol.ResponseMetadata) error { + return &UnauthorizedClientException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *UnauthorizedClientException) Code() string { + return "UnauthorizedClientException" +} + +// Message returns the exception's message. +func (s *UnauthorizedClientException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnauthorizedClientException) OrigErr() error { + return nil +} + +func (s *UnauthorizedClientException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnauthorizedClientException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnauthorizedClientException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the grant type in the request is not supported by the service. +type UnsupportedGrantTypeException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Single error code. For this exception the value will be unsupported_grant_type. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedGrantTypeException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnsupportedGrantTypeException) GoString() string { + return s.String() +} + +func newErrorUnsupportedGrantTypeException(v protocol.ResponseMetadata) error { + return &UnsupportedGrantTypeException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *UnsupportedGrantTypeException) Code() string { + return "UnsupportedGrantTypeException" +} + +// Message returns the exception's message. +func (s *UnsupportedGrantTypeException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnsupportedGrantTypeException) OrigErr() error { + return nil +} + +func (s *UnsupportedGrantTypeException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnsupportedGrantTypeException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnsupportedGrantTypeException) RequestID() string { + return s.RespMetadata.RequestID +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go new file mode 100644 index 000000000..083568c61 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go @@ -0,0 +1,67 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package ssooidc provides the client and types for making API +// requests to AWS SSO OIDC. +// +// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a +// client (such as CLI or a native application) to register with IAM Identity +// Center. The service also enables the client to fetch the user’s access +// token upon successful authentication and authorization with IAM Identity +// Center. +// +// IAM Identity Center uses the sso and identitystore API namespaces. +// +// # Considerations for Using This Guide +// +// Before you begin using this guide, we recommend that you first review the +// following important information about how the IAM Identity Center OIDC service +// works. +// +// - The IAM Identity Center OIDC service currently implements only the portions +// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628 +// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single +// sign-on authentication with the CLI. +// +// - With older versions of the CLI, the service only emits OIDC access tokens, +// so to obtain a new token, users must explicitly re-authenticate. To access +// the OIDC flow that supports token refresh and doesn’t require re-authentication, +// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI +// V2) with support for OIDC token refresh and configurable IAM Identity +// Center session durations. For more information, see Configure Amazon Web +// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html). +// +// - The access tokens provided by this service grant access to all Amazon +// Web Services account entitlements assigned to an IAM Identity Center user, +// not just a particular application. +// +// - The documentation in this guide does not describe the mechanism to convert +// the access token into Amazon Web Services Auth (“sigv4”) credentials +// for use with IAM-protected Amazon Web Services service endpoints. For +// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) +// in the IAM Identity Center Portal API Reference Guide. +// +// For general information about IAM Identity Center, see What is IAM Identity +// Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) +// in the IAM Identity Center User Guide. +// +// See https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10 for more information on this service. +// +// See ssooidc package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/ +// +// # Using the Client +// +// To contact AWS SSO OIDC with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the AWS SSO OIDC client SSOOIDC for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/#New +package ssooidc diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go new file mode 100644 index 000000000..cadf4584d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go @@ -0,0 +1,123 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package ssooidc + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeAccessDeniedException for service response error code + // "AccessDeniedException". + // + // You do not have sufficient access to perform this action. + ErrCodeAccessDeniedException = "AccessDeniedException" + + // ErrCodeAuthorizationPendingException for service response error code + // "AuthorizationPendingException". + // + // Indicates that a request to authorize a client with an access user session + // token is pending. + ErrCodeAuthorizationPendingException = "AuthorizationPendingException" + + // ErrCodeExpiredTokenException for service response error code + // "ExpiredTokenException". + // + // Indicates that the token issued by the service is expired and is no longer + // valid. + ErrCodeExpiredTokenException = "ExpiredTokenException" + + // ErrCodeInternalServerException for service response error code + // "InternalServerException". + // + // Indicates that an error from the service occurred while trying to process + // a request. + ErrCodeInternalServerException = "InternalServerException" + + // ErrCodeInvalidClientException for service response error code + // "InvalidClientException". + // + // Indicates that the clientId or clientSecret in the request is invalid. For + // example, this can occur when a client sends an incorrect clientId or an expired + // clientSecret. + ErrCodeInvalidClientException = "InvalidClientException" + + // ErrCodeInvalidClientMetadataException for service response error code + // "InvalidClientMetadataException". + // + // Indicates that the client information sent in the request during registration + // is invalid. + ErrCodeInvalidClientMetadataException = "InvalidClientMetadataException" + + // ErrCodeInvalidGrantException for service response error code + // "InvalidGrantException". + // + // Indicates that a request contains an invalid grant. This can occur if a client + // makes a CreateToken request with an invalid grant type. + ErrCodeInvalidGrantException = "InvalidGrantException" + + // ErrCodeInvalidRedirectUriException for service response error code + // "InvalidRedirectUriException". + // + // Indicates that one or more redirect URI in the request is not supported for + // this operation. + ErrCodeInvalidRedirectUriException = "InvalidRedirectUriException" + + // ErrCodeInvalidRequestException for service response error code + // "InvalidRequestException". + // + // Indicates that something is wrong with the input to the request. For example, + // a required parameter might be missing or out of range. + ErrCodeInvalidRequestException = "InvalidRequestException" + + // ErrCodeInvalidRequestRegionException for service response error code + // "InvalidRequestRegionException". + // + // Indicates that a token provided as input to the request was issued by and + // is only usable by calling IAM Identity Center endpoints in another region. + ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException" + + // ErrCodeInvalidScopeException for service response error code + // "InvalidScopeException". + // + // Indicates that the scope provided in the request is invalid. + ErrCodeInvalidScopeException = "InvalidScopeException" + + // ErrCodeSlowDownException for service response error code + // "SlowDownException". + // + // Indicates that the client is making the request too frequently and is more + // than the service can handle. + ErrCodeSlowDownException = "SlowDownException" + + // ErrCodeUnauthorizedClientException for service response error code + // "UnauthorizedClientException". + // + // Indicates that the client is not currently authorized to make the request. + // This can happen when a clientId is not issued for a public client. + ErrCodeUnauthorizedClientException = "UnauthorizedClientException" + + // ErrCodeUnsupportedGrantTypeException for service response error code + // "UnsupportedGrantTypeException". + // + // Indicates that the grant type in the request is not supported by the service. + ErrCodeUnsupportedGrantTypeException = "UnsupportedGrantTypeException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "AccessDeniedException": newErrorAccessDeniedException, + "AuthorizationPendingException": newErrorAuthorizationPendingException, + "ExpiredTokenException": newErrorExpiredTokenException, + "InternalServerException": newErrorInternalServerException, + "InvalidClientException": newErrorInvalidClientException, + "InvalidClientMetadataException": newErrorInvalidClientMetadataException, + "InvalidGrantException": newErrorInvalidGrantException, + "InvalidRedirectUriException": newErrorInvalidRedirectUriException, + "InvalidRequestException": newErrorInvalidRequestException, + "InvalidRequestRegionException": newErrorInvalidRequestRegionException, + "InvalidScopeException": newErrorInvalidScopeException, + "SlowDownException": newErrorSlowDownException, + "UnauthorizedClientException": newErrorUnauthorizedClientException, + "UnsupportedGrantTypeException": newErrorUnsupportedGrantTypeException, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go new file mode 100644 index 000000000..782bae369 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go @@ -0,0 +1,106 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package ssooidc + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +// SSOOIDC provides the API operation methods for making requests to +// AWS SSO OIDC. See this package's package overview docs +// for details on the service. +// +// SSOOIDC methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type SSOOIDC struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "SSO OIDC" // Name of service. + EndpointsID = "oidc" // ID to lookup a service endpoint with. + ServiceID = "SSO OIDC" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the SSOOIDC client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// +// mySession := session.Must(session.NewSession()) +// +// // Create a SSOOIDC client from just a session. +// svc := ssooidc.New(mySession) +// +// // Create a SSOOIDC client with additional configuration +// svc := ssooidc.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "sso-oauth" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSOOIDC { + svc := &SSOOIDC{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2019-06-10", + ResolvedRegion: resolvedRegion, + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(restjson.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a SSOOIDC operation and runs any +// custom request initialization. +func (c *SSOOIDC) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index bfc4372f9..2c395f5f6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -28,14 +28,13 @@ const opAssumeRole = "AssumeRole" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AssumeRoleRequest method. +// req, resp := client.AssumeRoleRequest(params) // -// // Example sending a request using the AssumeRoleRequest method. -// req, resp := client.AssumeRoleRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, output *AssumeRoleOutput) { @@ -57,85 +56,65 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // AssumeRole API operation for AWS Security Token Service. // // Returns a set of temporary security credentials that you can use to access -// AWS resources that you might not normally have access to. These temporary -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use AssumeRole within your account or for cross-account -// access. For a comparison of AssumeRole with other API operations that produce -// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) -// in the IAM User Guide. -// -// You cannot use AWS account root user credentials to call AssumeRole. You -// must use credentials for an IAM user or an IAM role to call AssumeRole. -// -// For cross-account access, imagine that you own multiple accounts and need -// to access resources in each account. You could create long-term credentials -// in each account to access those resources. However, managing all those credentials -// and remembering which one can access which account can be time consuming. -// Instead, you can create one set of long-term credentials in one account. -// Then use temporary security credentials to access all the other accounts -// by assuming roles in those accounts. For more information about roles, see -// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) -// in the IAM User Guide. -// -// Session Duration -// -// By default, the temporary security credentials created by AssumeRole last -// for one hour. However, you can use the optional DurationSeconds parameter -// to specify the duration of your session. You can provide a value from 900 -// seconds (15 minutes) up to the maximum session duration setting for the role. -// This setting can have a value from 1 hour to 12 hours. To learn how to view -// the maximum value for your role, see View the Maximum Session Duration Setting -// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) -// in the IAM User Guide. The maximum session duration limit applies when you -// use the AssumeRole* API operations or the assume-role* CLI commands. However -// the limit does not apply when you use those operations to create a console -// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) +// Amazon Web Services resources. These temporary credentials consist of an +// access key ID, a secret access key, and a security token. Typically, you +// use AssumeRole within your account or for cross-account access. For a comparison +// of AssumeRole with other API operations that produce temporary credentials, +// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // -// Permissions +// # Permissions // // The temporary security credentials created by AssumeRole can be used to make -// API calls to any AWS service with the following exception: You cannot call -// the AWS STS GetFederationToken or GetSessionToken API operations. +// API calls to any Amazon Web Services service with the following exception: +// You cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken +// API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an -// inline session policy. You can also specify up to 10 managed policies to -// use as managed session policies. The plain text that you use for both inline -// and managed session policies can't exceed 2,048 characters. Passing policies -// to this operation returns new temporary credentials. The resulting session's -// permissions are the intersection of the role's identity-based policy and -// the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// inline session policy. You can also specify up to 10 managed policy Amazon +// Resource Names (ARNs) to use as managed session policies. The plaintext that +// you use for both inline and managed session policies can't exceed 2,048 characters. +// Passing policies to this operation returns new temporary credentials. The +// resulting session's permissions are the intersection of the role's identity-based +// policy and the session policies. You can use the role's temporary credentials +// in subsequent Amazon Web Services API calls to access resources in the account +// that owns the role. You cannot use session policies to grant more permissions +// than those allowed by the identity-based policy of the role that is being +// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// To assume a role from a different account, your AWS account must be trusted -// by the role. The trust relationship is defined in the role's trust policy -// when the role is created. That trust policy states which accounts are allowed -// to delegate that access to users in the account. +// When you create a role, you create two policies: a role trust policy that +// specifies who can assume the role, and a permissions policy that specifies +// what can be done with the role. You specify the trusted principal that is +// allowed to assume the role in the role trust policy. +// +// To assume a role from a different account, your Amazon Web Services account +// must be trusted by the role. The trust relationship is defined in the role's +// trust policy when the role is created. That trust policy states which accounts +// are allowed to delegate that access to users in the account. // // A user who wants to access a role in a different account must also have permissions -// that are delegated from the user account administrator. The administrator -// must attach a policy that allows the user to call AssumeRole for the ARN -// of the role in the other account. If the user is in the same account as the -// role, then you can do either of the following: +// that are delegated from the account administrator. The administrator must +// attach a policy that allows the user to call AssumeRole for the ARN of the +// role in the other account. +// +// To allow a user to assume a role in the same account, you can do either of +// the following: // -// * Attach a policy to the user (identical to the previous user in a different -// account). +// - Attach a policy to the user that allows the user to call AssumeRole +// (as long as the role's trust policy trusts the account). // -// * Add the user as a principal directly in the role's trust policy. +// - Add the user as a principal directly in the role's trust policy. // -// In this case, the trust policy acts as an IAM resource-based policy. Users -// in the same account as the role do not need explicit permission to assume -// the role. For more information about trust policies and resource-based policies, -// see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) +// You can do either because the role’s trust policy acts as an IAM resource-based +// policy. When a resource-based policy grants access to a principal in the +// same account, no additional identity-based policy is required. For more information +// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) // in the IAM User Guide. // -// Tags +// # Tags // // (Optional) You can pass tag key-value pairs to your session. These tags are // called session tags. For more information about session tags, see Passing @@ -153,16 +132,16 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) // in the IAM User Guide. // -// Using MFA with AssumeRole +// # Using MFA with AssumeRole // // (Optional) You can include multi-factor authentication (MFA) information // when you call AssumeRole. This is useful for cross-account scenarios to ensure -// that the user that assumes the role has been authenticated with an AWS MFA -// device. In that scenario, the trust policy of the role being assumed includes -// a condition that tests for MFA authentication. If the caller does not include -// valid MFA information, the request to assume the role is denied. The condition -// in a trust policy that tests for MFA authentication might look like the following -// example. +// that the user that assumes the role has been authenticated with an Amazon +// Web Services MFA device. In that scenario, the trust policy of the role being +// assumed includes a condition that tests for MFA authentication. If the caller +// does not include valid MFA information, the request to assume the role is +// denied. The condition in a trust policy that tests for MFA authentication +// might look like the following example. // // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} // @@ -182,34 +161,36 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // API operation AssumeRole for usage and error information. // // Returned Error Codes: -// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" -// The request was rejected because the policy document was malformed. The error -// message describes the specific error. -// -// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) -// in the IAM User Guide. -// -// You could receive this error even though you meet other defined session policy -// and session tag limits. For more information, see IAM and STS Entity Character -// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. -// -// * ErrCodeRegionDisabledException "RegionDisabledException" -// STS is not activated in the requested region for the account that is being -// asked to generate credentials. The account administrator must use the IAM -// console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. -// -// * ErrCodeExpiredTokenException "ExpiredTokenException" -// The web identity token that was passed is expired or is not valid. Get a -// new identity token from the identity provider and then retry the request. +// +// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" +// The request was rejected because the policy document was malformed. The error +// message describes the specific error. +// +// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length) +// in the IAM User Guide. +// +// - ErrCodeRegionDisabledException "RegionDisabledException" +// STS is not activated in the requested region for the account that is being +// asked to generate credentials. The account administrator must use the IAM +// console to activate STS in that region. For more information, see Activating +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. +// +// - ErrCodeExpiredTokenException "ExpiredTokenException" +// The web identity token that was passed is expired or is not valid. Get a +// new identity token from the identity provider and then retry the request. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) { @@ -249,14 +230,13 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AssumeRoleWithSAMLRequest method. +// req, resp := client.AssumeRoleWithSAMLRequest(params) // -// // Example sending a request using the AssumeRoleWithSAMLRequest method. -// req, resp := client.AssumeRoleWithSAMLRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *request.Request, output *AssumeRoleWithSAMLOutput) { @@ -280,18 +260,19 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // Returns a set of temporary security credentials for users who have been authenticated // via a SAML authentication response. This operation provides a mechanism for -// tying an enterprise identity store or directory to role-based AWS access -// without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML -// with the other API operations that produce temporary credentials, see Requesting -// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// tying an enterprise identity store or directory to role-based Amazon Web +// Services access without user-specific credentials or configuration. For a +// comparison of AssumeRoleWithSAML with the other API operations that produce +// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this operation consist of // an access key ID, a secret access key, and a security token. Applications -// can use these temporary security credentials to sign calls to AWS services. +// can use these temporary security credentials to sign calls to Amazon Web +// Services services. // -// Session Duration +// # Session Duration // // By default, the temporary security credentials created by AssumeRoleWithSAML // last for one hour. However, you can use the optional DurationSeconds parameter @@ -308,37 +289,47 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // -// Permissions +// Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) +// limits your CLI or Amazon Web Services API role session to a maximum of one +// hour. When you use the AssumeRole API operation to assume a role, you can +// specify the duration of your role session with the DurationSeconds parameter. +// You can specify a parameter value of up to 43200 seconds (12 hours), depending +// on the maximum session duration setting for your role. However, if you assume +// a role using role chaining and provide a DurationSeconds parameter value +// greater than one hour, the operation fails. +// +// # Permissions // // The temporary security credentials created by AssumeRoleWithSAML can be used -// to make API calls to any AWS service with the following exception: you cannot -// call the STS GetFederationToken or GetSessionToken API operations. +// to make API calls to any Amazon Web Services service with the following exception: +// you cannot call the STS GetFederationToken or GetSessionToken API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an -// inline session policy. You can also specify up to 10 managed policies to -// use as managed session policies. The plain text that you use for both inline -// and managed session policies can't exceed 2,048 characters. Passing policies -// to this operation returns new temporary credentials. The resulting session's -// permissions are the intersection of the role's identity-based policy and -// the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// inline session policy. You can also specify up to 10 managed policy Amazon +// Resource Names (ARNs) to use as managed session policies. The plaintext that +// you use for both inline and managed session policies can't exceed 2,048 characters. +// Passing policies to this operation returns new temporary credentials. The +// resulting session's permissions are the intersection of the role's identity-based +// policy and the session policies. You can use the role's temporary credentials +// in subsequent Amazon Web Services API calls to access resources in the account +// that owns the role. You cannot use session policies to grant more permissions +// than those allowed by the identity-based policy of the role that is being +// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// Calling AssumeRoleWithSAML does not require the use of AWS security credentials. -// The identity of the caller is validated by using keys in the metadata document -// that is uploaded for the SAML provider entity for your identity provider. +// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services +// security credentials. The identity of the caller is validated by using keys +// in the metadata document that is uploaded for the SAML provider entity for +// your identity provider. // -// Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail -// logs. The entry includes the value in the NameID element of the SAML assertion. +// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. +// The entry includes the value in the NameID element of the SAML assertion. // We recommend that you use a NameIDType that is not associated with any personally // identifiable information (PII). For example, you could instead use the persistent // identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). // -// Tags +// # Tags // // (Optional) You can configure your IdP to pass attributes into your SAML assertion // as session tags. Each session tag consists of a key name and an associated @@ -346,16 +337,17 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // -// You can pass up to 50 session tags. The plain text session tag keys can’t +// You can pass up to 50 session tags. The plaintext session tag keys can’t // exceed 128 characters and the values can’t exceed 256 characters. For these // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plain text meets the other requirements. The -// PackedPolicySize response element indicates by percentage how close the policies -// and tags for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed inline session policy, +// managed policy ARNs, and session tags into a packed binary format that has +// a separate limit. Your request can fail for this limit even if your plaintext +// meets the other requirements. The PackedPolicySize response element indicates +// by percentage how close the policies and tags for your request are to the +// upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, session tags override the role's tags with the same @@ -372,27 +364,28 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) // in the IAM User Guide. // -// SAML Configuration +// # SAML Configuration // // Before your application can call AssumeRoleWithSAML, you must configure your -// SAML identity provider (IdP) to issue the claims required by AWS. Additionally, -// you must use AWS Identity and Access Management (IAM) to create a SAML provider -// entity in your AWS account that represents your identity provider. You must -// also create an IAM role that specifies this SAML provider in its trust policy. +// SAML identity provider (IdP) to issue the claims required by Amazon Web Services. +// Additionally, you must use Identity and Access Management (IAM) to create +// a SAML provider entity in your Amazon Web Services account that represents +// your identity provider. You must also create an IAM role that specifies this +// SAML provider in its trust policy. // // For more information, see the following resources: // -// * About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) -// in the IAM User Guide. +// - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) +// in the IAM User Guide. // -// * Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) -// in the IAM User Guide. +// - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) +// in the IAM User Guide. // -// * Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) -// in the IAM User Guide. +// - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) +// in the IAM User Guide. // -// * Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) -// in the IAM User Guide. +// - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -402,45 +395,48 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // API operation AssumeRoleWithSAML for usage and error information. // // Returned Error Codes: -// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" -// The request was rejected because the policy document was malformed. The error -// message describes the specific error. -// -// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) -// in the IAM User Guide. -// -// You could receive this error even though you meet other defined session policy -// and session tag limits. For more information, see IAM and STS Entity Character -// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. -// -// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim" -// The identity provider (IdP) reported that authentication failed. This might -// be because the claim is invalid. -// -// If this error is returned for the AssumeRoleWithWebIdentity operation, it -// can also mean that the claim has expired or has been explicitly revoked. -// -// * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. -// -// * ErrCodeExpiredTokenException "ExpiredTokenException" -// The web identity token that was passed is expired or is not valid. Get a -// new identity token from the identity provider and then retry the request. -// -// * ErrCodeRegionDisabledException "RegionDisabledException" -// STS is not activated in the requested region for the account that is being -// asked to generate credentials. The account administrator must use the IAM -// console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. +// +// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" +// The request was rejected because the policy document was malformed. The error +// message describes the specific error. +// +// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length) +// in the IAM User Guide. +// +// - ErrCodeIDPRejectedClaimException "IDPRejectedClaim" +// The identity provider (IdP) reported that authentication failed. This might +// be because the claim is invalid. +// +// If this error is returned for the AssumeRoleWithWebIdentity operation, it +// can also mean that the claim has expired or has been explicitly revoked. +// +// - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. +// +// - ErrCodeExpiredTokenException "ExpiredTokenException" +// The web identity token that was passed is expired or is not valid. Get a +// new identity token from the identity provider and then retry the request. +// +// - ErrCodeRegionDisabledException "RegionDisabledException" +// STS is not activated in the requested region for the account that is being +// asked to generate credentials. The account administrator must use the IAM +// console to activate STS in that region. For more information, see Activating +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML func (c *STS) AssumeRoleWithSAML(input *AssumeRoleWithSAMLInput) (*AssumeRoleWithSAMLOutput, error) { @@ -480,14 +476,13 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the AssumeRoleWithWebIdentityRequest method. +// req, resp := client.AssumeRoleWithWebIdentityRequest(params) // -// // Example sending a request using the AssumeRoleWithWebIdentityRequest method. -// req, resp := client.AssumeRoleWithWebIdentityRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityInput) (req *request.Request, output *AssumeRoleWithWebIdentityOutput) { @@ -511,36 +506,38 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // // Returns a set of temporary security credentials for users who have been authenticated // in a mobile or web application with a web identity provider. Example providers -// include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID -// Connect-compatible identity provider. +// include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID +// Connect-compatible identity provider such as Google or Amazon Cognito federated +// identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html). // // For mobile applications, we recommend that you use Amazon Cognito. You can -// use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) -// and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) -// to uniquely identify a user. You can also supply the user with a consistent -// identity throughout the lifetime of an application. -// -// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) -// in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) -// in the AWS SDK for iOS Developer Guide. -// -// Calling AssumeRoleWithWebIdentity does not require the use of AWS security -// credentials. Therefore, you can distribute an application (for example, on -// mobile devices) that requests temporary security credentials without including -// long-term AWS credentials in the application. You also don't need to deploy -// server-based proxy services that use long-term AWS credentials. Instead, -// the identity of the caller is validated by using a token from the web identity -// provider. For a comparison of AssumeRoleWithWebIdentity with the other API -// operations that produce temporary credentials, see Requesting Temporary Security -// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide +// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android +// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify +// a user. You can also supply the user with a consistent identity throughout +// the lifetime of an application. +// +// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html) +// in Amazon Cognito Developer Guide. +// +// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web +// Services security credentials. Therefore, you can distribute an application +// (for example, on mobile devices) that requests temporary security credentials +// without including long-term Amazon Web Services credentials in the application. +// You also don't need to deploy server-based proxy services that use long-term +// Amazon Web Services credentials. Instead, the identity of the caller is validated +// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this API consist of an access // key ID, a secret access key, and a security token. Applications can use these -// temporary security credentials to sign calls to AWS service API operations. +// temporary security credentials to sign calls to Amazon Web Services service +// API operations. // -// Session Duration +// # Session Duration // // By default, the temporary security credentials created by AssumeRoleWithWebIdentity // last for one hour. However, you can use the optional DurationSeconds parameter @@ -555,27 +552,28 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // -// Permissions +// # Permissions // // The temporary security credentials created by AssumeRoleWithWebIdentity can -// be used to make API calls to any AWS service with the following exception: -// you cannot call the STS GetFederationToken or GetSessionToken API operations. +// be used to make API calls to any Amazon Web Services service with the following +// exception: you cannot call the STS GetFederationToken or GetSessionToken +// API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an -// inline session policy. You can also specify up to 10 managed policies to -// use as managed session policies. The plain text that you use for both inline -// and managed session policies can't exceed 2,048 characters. Passing policies -// to this operation returns new temporary credentials. The resulting session's -// permissions are the intersection of the role's identity-based policy and -// the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// inline session policy. You can also specify up to 10 managed policy Amazon +// Resource Names (ARNs) to use as managed session policies. The plaintext that +// you use for both inline and managed session policies can't exceed 2,048 characters. +// Passing policies to this operation returns new temporary credentials. The +// resulting session's permissions are the intersection of the role's identity-based +// policy and the session policies. You can use the role's temporary credentials +// in subsequent Amazon Web Services API calls to access resources in the account +// that owns the role. You cannot use session policies to grant more permissions +// than those allowed by the identity-based policy of the role that is being +// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// Tags +// # Tags // // (Optional) You can configure your IdP to pass attributes into your web identity // token as session tags. Each session tag consists of a key name and an associated @@ -583,16 +581,17 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // -// You can pass up to 50 session tags. The plain text session tag keys can’t +// You can pass up to 50 session tags. The plaintext session tag keys can’t // exceed 128 characters and the values can’t exceed 256 characters. For these // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plain text meets the other requirements. The -// PackedPolicySize response element indicates by percentage how close the policies -// and tags for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed inline session policy, +// managed policy ARNs, and session tags into a packed binary format that has +// a separate limit. Your request can fail for this limit even if your plaintext +// meets the other requirements. The PackedPolicySize response element indicates +// by percentage how close the policies and tags for your request are to the +// upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, the session tag overrides the role tag with the same @@ -609,7 +608,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) // in the IAM User Guide. // -// Identities +// # Identities // // Before your application can call AssumeRoleWithWebIdentity, you must have // an identity token from a supported identity provider and create a role that @@ -617,9 +616,9 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // the identity provider that is associated with the identity token. In other // words, the identity provider must be specified in the role's trust policy. // -// Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail +// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail // logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims) -// of the provided Web Identity Token. We recommend that you avoid using any +// of the provided web identity token. We recommend that you avoid using any // personally identifiable information (PII) in this field. For example, you // could instead use a GUID or a pairwise identifier, as suggested in the OIDC // specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes). @@ -627,24 +626,24 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // For more information about how to use web identity federation and the AssumeRoleWithWebIdentity // API, see the following resources: // -// * Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) -// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). +// - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) +// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). // -// * Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/). -// Walk through the process of authenticating through Login with Amazon, -// Facebook, or Google, getting temporary security credentials, and then -// using those credentials to make a request to AWS. +// - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/). +// Walk through the process of authenticating through Login with Amazon, +// Facebook, or Google, getting temporary security credentials, and then +// using those credentials to make a request to Amazon Web Services. // -// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and -// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). -// These toolkits contain sample apps that show how to invoke the identity -// providers. The toolkits then show how to use the information from these -// providers to get and use temporary security credentials. +// - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) +// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). +// These toolkits contain sample apps that show how to invoke the identity +// providers. The toolkits then show how to use the information from these +// providers to get and use temporary security credentials. // -// * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications). -// This article discusses web identity federation and shows an example of -// how to use web identity federation to get access to content in Amazon -// S3. +// - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications). +// This article discusses web identity federation and shows an example of +// how to use web identity federation to get access to content in Amazon +// S3. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -654,52 +653,55 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // API operation AssumeRoleWithWebIdentity for usage and error information. // // Returned Error Codes: -// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" -// The request was rejected because the policy document was malformed. The error -// message describes the specific error. -// -// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) -// in the IAM User Guide. -// -// You could receive this error even though you meet other defined session policy -// and session tag limits. For more information, see IAM and STS Entity Character -// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. -// -// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim" -// The identity provider (IdP) reported that authentication failed. This might -// be because the claim is invalid. -// -// If this error is returned for the AssumeRoleWithWebIdentity operation, it -// can also mean that the claim has expired or has been explicitly revoked. -// -// * ErrCodeIDPCommunicationErrorException "IDPCommunicationError" -// The request could not be fulfilled because the identity provider (IDP) that -// was asked to verify the incoming identity token could not be reached. This -// is often a transient error caused by network conditions. Retry the request -// a limited number of times so that you don't exceed the request rate. If the -// error persists, the identity provider might be down or not responding. -// -// * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. -// -// * ErrCodeExpiredTokenException "ExpiredTokenException" -// The web identity token that was passed is expired or is not valid. Get a -// new identity token from the identity provider and then retry the request. -// -// * ErrCodeRegionDisabledException "RegionDisabledException" -// STS is not activated in the requested region for the account that is being -// asked to generate credentials. The account administrator must use the IAM -// console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. +// +// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" +// The request was rejected because the policy document was malformed. The error +// message describes the specific error. +// +// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length) +// in the IAM User Guide. +// +// - ErrCodeIDPRejectedClaimException "IDPRejectedClaim" +// The identity provider (IdP) reported that authentication failed. This might +// be because the claim is invalid. +// +// If this error is returned for the AssumeRoleWithWebIdentity operation, it +// can also mean that the claim has expired or has been explicitly revoked. +// +// - ErrCodeIDPCommunicationErrorException "IDPCommunicationError" +// The request could not be fulfilled because the identity provider (IDP) that +// was asked to verify the incoming identity token could not be reached. This +// is often a transient error caused by network conditions. Retry the request +// a limited number of times so that you don't exceed the request rate. If the +// error persists, the identity provider might be down or not responding. +// +// - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. +// +// - ErrCodeExpiredTokenException "ExpiredTokenException" +// The web identity token that was passed is expired or is not valid. Get a +// new identity token from the identity provider and then retry the request. +// +// - ErrCodeRegionDisabledException "RegionDisabledException" +// STS is not activated in the requested region for the account that is being +// asked to generate credentials. The account administrator must use the IAM +// console to activate STS in that region. For more information, see Activating +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity func (c *STS) AssumeRoleWithWebIdentity(input *AssumeRoleWithWebIdentityInput) (*AssumeRoleWithWebIdentityOutput, error) { @@ -739,14 +741,13 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the DecodeAuthorizationMessageRequest method. +// req, resp := client.DecodeAuthorizationMessageRequest(params) // -// // Example sending a request using the DecodeAuthorizationMessageRequest method. -// req, resp := client.DecodeAuthorizationMessageRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessageInput) (req *request.Request, output *DecodeAuthorizationMessageOutput) { @@ -768,37 +769,40 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // DecodeAuthorizationMessage API operation for AWS Security Token Service. // // Decodes additional information about the authorization status of a request -// from an encoded message returned in response to an AWS request. +// from an encoded message returned in response to an Amazon Web Services request. // // For example, if a user is not authorized to perform an operation that he // or she has requested, the request returns a Client.UnauthorizedOperation -// response (an HTTP 403 response). Some AWS operations additionally return -// an encoded message that can provide details about this authorization failure. +// response (an HTTP 403 response). Some Amazon Web Services operations additionally +// return an encoded message that can provide details about this authorization +// failure. // -// Only certain AWS operations return an encoded authorization message. The -// documentation for an individual operation indicates whether that operation -// returns an encoded message in addition to returning an HTTP code. +// Only certain Amazon Web Services operations return an encoded authorization +// message. The documentation for an individual operation indicates whether +// that operation returns an encoded message in addition to returning an HTTP +// code. // // The message is encoded because the details of the authorization status can -// constitute privileged information that the user who requested the operation +// contain privileged information that the user who requested the operation // should not see. To decode an authorization status message, a user must be -// granted permissions via an IAM policy to request the DecodeAuthorizationMessage -// (sts:DecodeAuthorizationMessage) action. +// granted permissions through an IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) +// to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) +// action. // // The decoded message includes the following type of information: // -// * Whether the request was denied due to an explicit deny or due to the -// absence of an explicit allow. For more information, see Determining Whether -// a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) -// in the IAM User Guide. +// - Whether the request was denied due to an explicit deny or due to the +// absence of an explicit allow. For more information, see Determining Whether +// a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) +// in the IAM User Guide. // -// * The principal who made the request. +// - The principal who made the request. // -// * The requested action. +// - The requested action. // -// * The requested resource. +// - The requested resource. // -// * The values of condition keys in the context of the user's request. +// - The values of condition keys in the context of the user's request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -808,10 +812,10 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // API operation DecodeAuthorizationMessage for usage and error information. // // Returned Error Codes: -// * ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException" -// The error returned if the message passed to DecodeAuthorizationMessage was -// invalid. This can happen if the token contains invalid characters, such as -// linebreaks. +// - ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException" +// The error returned if the message passed to DecodeAuthorizationMessage was +// invalid. This can happen if the token contains invalid characters, such as +// linebreaks. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) { @@ -851,14 +855,13 @@ const opGetAccessKeyInfo = "GetAccessKeyInfo" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetAccessKeyInfoRequest method. +// req, resp := client.GetAccessKeyInfoRequest(params) // -// // Example sending a request using the GetAccessKeyInfoRequest method. -// req, resp := client.GetAccessKeyInfoRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) { @@ -888,12 +891,12 @@ func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *reques // in the IAM User Guide. // // When you pass an access key ID to this operation, it returns the ID of the -// AWS account to which the keys belong. Access key IDs beginning with AKIA -// are long-term credentials for an IAM user or the AWS account root user. Access -// key IDs beginning with ASIA are temporary credentials that are created using -// STS operations. If the account in the response belongs to you, you can sign -// in as the root user and review your root user access keys. Then, you can -// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) +// Amazon Web Services account to which the keys belong. Access key IDs beginning +// with AKIA are long-term credentials for an IAM user or the Amazon Web Services +// account root user. Access key IDs beginning with ASIA are temporary credentials +// that are created using STS operations. If the account in the response belongs +// to you, you can sign in as the root user and review your root user access +// keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) // to learn which IAM user owns the keys. To learn who requested the temporary // credentials for an ASIA access key, view the STS events in your CloudTrail // logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) @@ -948,14 +951,13 @@ const opGetCallerIdentity = "GetCallerIdentity" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetCallerIdentityRequest method. +// req, resp := client.GetCallerIdentityRequest(params) // -// // Example sending a request using the GetCallerIdentityRequest method. -// req, resp := client.GetCallerIdentityRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *request.Request, output *GetCallerIdentityOutput) { @@ -980,11 +982,11 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ // call the operation. // // No permissions are required to perform this operation. If an administrator -// adds a policy to your IAM user or role that explicitly denies access to the -// sts:GetCallerIdentity action, you can still perform this operation. Permissions -// are not required because the same information is returned when an IAM user -// or role is denied access. To view an example response, see I Am Not Authorized -// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) +// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity +// action, you can still perform this operation. Permissions are not required +// because the same information is returned when access is denied. To view an +// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1031,14 +1033,13 @@ const opGetFederationToken = "GetFederationToken" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetFederationTokenRequest method. +// req, resp := client.GetFederationTokenRequest(params) // -// // Example sending a request using the GetFederationTokenRequest method. -// req, resp := client.GetFederationTokenRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *request.Request, output *GetFederationTokenOutput) { @@ -1060,16 +1061,24 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // GetFederationToken API operation for AWS Security Token Service. // // Returns a set of temporary security credentials (consisting of an access -// key ID, a secret access key, and a security token) for a federated user. -// A typical use is in a proxy application that gets temporary security credentials -// on behalf of distributed applications inside a corporate network. You must -// call the GetFederationToken operation using the long-term security credentials -// of an IAM user. As a result, this call is appropriate in contexts where those -// credentials can be safely stored, usually in a server-based application. +// key ID, a secret access key, and a security token) for a user. A typical +// use is in a proxy application that gets temporary security credentials on +// behalf of distributed applications inside a corporate network. +// +// You must call the GetFederationToken operation using the long-term security +// credentials of an IAM user. As a result, this call is appropriate in contexts +// where those credentials can be safeguarded, usually in a server-based application. // For a comparison of GetFederationToken with the other API operations that // produce temporary credentials, see Requesting Temporary Security Credentials // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// in the IAM User Guide. +// +// Although it is possible to call GetFederationToken using the security credentials +// of an Amazon Web Services account root user rather than an IAM user that +// you create for the purpose of a proxy application, we do not recommend it. +// For more information, see Safeguard your root user credentials and don't +// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) // in the IAM User Guide. // // You can create a mobile-based or browser-based app that can authenticate @@ -1080,36 +1089,31 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) // in the IAM User Guide. // -// You can also call GetFederationToken using the security credentials of an -// AWS account root user, but we do not recommend it. Instead, we recommend -// that you create an IAM user for the purpose of the proxy application. Then -// attach a policy to the IAM user that limits federated users to only the actions -// and resources that they need to access. For more information, see IAM Best -// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) -// in the IAM User Guide. -// -// Session duration +// # Session duration // // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default -// session duration is 43,200 seconds (12 hours). Temporary credentials that -// are obtained by using AWS account root user credentials have a maximum duration -// of 3,600 seconds (1 hour). +// session duration is 43,200 seconds (12 hours). Temporary credentials obtained +// by using the root user credentials have a maximum duration of 3,600 seconds +// (1 hour). // -// Permissions +// # Permissions // // You can use the temporary credentials created by GetFederationToken in any -// AWS service except the following: +// Amazon Web Services service with the following exceptions: +// +// - You cannot call any IAM operations using the CLI or the Amazon Web Services +// API. This limitation does not apply to console sessions. // -// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// - You cannot call any STS operations except GetCallerIdentity. // -// * You cannot call any STS operations except GetCallerIdentity. +// You can use temporary credentials for single sign-on (SSO) to the console. // // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an -// inline session policy. You can also specify up to 10 managed policies to -// use as managed session policies. The plain text that you use for both inline -// and managed session policies can't exceed 2,048 characters. +// inline session policy. You can also specify up to 10 managed policy Amazon +// Resource Names (ARNs) to use as managed session policies. The plaintext that +// you use for both inline and managed session policies can't exceed 2,048 characters. // // Though the session policy parameters are optional, if you do not pass a policy, // then the resulting federated user session has no permissions. When you pass @@ -1129,13 +1133,21 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // by the policy. These permissions are granted in addition to the permissions // granted by the session policies. // -// Tags +// # Tags // // (Optional) You can pass tag key-value pairs to your session. These are called // session tags. For more information about session tags, see Passing Session // Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // +// You can create a mobile-based or browser-based app that can authenticate +// users using a web identity provider like Login with Amazon, Facebook, Google, +// or an OpenID Connect-compatible identity provider. In this case, we recommend +// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. +// For more information, see Federation Through a Web-based Identity Provider +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) +// in the IAM User Guide. +// // An administrator must grant you the permissions necessary to pass session // tags. The administrator can also create granular permissions to allow you // to pass only specific session tags. For more information, see Tutorial: Using @@ -1157,30 +1169,32 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // API operation GetFederationToken for usage and error information. // // Returned Error Codes: -// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" -// The request was rejected because the policy document was malformed. The error -// message describes the specific error. -// -// * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) -// in the IAM User Guide. -// -// You could receive this error even though you meet other defined session policy -// and session tag limits. For more information, see IAM and STS Entity Character -// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. -// -// * ErrCodeRegionDisabledException "RegionDisabledException" -// STS is not activated in the requested region for the account that is being -// asked to generate credentials. The account administrator must use the IAM -// console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. +// +// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" +// The request was rejected because the policy document was malformed. The error +// message describes the specific error. +// +// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length) +// in the IAM User Guide. +// +// - ErrCodeRegionDisabledException "RegionDisabledException" +// STS is not activated in the requested region for the account that is being +// asked to generate credentials. The account administrator must use the IAM +// console to activate STS in that region. For more information, see Activating +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken func (c *STS) GetFederationToken(input *GetFederationTokenInput) (*GetFederationTokenOutput, error) { @@ -1220,14 +1234,13 @@ const opGetSessionToken = "GetSessionToken" // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // +// // Example sending a request using the GetSessionTokenRequest method. +// req, resp := client.GetSessionTokenRequest(params) // -// // Example sending a request using the GetSessionTokenRequest method. -// req, resp := client.GetSessionTokenRequest(params) -// -// err := req.Send() -// if err == nil { // resp is now filled -// fmt.Println(resp) -// } +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.Request, output *GetSessionTokenOutput) { @@ -1248,54 +1261,62 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // GetSessionToken API operation for AWS Security Token Service. // -// Returns a set of temporary credentials for an AWS account or IAM user. The -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use GetSessionToken if you want to use MFA to protect -// programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. -// MFA-enabled IAM users would need to call GetSessionToken and submit an MFA -// code that is associated with their MFA device. Using the temporary security -// credentials that are returned from the call, IAM users can then make programmatic -// calls to API operations that require MFA authentication. If you do not supply -// a correct MFA code, then the API returns an access denied error. For a comparison -// of GetSessionToken with the other API operations that produce temporary credentials, -// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Returns a set of temporary credentials for an Amazon Web Services account +// or IAM user. The credentials consist of an access key ID, a secret access +// key, and a security token. Typically, you use GetSessionToken if you want +// to use MFA to protect programmatic calls to specific Amazon Web Services +// API operations like Amazon EC2 StopInstances. +// +// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that +// is associated with their MFA device. Using the temporary security credentials +// that the call returns, IAM users can then make programmatic calls to API +// operations that require MFA authentication. An incorrect MFA code causes +// the API to return an access denied error. For a comparison of GetSessionToken +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // -// Session Duration +// No permissions are required for users to perform this operation. The purpose +// of the sts:GetSessionToken operation is to authenticate the user using MFA. +// You cannot use policies to control authentication operations. For more information, +// see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html) +// in the IAM User Guide. +// +// # Session Duration // -// The GetSessionToken operation must be called by using the long-term AWS security -// credentials of the AWS account root user or an IAM user. Credentials that -// are created by IAM users are valid for the duration that you specify. This -// duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 -// seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials -// based on account credentials can range from 900 seconds (15 minutes) up to -// 3,600 seconds (1 hour), with a default of 1 hour. +// The GetSessionToken operation must be called by using the long-term Amazon +// Web Services security credentials of an IAM user. Credentials that are created +// by IAM users are valid for the duration that you specify. This duration can +// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 +// hours), with a default of 43,200 seconds (12 hours). Credentials based on +// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds +// (1 hour), with a default of 1 hour. // -// Permissions +// # Permissions // // The temporary security credentials created by GetSessionToken can be used -// to make API calls to any AWS service with the following exceptions: +// to make API calls to any Amazon Web Services service with the following exceptions: // -// * You cannot call any IAM API operations unless MFA authentication information -// is included in the request. +// - You cannot call any IAM API operations unless MFA authentication information +// is included in the request. // -// * You cannot call any STS API except AssumeRole or GetCallerIdentity. +// - You cannot call any STS API except AssumeRole or GetCallerIdentity. // -// We recommend that you do not call GetSessionToken with AWS account root user -// credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) -// by creating one or more IAM users, giving them the necessary permissions, -// and using IAM users for everyday interaction with AWS. +// The credentials that GetSessionToken returns are based on permissions associated +// with the IAM user whose credentials were used to call the operation. The +// temporary credentials have the same permissions as the IAM user. // -// The credentials that are returned by GetSessionToken are based on permissions -// associated with the user whose credentials were used to call the operation. -// If GetSessionToken is called using AWS account root user credentials, the -// temporary credentials have root user permissions. Similarly, if GetSessionToken -// is called using the credentials of an IAM user, the temporary credentials -// have the same permissions as the IAM user. +// Although it is possible to call GetSessionToken using the security credentials +// of an Amazon Web Services account root user rather than an IAM user, we do +// not recommend it. If GetSessionToken is called using root user credentials, +// the temporary credentials have root user permissions. For more information, +// see Safeguard your root user credentials and don't use them for everyday +// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials) +// in the IAM User Guide // // For more information about using GetSessionToken to create temporary credentials, -// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) +// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1306,12 +1327,13 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // API operation GetSessionToken for usage and error information. // // Returned Error Codes: -// * ErrCodeRegionDisabledException "RegionDisabledException" -// STS is not activated in the requested region for the account that is being -// asked to generate credentials. The account administrator must use the IAM -// console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the IAM User Guide. +// - ErrCodeRegionDisabledException "RegionDisabledException" +// STS is not activated in the requested region for the account that is being +// asked to generate credentials. The account administrator must use the IAM +// console to activate STS in that region. For more information, see Activating +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken func (c *STS) GetSessionToken(input *GetSessionTokenInput) (*GetSessionTokenOutput, error) { @@ -1338,14 +1360,23 @@ func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionToken type AssumeRoleInput struct { _ struct{} `type:"structure"` - // The duration, in seconds, of the role session. The value can range from 900 - // seconds (15 minutes) up to the maximum session duration setting for the role. - // This setting can have a value from 1 hour to 12 hours. If you specify a value - // higher than this setting, the operation fails. For example, if you specify + // The duration, in seconds, of the role session. The value specified can range + // from 900 seconds (15 minutes) up to the maximum session duration set for + // the role. The maximum session duration setting can have a value from 1 hour + // to 12 hours. If you specify a value higher than this setting or the administrator + // setting (whichever is lower), the operation fails. For example, if you specify // a session duration of 12 hours, but your administrator set the maximum session - // duration to 6 hours, your operation fails. To learn how to view the maximum - // value for your role, see View the Maximum Session Duration Setting for a - // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) + // duration to 6 hours, your operation fails. + // + // Role chaining limits your Amazon Web Services CLI or Amazon Web Services + // API role session to a maximum of one hour. When you use the AssumeRole API + // operation to assume a role, you can specify the duration of your role session + // with the DurationSeconds parameter. You can specify a parameter value of + // up to 43200 seconds (12 hours), depending on the maximum session duration + // setting for your role. However, if you assume a role using role chaining + // and provide a DurationSeconds parameter value greater than one hour, the + // operation fails. To learn how to view the maximum value for your role, see + // View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. // // By default, the value is set to 3600 seconds. @@ -1355,7 +1386,7 @@ type AssumeRoleInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1367,8 +1398,8 @@ type AssumeRoleInput struct { // of the trusting account might send an external ID to the administrator of // the trusted account. That way, only someone with the ID can assume the role, // rather than everyone in the account. For more information about the external - // ID, see How to Use an External ID When Granting Access to Your AWS Resources - // to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) + // ID, see How to Use an External ID When Granting Access to Your Amazon Web + // Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting @@ -1381,23 +1412,25 @@ type AssumeRoleInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. - // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. + // + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1405,27 +1438,39 @@ type AssumeRoleInput struct { // as the role. // // This parameter is optional. You can provide up to 10 managed policy ARNs. - // However, the plain text that you use for both inline and managed session - // policies can't exceed 2,048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. - // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // However, the plaintext that you use for both inline and managed session policies + // can't exceed 2,048 characters. For more information about ARNs, see Amazon + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. + // + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` + // A list of previously acquired trusted context assertions in the format of + // a JSON array. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + // + // The following is an example of a ProvidedContext value that includes a single + // trusted context assertion and the ARN of the context provider from which + // the trusted context assertion was generated. + // + // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}] + ProvidedContexts []*ProvidedContext `type:"list"` + // The Amazon Resource Name (ARN) of the role to assume. // // RoleArn is a required field @@ -1439,7 +1484,7 @@ type AssumeRoleInput struct { // account that owns the role. The role session name is also used in the ARN // of the assumed role principal. This means that subsequent cross-account API // requests that use the temporary security credentials will expose the role - // session name to the external account in their AWS CloudTrail logs. + // session name to the external account in their CloudTrail logs. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can @@ -1459,22 +1504,42 @@ type AssumeRoleInput struct { // also include underscores or any of the following characters: =,.@- SerialNumber *string `min:"9" type:"string"` + // The source identity specified by the principal that is calling the AssumeRole + // operation. + // + // You can require users to specify a source identity when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@-. You cannot + // use a value that begins with the text aws:. This prefix is reserved for Amazon + // Web Services internal use. + SourceIdentity *string `min:"2" type:"string"` + // A list of session tags that you want to pass. Each session tag consists of // a key name and an associated value. For more information about session tags, - // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // see Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // - // This parameter is optional. You can pass up to 50 session tags. The plain - // text session tag keys can’t exceed 128 characters, and the values can’t - // exceed 256 characters. For these and additional limits, see IAM and STS Character + // This parameter is optional. You can pass up to 50 session tags. The plaintext + // session tag keys can’t exceed 128 characters, and the values can’t exceed + // 256 characters. For these and additional limits, see IAM and STS Character // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the role. When you do, session tags override a role tag with the same @@ -1489,15 +1554,16 @@ type AssumeRoleInput struct { // Additionally, if you used temporary credentials to perform this operation, // the new session inherits any transitive session tags from the calling session. // If you pass a session tag with the same key as an inherited tag, the operation - // fails. To view the inherited tags for a session, see the AWS CloudTrail logs. - // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs) + // fails. To view the inherited tags for a session, see the CloudTrail logs. + // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs) // in the IAM User Guide. Tags []*Tag `type:"list"` // The value provided by the MFA device, if the trust policy of the role being - // assumed requires MFA (that is, if the policy includes a condition that tests - // for MFA). If the role being assumed requires MFA and if the TokenCode value - // is missing or expired, the AssumeRole call returns an "access denied" error. + // assumed requires MFA. (In other words, if the policy includes a condition + // that tests for MFA). If the role being assumed requires MFA and if the TokenCode + // value is missing or expired, the AssumeRole call returns an "access denied" + // error. // // The format for this parameter, as described by its regex pattern, is a sequence // of six numeric digits. @@ -1517,12 +1583,20 @@ type AssumeRoleInput struct { TransitiveTagKeys []*string `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleInput) GoString() string { return s.String() } @@ -1554,6 +1628,9 @@ func (s *AssumeRoleInput) Validate() error { if s.SerialNumber != nil && len(*s.SerialNumber) < 9 { invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9)) } + if s.SourceIdentity != nil && len(*s.SourceIdentity) < 2 { + invalidParams.Add(request.NewErrParamMinLen("SourceIdentity", 2)) + } if s.TokenCode != nil && len(*s.TokenCode) < 6 { invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6)) } @@ -1567,6 +1644,16 @@ func (s *AssumeRoleInput) Validate() error { } } } + if s.ProvidedContexts != nil { + for i, v := range s.ProvidedContexts { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ProvidedContexts", i), err.(request.ErrInvalidParams)) + } + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -1608,6 +1695,12 @@ func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleIn return s } +// SetProvidedContexts sets the ProvidedContexts field's value. +func (s *AssumeRoleInput) SetProvidedContexts(v []*ProvidedContext) *AssumeRoleInput { + s.ProvidedContexts = v + return s +} + // SetRoleArn sets the RoleArn field's value. func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput { s.RoleArn = &v @@ -1626,6 +1719,12 @@ func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput { return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleInput) SetSourceIdentity(v string) *AssumeRoleInput { + s.SourceIdentity = &v + return s +} + // SetTags sets the Tags field's value. func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput { s.Tags = v @@ -1645,7 +1744,8 @@ func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput { } // Contains the response to a successful AssumeRole request, including temporary -// AWS credentials that can be used to make AWS requests. +// Amazon Web Services credentials that can be used to make Amazon Web Services +// requests. type AssumeRoleOutput struct { _ struct{} `type:"structure"` @@ -1668,14 +1768,39 @@ type AssumeRoleOutput struct { // packed size is greater than 100 percent, which means the policies and tags // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` + + // The source identity specified by the principal that is calling the AssumeRole + // operation. + // + // You can require users to specify a source identity when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@- + SourceIdentity *string `min:"2" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleOutput) GoString() string { return s.String() } @@ -1698,6 +1823,12 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput { return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleOutput) SetSourceIdentity(v string) *AssumeRoleOutput { + s.SourceIdentity = &v + return s +} + type AssumeRoleWithSAMLInput struct { _ struct{} `type:"structure"` @@ -1721,7 +1852,7 @@ type AssumeRoleWithSAMLInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1730,23 +1861,25 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. - // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. + // + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1754,24 +1887,25 @@ type AssumeRoleWithSAMLInput struct { // as the role. // // This parameter is optional. You can provide up to 10 managed policy ARNs. - // However, the plain text that you use for both inline and managed session - // policies can't exceed 2,048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. - // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // However, the plaintext that you use for both inline and managed session policies + // can't exceed 2,048 characters. For more information about ARNs, see Amazon + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. + // + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -1786,21 +1920,33 @@ type AssumeRoleWithSAMLInput struct { // RoleArn is a required field RoleArn *string `min:"20" type:"string" required:"true"` - // The base-64 encoded SAML authentication response provided by the IdP. + // The base64 encoded SAML authentication response provided by the IdP. // // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) // in the IAM User Guide. // + // SAMLAssertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AssumeRoleWithSAMLInput's + // String and GoString methods. + // // SAMLAssertion is a required field - SAMLAssertion *string `min:"4" type:"string" required:"true"` + SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithSAMLInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithSAMLInput) GoString() string { return s.String() } @@ -1886,7 +2032,8 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML } // Contains the response to a successful AssumeRoleWithSAML request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type AssumeRoleWithSAMLOutput struct { _ struct{} `type:"structure"` @@ -1908,10 +2055,17 @@ type AssumeRoleWithSAMLOutput struct { // The value of the Issuer element of the SAML assertion. Issuer *string `type:"string"` - // A hash value based on the concatenation of the Issuer response value, the - // AWS account ID, and the friendly name (the last part of the ARN) of the SAML - // provider in IAM. The combination of NameQualifier and Subject can be used - // to uniquely identify a federated user. + // A hash value based on the concatenation of the following: + // + // * The Issuer response value. + // + // * The Amazon Web Services account ID. + // + // * The friendly name (the last part of the ARN) of the SAML provider in + // IAM. + // + // The combination of NameQualifier and Subject can be used to uniquely identify + // a user. // // The following pseudocode shows how the hash value is calculated: // @@ -1925,6 +2079,26 @@ type AssumeRoleWithSAMLOutput struct { // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` + // The value in the SourceIdentity attribute in the SAML assertion. + // + // You can require users to set a source identity value when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. That way, actions that are taken with the role are associated with + // that user. After the source identity is set, the value cannot be changed. + // It is present in the request for all actions that are taken by the role and + // persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining) + // sessions. You can configure your SAML identity provider to use an attribute + // associated with your users, like user name or email, as the source identity + // when calling AssumeRoleWithSAML. You do this by adding an attribute to the + // SAML assertion. For more information about using source identity, see Monitor + // and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@- + SourceIdentity *string `min:"2" type:"string"` + // The value of the NameID element in the Subject element of the SAML assertion. Subject *string `type:"string"` @@ -1939,12 +2113,20 @@ type AssumeRoleWithSAMLOutput struct { SubjectType *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithSAMLOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithSAMLOutput) GoString() string { return s.String() } @@ -1985,6 +2167,12 @@ func (s *AssumeRoleWithSAMLOutput) SetPackedPolicySize(v int64) *AssumeRoleWithS return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleWithSAMLOutput) SetSourceIdentity(v string) *AssumeRoleWithSAMLOutput { + s.SourceIdentity = &v + return s +} + // SetSubject sets the Subject field's value. func (s *AssumeRoleWithSAMLOutput) SetSubject(v string) *AssumeRoleWithSAMLOutput { s.Subject = &v @@ -2017,7 +2205,7 @@ type AssumeRoleWithWebIdentityInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -2026,23 +2214,25 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. - // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. + // + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2050,32 +2240,34 @@ type AssumeRoleWithWebIdentityInput struct { // as the role. // // This parameter is optional. You can provide up to 10 managed policy ARNs. - // However, the plain text that you use for both inline and managed session - // policies can't exceed 2,048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. - // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // However, the plaintext that you use for both inline and managed session policies + // can't exceed 2,048 characters. For more information about ARNs, see Amazon + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. + // + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` - // The fully qualified host component of the domain name of the identity provider. + // The fully qualified host component of the domain name of the OAuth 2.0 identity + // provider. Do not specify this value for an OpenID Connect identity provider. // - // Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com - // and graph.facebook.com are the only supported identity providers for OAuth - // 2.0 access tokens. Do not include URL schemes and port numbers. + // Currently www.amazon.com and graph.facebook.com are the only supported identity + // providers for OAuth 2.0 access tokens. Do not include URL schemes and port + // numbers. // // Do not specify this value for OpenID Connect ID tokens. ProviderId *string `min:"4" type:"string"` @@ -2101,18 +2293,31 @@ type AssumeRoleWithWebIdentityInput struct { // The OAuth 2.0 access token or OpenID Connect ID token that is provided by // the identity provider. Your application must get this token by authenticating // the user who is using your application with a web identity provider before - // the application makes an AssumeRoleWithWebIdentity call. + // the application makes an AssumeRoleWithWebIdentity call. Only tokens with + // RSA algorithms (RS256) are supported. + // + // WebIdentityToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's + // String and GoString methods. // // WebIdentityToken is a required field - WebIdentityToken *string `min:"4" type:"string" required:"true"` + WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithWebIdentityInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithWebIdentityInput) GoString() string { return s.String() } @@ -2207,7 +2412,8 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo } // Contains the response to a successful AssumeRoleWithWebIdentity request, -// including temporary AWS credentials that can be used to make AWS requests. +// including temporary Amazon Web Services credentials that can be used to make +// Amazon Web Services requests. type AssumeRoleWithWebIdentityOutput struct { _ struct{} `type:"structure"` @@ -2242,6 +2448,29 @@ type AssumeRoleWithWebIdentityOutput struct { // in the AssumeRoleWithWebIdentity request. Provider *string `type:"string"` + // The value of the source identity that is returned in the JSON web token (JWT) + // from the identity provider. + // + // You can require users to set a source identity value when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. That way, actions that are taken with the role are associated with + // that user. After the source identity is set, the value cannot be changed. + // It is present in the request for all actions that are taken by the role and + // persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining) + // sessions. You can configure your identity provider to use an attribute associated + // with your users, like user name or email, as the source identity when calling + // AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web + // token. To learn more about OIDC tokens and claims, see Using Tokens with + // User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html) + // in the Amazon Cognito Developer Guide. For more information about using source + // identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@- + SourceIdentity *string `min:"2" type:"string"` + // The unique user identifier that is returned by the identity provider. This // identifier is associated with the WebIdentityToken that was submitted with // the AssumeRoleWithWebIdentity call. The identifier is typically unique to @@ -2251,12 +2480,20 @@ type AssumeRoleWithWebIdentityOutput struct { SubjectFromWebIdentityToken *string `min:"6" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithWebIdentityOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumeRoleWithWebIdentityOutput) GoString() string { return s.String() } @@ -2291,6 +2528,12 @@ func (s *AssumeRoleWithWebIdentityOutput) SetProvider(v string) *AssumeRoleWithW return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleWithWebIdentityOutput) SetSourceIdentity(v string) *AssumeRoleWithWebIdentityOutput { + s.SourceIdentity = &v + return s +} + // SetSubjectFromWebIdentityToken sets the SubjectFromWebIdentityToken field's value. func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v string) *AssumeRoleWithWebIdentityOutput { s.SubjectFromWebIdentityToken = &v @@ -2311,19 +2554,27 @@ type AssumedRoleUser struct { Arn *string `min:"20" type:"string" required:"true"` // A unique identifier that contains the role ID and the role session name of - // the role that is being assumed. The role ID is generated by AWS when the - // role is created. + // the role that is being assumed. The role ID is generated by Amazon Web Services + // when the role is created. // // AssumedRoleId is a required field AssumedRoleId *string `min:"2" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumedRoleUser) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s AssumedRoleUser) GoString() string { return s.String() } @@ -2340,7 +2591,7 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser { return s } -// AWS credentials for API authentication. +// Amazon Web Services credentials for API authentication. type Credentials struct { _ struct{} `type:"structure"` @@ -2356,8 +2607,12 @@ type Credentials struct { // The secret access key that can be used to sign requests. // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Credentials's + // String and GoString methods. + // // SecretAccessKey is a required field - SecretAccessKey *string `type:"string" required:"true"` + SecretAccessKey *string `type:"string" required:"true" sensitive:"true"` // The token that users must pass to the service API to use the temporary credentials. // @@ -2365,12 +2620,20 @@ type Credentials struct { SessionToken *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Credentials) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Credentials) GoString() string { return s.String() } @@ -2408,12 +2671,20 @@ type DecodeAuthorizationMessageInput struct { EncodedMessage *string `min:"1" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecodeAuthorizationMessageInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecodeAuthorizationMessageInput) GoString() string { return s.String() } @@ -2441,21 +2712,29 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut } // A document that contains additional information about the authorization status -// of a request from an encoded message that is returned in response to an AWS -// request. +// of a request from an encoded message that is returned in response to an Amazon +// Web Services request. type DecodeAuthorizationMessageOutput struct { _ struct{} `type:"structure"` - // An XML document that contains the decoded message. + // The API returns a response with the decoded message. DecodedMessage *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecodeAuthorizationMessageOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s DecodeAuthorizationMessageOutput) GoString() string { return s.String() } @@ -2485,12 +2764,20 @@ type FederatedUser struct { FederatedUserId *string `min:"2" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FederatedUser) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s FederatedUser) GoString() string { return s.String() } @@ -2519,12 +2806,20 @@ type GetAccessKeyInfoInput struct { AccessKeyId *string `min:"16" type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetAccessKeyInfoInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetAccessKeyInfoInput) GoString() string { return s.String() } @@ -2554,16 +2849,24 @@ func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput type GetAccessKeyInfoOutput struct { _ struct{} `type:"structure"` - // The number used to identify the AWS account. + // The number used to identify the Amazon Web Services account. Account *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetAccessKeyInfoOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetAccessKeyInfoOutput) GoString() string { return s.String() } @@ -2578,12 +2881,20 @@ type GetCallerIdentityInput struct { _ struct{} `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetCallerIdentityInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetCallerIdentityInput) GoString() string { return s.String() } @@ -2593,11 +2904,11 @@ func (s GetCallerIdentityInput) GoString() string { type GetCallerIdentityOutput struct { _ struct{} `type:"structure"` - // The AWS account ID number of the account that owns or contains the calling - // entity. + // The Amazon Web Services account ID number of the account that owns or contains + // the calling entity. Account *string `type:"string"` - // The AWS ARN associated with the calling entity. + // The Amazon Web Services ARN associated with the calling entity. Arn *string `min:"20" type:"string"` // The unique identifier of the calling entity. The exact value depends on the @@ -2607,12 +2918,20 @@ type GetCallerIdentityOutput struct { UserId *string `type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetCallerIdentityOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetCallerIdentityOutput) GoString() string { return s.String() } @@ -2641,9 +2960,9 @@ type GetFederationTokenInput struct { // The duration, in seconds, that the session should last. Acceptable durations // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained - // using AWS account root user credentials are restricted to a maximum of 3,600 - // seconds (one hour). If the specified duration is longer than one hour, the - // session obtained by using root user credentials defaults to one hour. + // using root user credentials are restricted to a maximum of 3,600 seconds + // (one hour). If the specified duration is longer than one hour, the session + // obtained by using root user credentials defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The name of the federated user. The name is used as an identifier for the @@ -2662,8 +2981,8 @@ type GetFederationTokenInput struct { // // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an - // inline session policy. You can also specify up to 10 managed policies to - // use as managed session policies. + // inline session policy. You can also specify up to 10 managed policy Amazon + // Resource Names (ARNs) to use as managed session policies. // // This parameter is optional. However, if you do not pass any session policies, // then the resulting federated user session has no permissions. @@ -2682,17 +3001,18 @@ type GetFederationTokenInput struct { // by the policy. These permissions are granted in addition to the permissions // that are granted by the session policies. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. - // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. + // + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2701,12 +3021,13 @@ type GetFederationTokenInput struct { // // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an - // inline session policy. You can also specify up to 10 managed policies to - // use as managed session policies. The plain text that you use for both inline - // and managed session policies can't exceed 2,048 characters. You can provide - // up to 10 managed policy ARNs. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // inline session policy. You can also specify up to 10 managed policy Amazon + // Resource Names (ARNs) to use as managed session policies. The plaintext that + // you use for both inline and managed session policies can't exceed 2,048 characters. + // You can provide up to 10 managed policy ARNs. For more information about + // ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces + // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // // This parameter is optional. However, if you do not pass any session policies, // then the resulting federated user session has no permissions. @@ -2725,11 +3046,12 @@ type GetFederationTokenInput struct { // by the policy. These permissions are granted in addition to the permissions // that are granted by the session policies. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. PolicyArns []*PolicyDescriptorType `type:"list"` // A list of session tags. Each session tag consists of a key name and an associated @@ -2737,17 +3059,18 @@ type GetFederationTokenInput struct { // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // - // This parameter is optional. You can pass up to 50 session tags. The plain - // text session tag keys can’t exceed 128 characters and the values can’t - // exceed 256 characters. For these and additional limits, see IAM and STS Character + // This parameter is optional. You can pass up to 50 session tags. The plaintext + // session tag keys can’t exceed 128 characters and the values can’t exceed + // 256 characters. For these and additional limits, see IAM and STS Character // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed inline session policy, + // managed policy ARNs, and session tags into a packed binary format that has + // a separate limit. Your request can fail for this limit even if your plaintext + // meets the other requirements. The PackedPolicySize response element indicates + // by percentage how close the policies and tags for your request are to the + // upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the user you are federating. When you do, session tags override a user @@ -2761,12 +3084,20 @@ type GetFederationTokenInput struct { Tags []*Tag `type:"list"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetFederationTokenInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetFederationTokenInput) GoString() string { return s.String() } @@ -2844,7 +3175,8 @@ func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput { } // Contains the response to a successful GetFederationToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetFederationTokenOutput struct { _ struct{} `type:"structure"` @@ -2868,12 +3200,20 @@ type GetFederationTokenOutput struct { PackedPolicySize *int64 `type:"integer"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetFederationTokenOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetFederationTokenOutput) GoString() string { return s.String() } @@ -2902,9 +3242,9 @@ type GetSessionTokenInput struct { // The duration, in seconds, that the credentials should remain valid. Acceptable // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions - // for AWS account owners are restricted to a maximum of 3,600 seconds (one - // hour). If the duration is longer than one hour, the session for AWS account - // owners defaults to one hour. + // for Amazon Web Services account owners are restricted to a maximum of 3,600 + // seconds (one hour). If the duration is longer than one hour, the session + // for Amazon Web Services account owners defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The identification number of the MFA device that is associated with the IAM @@ -2912,8 +3252,8 @@ type GetSessionTokenInput struct { // user has a policy that requires MFA authentication. The value is either the // serial number for a hardware device (such as GAHT12345678) or an Amazon Resource // Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). - // You can find the device for an IAM user by going to the AWS Management Console - // and viewing the user's security credentials. + // You can find the device for an IAM user by going to the Amazon Web Services + // Management Console and viewing the user's security credentials. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can @@ -2931,12 +3271,20 @@ type GetSessionTokenInput struct { TokenCode *string `min:"6" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetSessionTokenInput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetSessionTokenInput) GoString() string { return s.String() } @@ -2979,7 +3327,8 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput { } // Contains the response to a successful GetSessionToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetSessionTokenOutput struct { _ struct{} `type:"structure"` @@ -2991,12 +3340,20 @@ type GetSessionTokenOutput struct { Credentials *Credentials `type:"structure"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetSessionTokenOutput) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s GetSessionTokenOutput) GoString() string { return s.String() } @@ -3014,17 +3371,25 @@ type PolicyDescriptorType struct { // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session // policy for the role. For more information about ARNs, see Amazon Resource - // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. Arn *string `locationName:"arn" min:"20" type:"string"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PolicyDescriptorType) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s PolicyDescriptorType) GoString() string { return s.String() } @@ -3048,10 +3413,71 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { return s } +// Contains information about the provided context. This includes the signed +// and encrypted trusted context assertion and the context provider ARN from +// which the trusted context assertion was generated. +type ProvidedContext struct { + _ struct{} `type:"structure"` + + // The signed and encrypted trusted context assertion generated by the context + // provider. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + ContextAssertion *string `min:"4" type:"string"` + + // The context provider ARN from which the trusted context assertion was generated. + ProviderArn *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvidedContext) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProvidedContext) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ProvidedContext) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ProvidedContext"} + if s.ContextAssertion != nil && len(*s.ContextAssertion) < 4 { + invalidParams.Add(request.NewErrParamMinLen("ContextAssertion", 4)) + } + if s.ProviderArn != nil && len(*s.ProviderArn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("ProviderArn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetContextAssertion sets the ContextAssertion field's value. +func (s *ProvidedContext) SetContextAssertion(v string) *ProvidedContext { + s.ContextAssertion = &v + return s +} + +// SetProviderArn sets the ProviderArn field's value. +func (s *ProvidedContext) SetProviderArn(v string) *ProvidedContext { + s.ProviderArn = &v + return s +} + // You can pass custom key-value pair attributes when you assume a role or federate // a user. These are called session tags. You can then use the session tags -// to control access to resources. For more information, see Tagging AWS STS -// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// to control access to resources. For more information, see Tagging Amazon +// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. type Tag struct { _ struct{} `type:"structure"` @@ -3077,12 +3503,20 @@ type Tag struct { Value *string `type:"string" required:"true"` } -// String returns the string representation +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) String() string { return awsutil.Prettify(s) } -// GoString returns the string representation +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". func (s Tag) GoString() string { return s.String() } diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go index cb1debbaa..ea1d9eb0c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go @@ -3,18 +3,17 @@ // Package sts provides the client and types for making API // requests to AWS Security Token Service. // -// AWS Security Token Service (STS) enables you to request temporary, limited-privilege -// credentials for AWS Identity and Access Management (IAM) users or for users -// that you authenticate (federated users). This guide provides descriptions -// of the STS API. For more information about using this service, see Temporary -// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). +// Security Token Service (STS) enables you to request temporary, limited-privilege +// credentials for users. This guide provides descriptions of the STS API. For +// more information about using this service, see Temporary Security Credentials +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // // See sts package documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/sts/ // -// Using the Client +// # Using the Client // // To contact AWS Security Token Service with the SDK use the New function to create // a new service client. With that client you can make API requests to the service. diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go index a233f542e..b680bbd5d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go @@ -42,8 +42,9 @@ const ( // ErrCodeInvalidIdentityTokenException for service response error code // "InvalidIdentityToken". // - // The web identity token that was passed could not be validated by AWS. Get - // a new identity token from the identity provider and then retry the request. + // The web identity token that was passed could not be validated by Amazon Web + // Services. Get a new identity token from the identity provider and then retry + // the request. ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken" // ErrCodeMalformedPolicyDocumentException for service response error code @@ -57,16 +58,16 @@ const ( // "PackedPolicyTooLarge". // // The request was rejected because the total packed size of the session policies - // and session tags combined was too large. An AWS conversion compresses the - // session policy document, session policy ARNs, and session tags into a packed - // binary format that has a separate limit. The error message indicates by percentage - // how close the policies and tags are to the upper size limit. For more information, - // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // and session tags combined was too large. An Amazon Web Services conversion + // compresses the session policy document, session policy ARNs, and session + // tags into a packed binary format that has a separate limit. The error message + // indicates by percentage how close the policies and tags are to the upper + // size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy // and session tag limits. For more information, see IAM and STS Entity Character - // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length) // in the IAM User Guide. ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge" @@ -76,7 +77,8 @@ const ( // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating - // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // and Deactivating Amazon Web Services STS in an Amazon Web Services Region + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. ErrCodeRegionDisabledException = "RegionDisabledException" ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go index d34a68553..12327d053 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go @@ -39,31 +39,37 @@ const ( // aws.Config parameter to add your extra config. // // Example: -// mySession := session.Must(session.NewSession()) // -// // Create a STS client from just a session. -// svc := sts.New(mySession) +// mySession := session.Must(session.NewSession()) // -// // Create a STS client with additional configuration -// svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +// // Create a STS client from just a session. +// svc := sts.New(mySession) +// +// // Create a STS client with additional configuration +// svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2")) func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS { c := p.ClientConfig(EndpointsID, cfgs...) - return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = EndpointsID + // No Fallback + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } // newClient creates, initializes and returns a new service client instance. -func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *STS { +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *STS { svc := &STS{ Client: client.New( cfg, metadata.ClientInfo{ - ServiceName: ServiceName, - ServiceID: ServiceID, - SigningName: signingName, - SigningRegion: signingRegion, - PartitionID: partitionID, - Endpoint: endpoint, - APIVersion: "2011-06-15", + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2011-06-15", + ResolvedRegion: resolvedRegion, }, handlers, ), diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go index e2e1d6efe..bf06b2e7d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go @@ -23,37 +23,37 @@ import ( // can be stubbed out for unit testing your code with the SDK without needing // to inject custom request handlers into the SDK's request pipeline. // -// // myFunc uses an SDK service client to make a request to -// // AWS Security Token Service. -// func myFunc(svc stsiface.STSAPI) bool { -// // Make svc.AssumeRole request -// } +// // myFunc uses an SDK service client to make a request to +// // AWS Security Token Service. +// func myFunc(svc stsiface.STSAPI) bool { +// // Make svc.AssumeRole request +// } // -// func main() { -// sess := session.New() -// svc := sts.New(sess) +// func main() { +// sess := session.New() +// svc := sts.New(sess) // -// myFunc(svc) -// } +// myFunc(svc) +// } // // In your _test.go file: // -// // Define a mock struct to be used in your unit tests of myFunc. -// type mockSTSClient struct { -// stsiface.STSAPI -// } -// func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { -// // mock response/functionality -// } +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockSTSClient struct { +// stsiface.STSAPI +// } +// func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { +// // mock response/functionality +// } // -// func TestMyFunc(t *testing.T) { -// // Setup Test -// mockSvc := &mockSTSClient{} +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockSTSClient{} // -// myfunc(mockSvc) +// myfunc(mockSvc) // -// // Verify myFunc's functionality -// } +// // Verify myFunc's functionality +// } // // It is important to note that this interface will have breaking changes // when the service model is updated and adds new API operations, paginators, diff --git a/vendor/modules.txt b/vendor/modules.txt index bf4464316..b3d7ae2be 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -109,10 +109,11 @@ github.com/AzureAD/microsoft-authentication-library-for-go/apps/public # github.com/StackExchange/wmi v0.0.0-20150520194626-f3e2bae1e0cb ## explicit github.com/StackExchange/wmi -# github.com/aws/aws-sdk-go v1.36.10 -## explicit; go 1.11 +# github.com/aws/aws-sdk-go v1.55.3 +## explicit; go 1.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn +github.com/aws/aws-sdk-go/aws/auth/bearer github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/aws/awsutil github.com/aws/aws-sdk-go/aws/client @@ -122,6 +123,7 @@ github.com/aws/aws-sdk-go/aws/credentials github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds github.com/aws/aws-sdk-go/aws/credentials/endpointcreds github.com/aws/aws-sdk-go/aws/credentials/processcreds +github.com/aws/aws-sdk-go/aws/credentials/ssocreds github.com/aws/aws-sdk-go/aws/credentials/stscreds github.com/aws/aws-sdk-go/aws/csm github.com/aws/aws-sdk-go/aws/defaults @@ -131,6 +133,7 @@ github.com/aws/aws-sdk-go/aws/request github.com/aws/aws-sdk-go/aws/session github.com/aws/aws-sdk-go/aws/signer/v4 github.com/aws/aws-sdk-go/internal/context +github.com/aws/aws-sdk-go/internal/encoding/gzip github.com/aws/aws-sdk-go/internal/ini github.com/aws/aws-sdk-go/internal/s3shared github.com/aws/aws-sdk-go/internal/s3shared/arn @@ -151,6 +154,7 @@ github.com/aws/aws-sdk-go/private/protocol/jsonrpc github.com/aws/aws-sdk-go/private/protocol/query github.com/aws/aws-sdk-go/private/protocol/query/queryutil github.com/aws/aws-sdk-go/private/protocol/rest +github.com/aws/aws-sdk-go/private/protocol/restjson github.com/aws/aws-sdk-go/private/protocol/restxml github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil github.com/aws/aws-sdk-go/service/cloudwatch @@ -162,6 +166,9 @@ github.com/aws/aws-sdk-go/service/rds/rdsutils github.com/aws/aws-sdk-go/service/s3 github.com/aws/aws-sdk-go/service/s3/s3crypto github.com/aws/aws-sdk-go/service/s3/s3iface +github.com/aws/aws-sdk-go/service/sso +github.com/aws/aws-sdk-go/service/sso/ssoiface +github.com/aws/aws-sdk-go/service/ssooidc github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts/stsiface # github.com/cenkalti/backoff/v4 v4.2.1